From 8bfa04a182b67d636a8b5ba5ecfbaf7827af9e67 Mon Sep 17 00:00:00 2001 From: Nadav Tasher Date: Sat, 23 Nov 2024 17:57:58 +0200 Subject: [PATCH 01/31] Added debug print in tls13 ssl_tls13_write_key_share_ext Signed-off-by: Nadav Tasher --- library/ssl_tls13_client.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 53c519c4b..919db7d46 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -318,6 +318,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, ssl, group_id, p, end, &key_exchange_len); p += key_exchange_len; if (ret != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange")); return ret; } From 84c2d69b039cb73feb4b9b270d246268f2fc6758 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Fri, 15 Nov 2024 12:47:17 +0000 Subject: [PATCH 02/31] Add a SBOM file in CycloneDX format Improve supply chain security by including a SBOM file with substituted values. This will be used to construct a composite platform SBOM. Signed-off-by: Richard Hughes --- scripts/sbom.cdx.json | 48 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 scripts/sbom.cdx.json diff --git a/scripts/sbom.cdx.json b/scripts/sbom.cdx.json new file mode 100644 index 000000000..59798d9a0 --- /dev/null +++ b/scripts/sbom.cdx.json @@ -0,0 +1,48 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "authors": [ + { + "name": "@VCS_SBOM_AUTHORS@" + } + ] + }, + "components": [ + { + "type": "library", + "bom-ref": "pkg:github/Mbed-TLS/mbedtls@@VCS_TAG@", + "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:@VCS_TAG@:*:*:*:*:*:*:*", + "name": "mbedtls", + "version": "@VCS_VERSION@", + "description": "Implements cryptographic primitives, X.509 certificate manipulation and SSL/TLS and DTLS protocols", + "authors": [ + { + "name": "@VCS_AUTHORS@" + } + ], + "supplier": { + "name": "Trusted Firmware" + }, + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + }, + { + "license": { + "id": "GPL-2.0-or-later" + } + } + ], + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/Mbed-TLS/mbedtls" + } + ] + } + ] +} From c0dd3e498858b121410b1bb4f40c57d14291b30b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 2 Dec 2024 10:52:05 +0000 Subject: [PATCH 03/31] Remove irrelevant components This commit removes irrelevant components that are no longer needed in the 4.0 release. Signed-off-by: Harry Ramsey --- .../components-configuration-crypto.sh | 66 ------------------- 1 file changed, 66 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0cf2ca978..ce32e2ed3 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -486,20 +486,6 @@ are_empty_libraries () { ! nm "$@" 2>/dev/null | grep -v ':$' | grep . } -component_build_crypto_default () { - msg "build: make, crypto only" - scripts/config.py crypto - make CFLAGS='-O1 -Werror' - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - -component_build_crypto_full () { - msg "build: make, crypto only, full config" - scripts/config.py crypto_full - make CFLAGS='-O1 -Werror' - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - component_test_crypto_for_psa_service () { msg "build: make, config for PSA crypto service" scripts/config.py crypto @@ -593,49 +579,6 @@ component_test_psa_crypto_config_ffdh_2048_only () { tests/ssl-opt.sh -f "ffdh" } -component_build_no_pk_rsa_alt_support () { - msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s - - scripts/config.py full - scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT - scripts/config.py set MBEDTLS_RSA_C - scripts/config.py set MBEDTLS_X509_CRT_WRITE_C - - # Only compile - this is primarily to test for compile issues - make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' -} - -component_build_module_alt () { - msg "build: MBEDTLS_XXX_ALT" # ~30s - scripts/config.py full - - # Disable options that are incompatible with some ALT implementations: - # aesni.c references mbedtls_aes_context fields directly. - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - # MBEDTLS_ECP_RESTARTABLE is documented as incompatible. - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - # You can only have one threading implementation: alt or pthread, not both. - scripts/config.py unset MBEDTLS_THREADING_PTHREAD - # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields - # directly and assumes the implementation works with partial groups. - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_* - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY - - # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable - # MBEDTLS_XXX_YYY_ALT which are for single functions. - scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' - - # We can only compile, not link, since we don't have any implementations - # suitable for testing with the dummy alt headers. - make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib -} - component_test_psa_crypto_config_accel_ecdsa () { msg "build: accelerated ECDSA" @@ -2608,15 +2551,6 @@ component_test_ctr_drbg_aes_128_sha_256 () { make test } -component_test_se_default () { - msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C" - scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C - make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" - - msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C" - make test -} - component_test_full_static_keystore () { msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" scripts/config.py full From e3fa3a4e574ed987efdc81391e2db5729d2700ad Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 9 Dec 2024 20:08:09 +0000 Subject: [PATCH 04/31] Fix incorrect submodule error message in CMake This commit fixes a condition where the incorrect submodule error message was displayed as we were using the CMAKE_CURRENT_SOURCE_DIR variable instead of MBEDTLS_DIR. Signed-off-by: Harry Ramsey --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 150124066..5235910cf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -351,7 +351,7 @@ if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) endif() if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt") - if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/.git/") + if (EXISTS "${MBEDTLS_DIR}/.git") message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents.") else () message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub.") From 5d5f4715dd215b01c033fb7e185059056f249b21 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 10 Dec 2024 09:58:23 +0000 Subject: [PATCH 05/31] Fix incorrect submodule error message in Makefile This commit fixes a condition where the incorrect submodule error message was displayed as the check for the directory returns true only if the directory does not exist Signed-off-by: Harry Ramsey --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ebe8492fc..2e4df67ed 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ ifneq (,$(filter-out lib library/%,$(or $(MAKECMDGOALS),all))) ifeq (,$(wildcard framework/exported.make)) # Use the define keyword to get a multi-line message. # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - ifeq (,$(wildcard .git)) + ifneq (,$(wildcard .git)) define error_message ${MBEDTLS_PATH}/framework/exported.make not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents. This is a fatal error From 1eb85624a661e7be533bf87896a747f7a5c2e01a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Nov 2024 12:25:58 +0000 Subject: [PATCH 06/31] Remove USE_PSA from use-psa-crypto.md MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove documentation discussing cases when it is disabled. Signed-off-by: Janos Follath --- docs/use-psa-crypto.md | 107 +++++++++++------------------------------ 1 file changed, 27 insertions(+), 80 deletions(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index f2983bd37..458b81558 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -1,77 +1,28 @@ -This document describes the compile-time configuration option -`MBEDTLS_USE_PSA_CRYPTO` from a user's perspective. +This document describes how PSA Crypto is used in the X.509 and TLS libraries +from a user's perspective. -This option: -- makes the X.509 and TLS libraries use PSA for cryptographic operations as - much as possible, see "Internal changes" below; -- enables new APIs for using keys handled by PSA Crypto, such as +In particular: +- X.509 and TLS libraries use PSA for cryptographic operations as much as + possible, see "Internal changes" below; +- APIs for using keys handled by PSA Crypto, such as `mbedtls_pk_setup_opaque()` and `mbedtls_ssl_conf_psk_opaque()`, see -"New APIs / API extensions" below. +"PSA key APIs" below. General considerations ---------------------- -**Application code:** when this option is enabled, you need to call -`psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK -modules, except for the various mbedtls_xxx_init() functions which can be called -at any time. - -**Why enable this option:** to fully take advantage of PSA drivers in PK, -X.509 and TLS. For example, enabling this option is what allows use of drivers -for ECDSA, ECDH and EC J-PAKE in those modules. However, note that even with -this option disabled, some code in PK, X.509, TLS or the crypto library might -still use PSA drivers, if it can determine it's safe to do so; currently -that's the case for hashes. - -**Relationship with other options:** This option depends on -`MBEDTLS_PSA_CRYPTO_C`. These two options differ in the following way: -- `MBEDTLS_PSA_CRYPTO_C` enables the implementation of the PSA Crypto API. - When it is enabled, `psa_xxx()` APIs are available and you must call -`psa_crypto_init()` before you call any other `psa_xxx()` function. Other -modules in the library (non-PSA crypto APIs, X.509, TLS) may or may not use -PSA Crypto but you're not required to call `psa_crypto_init()` before calling -non-PSA functions, unless explicitly documented (TLS 1.3). -- `MBEDTLS_USE_PSA_CRYPTO` means that X.509 and TLS will use PSA Crypto as - much as possible (that is, everywhere except for features that are not -supported by PSA Crypto, see "Internal Changes" below for a complete list of -exceptions). When it is enabled, you need to call `psa_crypto_init()` before -calling any function from PK, X.509 or TLS; however it doesn't change anything -for the rest of the library. - -**Scope:** `MBEDTLS_USE_PSA_CRYPTO` has no effect on modules other than PK, -X.509 and TLS. It also has no effect on most of the TLS 1.3 code, which always -uses PSA crypto. The parts of the TLS 1.3 code that will use PSA Crypto or not -depending on this option being set or not are: -- record protection; -- running handshake hash; -- asymmetric signature verification & generation; -- X.509 certificate chain verification. -You need to enable `MBEDTLS_USE_PSA_CRYPTO` if you want TLS 1.3 to use PSA -everywhere. - -**Historical note:** This option was introduced at a time when PSA Crypto was -still beta and not ready for production, so we made its use in X.509 and TLS -opt-in: by default, these modules would keep using the stable, -production-ready legacy (pre-PSA) crypto APIs. So, the scope of was X.509 and -TLS, as well as some of PK for technical reasons. Nowadays PSA Crypto is no -longer beta, and production quality, so there's no longer any reason to make -its use in other modules opt-in. However, PSA Crypto functions require that -`psa_crypto_init()` has been called before their use, and for backwards -compatibility reasons we can't impose this requirement on non-PSA functions -that didn't have such a requirement before. So, nowadays the main meaning of -`MBEDTLS_USE_PSA_CRYPTO` is that the user promises to call `psa_crypto_init()` -before calling any PK, X.509 or TLS functions. For the same compatibility -reasons, we can't extend its scope. However, new modules in the library, such -as TLS 1.3, can be introduced with a requirement to call `psa_crypto_init()`. - -New APIs / API extensions +**Application code:** you need to call `psa_crypto_init()` before calling any +function from the SSL/TLS, X.509 or PK modules, except for the various +mbedtls_xxx_init() functions which can be called at any time. + +PSA Key APIs ------------------------- ### PSA-held (opaque) keys in the PK layer -**New API function:** `mbedtls_pk_setup_opaque()` - can be used to -wrap a PSA key pair into a PK context. The key can be used for private-key -operations and its public part can be exported. +**API function:** `mbedtls_pk_setup_opaque()` - can be used to wrap a PSA key +pair into a PK context. The key can be used for private-key operations and its +public part can be exported. **Benefits:** isolation of long-term secrets, use of PSA Crypto drivers. @@ -90,7 +41,7 @@ resulting context to the following existing APIs: ### PSA-held (opaque) keys for TLS pre-shared keys (PSK) -**New API functions:** `mbedtls_ssl_conf_psk_opaque()` and +**API functions:** `mbedtls_ssl_conf_psk_opaque()` and `mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to register a PSA key for use with a PSK key exchange. @@ -99,24 +50,24 @@ register a PSA key for use with a PSK key exchange. **Limitations:** none. **Use in TLS:** opt-in. The application needs to register the key using one of -the new APIs to get the benefits. +the above APIs to get the benefits. ### PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange -**New API function:** `mbedtls_ssl_set_hs_ecjpake_password_opaque()`. -Call this function from an application to register a PSA key for use with the -TLS 1.2 EC J-PAKE key exchange. +**API function:** `mbedtls_ssl_set_hs_ecjpake_password_opaque()`. Call this +function from an application to register a PSA key for use with the TLS 1.2 EC +J-PAKE key exchange. **Benefits:** isolation of long-term secrets. **Limitations:** none. **Use in TLS:** opt-in. The application needs to register the key using one of -the new APIs to get the benefits. +the above APIs to get the benefits. ### PSA-based operations in the Cipher layer -There is a new API function `mbedtls_cipher_setup_psa()` to set up a context +There is an API function `mbedtls_cipher_setup_psa()` to set up a context that will call PSA to store the key and perform the operations. This function only worked for a small number of ciphers. It is now deprecated @@ -127,11 +78,10 @@ directly instead. you are using it and would like us to keep it, please let us know about your use case. -Internal changes +Internal uses ---------------- -All of these internal changes are active as soon as `MBEDTLS_USE_PSA_CRYPTO` -is enabled, no change required on the application side. +All of these internal uses are relying on PSA Crypto. ### TLS: most crypto operations based on PSA @@ -142,8 +92,7 @@ Current exceptions: - Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see the documentation of that option). -Other than the above exceptions, all crypto operations are based on PSA when -`MBEDTLS_USE_PSA_CRYPTO` is enabled. +Other than the above exceptions, all crypto operations are based on PSA. ### X.509: most crypto operations based on PSA @@ -152,8 +101,7 @@ Current exceptions: - Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see the documentation of that option). -Other than the above exception, all crypto operations are based on PSA when -`MBEDTLS_USE_PSA_CRYPTO` is enabled. +Other than the above exception, all crypto operations are based on PSA. ### PK layer: most crypto operations based on PSA @@ -164,6 +112,5 @@ Current exceptions: - Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see the documentation of that option). -Other than the above exceptions, all crypto operations are based on PSA when -`MBEDTLS_USE_PSA_CRYPTO` is enabled. +Other than the above exceptions, all crypto operations are based on PSA. From d23266dc1faab120bfd1acdce49b8efdd5db30f1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Nov 2024 15:30:37 +0000 Subject: [PATCH 07/31] Remove USE_PSA from md-cipher-dispatch.md MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove documentation discussing cases when it is disabled. Signed-off-by: Janos Follath --- .../psa-migration/md-cipher-dispatch.md | 29 +++++++------------ 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md index 91e26ed60..6b59e18d0 100644 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ b/docs/architecture/psa-migration/md-cipher-dispatch.md @@ -3,7 +3,7 @@ PSA migration strategy for hashes and ciphers ## Introduction -This document discusses a migration strategy for code that is not subject to `MBEDTLS_USE_PSA_CRYPTO`, is currently using legacy cryptography APIs, and should transition to PSA, without a major version change. +This document discusses a migration strategy for code that is currently using legacy cryptography APIs, and should transition to PSA, without a major version change. ### Relationship with the main strategy document @@ -82,9 +82,9 @@ It is not a goal at this stage to make more code directly call `psa_xxx` functio ### Scope analysis -#### Limitations of `MBEDTLS_USE_PSA_CRYPTO` +#### Limitations of the use of PSA Crypto -The option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the library to call the PSA API instead of legacy APIs for cryptographic calculations. `MBEDTLS_USE_PSA_CRYPTO` only applies to `pk.h`, X.509 and TLS. When this option is enabled, applications must call `psa_crypto_init()` before calling any of the functions in these modules. +Parts of the library call the PSA API instead of legacy APIs for cryptographic calculations. This only applies to `pk.h`, X.509 and TLS. Applications must call `psa_crypto_init()` before calling any of the functions in these modules. In this work, we want two things: @@ -98,14 +98,13 @@ We can classify code that implements or uses cryptographic mechanisms into sever * Software implementations of primitive cryptographic mechanisms. These are not expected to change. * Software implementations of constructed cryptographic mechanisms (e.g. HMAC, CTR_DRBG, RSA (calling a hash for PSS/OAEP, and needing to know the hash length in PKCS1v1.5 sign/verify), …). These need to keep working whenever a legacy implementation of the auxiliary mechanism is available, regardless of whether a PSA implementation is also available. * Code implementing the PSA crypto interface. This is not expected to change, except perhaps to expose some internal functionality to overhauled glue code. -* Code that's subject to `MBEDTLS_USE_PSA_CRYPTO`: `pk.h`, X.509, TLS (excluding parts specific TLS 1.3). -* Code that always uses PSA for crypto: TLS 1.3 (except things common with 1.2), LMS. +* Code that uses PSA for crypto: `pk.h`, X.509, TLS, TLS 1.3, LMS. For the purposes of this work, three domains emerge: * **Legacy domain**: does not interact with PSA. Implementations of hashes, of cipher primitives, of arithmetic. -* **Mixed domain**: does not currently use PSA, but should [when possible](#why-psa-is-not-always-possible). This consists of the constructed cryptographic primitives (except LMS), as well as pk, X.509 and TLS when `MBEDTLS_USE_PSA_CRYPTO` is disabled. -* **PSA domain**: includes pk, X.509 and TLS when `MBEDTLS_USE_PSA_CRYPTO` is enabled. Also TLS 1.3, LMS. +* **Mixed domain**: does not currently use PSA, but should [when possible](#why-psa-is-not-always-possible). This consists of the constructed cryptographic primitives (except LMS) +* **PSA domain**: includes pk, X.509 and TLS. Also TLS 1.3, LMS. #### Non-use-PSA modules @@ -198,7 +197,7 @@ Here are some reasons why calling `psa_xxx()` to perform a hash or cipher calcul #### Indirect knowledge -Consider for example the code in `rsa.c` to perform an RSA-PSS signature. It needs to calculate a hash. If `mbedtls_rsa_rsassa_pss_sign()` is called directly by application code, it is supposed to call the built-in implementation: calling a PSA accelerator would be a behavior change, acceptable only if this does not add a risk of failure or performance degradation ([PSA is impossible or undesirable in some circumstances](#why-psa-is-not-always-possible)). Note that this holds regardless of the state of `MBEDTLS_USE_PSA_CRYPTO`, since `rsa.h` is outside the scope of `MBEDTLS_USE_PSA_CRYPTO`. On the other hand, if `mbedtls_rsa_rsassa_pss_sign()` is called from X.509 code, it should use PSA to calculate hashes. It doesn't, currently, which is [bug \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497). +Consider for example the code in `rsa.c` to perform an RSA-PSS signature. It needs to calculate a hash. If `mbedtls_rsa_rsassa_pss_sign()` is called directly by application code, it is supposed to call the built-in implementation: calling a PSA accelerator would be a behavior change, acceptable only if this does not add a risk of failure or performance degradation ([PSA is impossible or undesirable in some circumstances](#why-psa-is-not-always-possible)). On the other hand, if `mbedtls_rsa_rsassa_pss_sign()` is called from X.509 code, it should use PSA to calculate hashes. It doesn't, currently, which is [bug \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497). Generally speaking, modules in the mixed domain: @@ -244,7 +243,7 @@ RSA knows which hash algorithm to use based on a parameter of type `mbedtls_md_t A natural solution is to double up the encoding of hashes in `mbedtls_md_type_t`. Pass `MBEDTLS_MD_SHA256` and `md` will dispatch to the legacy code, pass a new constant `MBEDTLS_MD_SHA256_USE_PSA` and `md` will dispatch through PSA. -This maximally preserves backward compatibility, but then no non-PSA code benefits from PSA accelerators, and there's little potential for removing the software implementation. +This maximally preserves backward compatibility, but then there's little potential for removing the software implementation. #### Availability of hashes in RSA-PSS @@ -321,17 +320,9 @@ These problems are easily solvable. This section documents things that we chose to temporarily exclude from the scope in the 3.x branch (which will eventually be in scope again after 4.0) as well as things we chose to prioritize if we don't have time to support everything. -#### Don't support PK, X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO` - -We do not need to support driver-only hashes and ciphers in PK. X.509 and TLS without `MBEDTLS_USE_PSA_CRYPTO`. Users who want to take full advantage of drivers will need to enabled this macro. - -Note that this applies to TLS 1.3 as well, as some uses of hashes and all uses of ciphers there are common with TLS 1.2, hence governed by `MBEDTLS_USE_PSA_CRYPTO`, see [this macro's extended documentation](../../docs/use-psa-crypto.html). - -This will go away naturally in 4.0 when this macros is not longer an option (because it's always on). - #### Don't support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C` -We generally don't really support builds with `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`. For example, both `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_SSL_PROTO_TLS1_3` require `MBEDTLS_PSA_CRYPTO_C`, while in principle they should only require `MBEDTLS_PSA_CRYPTO_CLIENT`. +We generally don't really support builds with `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`. For example, `MBEDTLS_SSL_PROTO_TLS1_3` require `MBEDTLS_PSA_CRYPTO_C`, while in principle they should only require `MBEDTLS_PSA_CRYPTO_CLIENT`. Considering this existing restriction which we do not plan to lift before 4.0, it is acceptable driver-only hashes and cipher support to have the same restriction in 3.x. @@ -555,7 +546,7 @@ PSA has its own HMAC implementation. In builds with both `MBEDTLS_MD_C` and `PSA ### Improving support for `MBEDTLS_PSA_CRYPTO_CLIENT` -So far, MD light only dispatches to PSA if an algorithm is available via `MBEDTLS_PSA_CRYPTO_C`, not if it's available via `MBEDTLS_PSA_CRYPTO_CLIENT`. This is acceptable because `MBEDTLS_USE_PSA_CRYPTO` requires `MBEDTLS_PSA_CRYPTO_C`, hence mixed-domain code never invokes PSA. +So far, MD light only dispatches to PSA if an algorithm is available via `MBEDTLS_PSA_CRYPTO_C`, not if it's available via `MBEDTLS_PSA_CRYPTO_CLIENT`. The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a little extra work. Here is an overview of the task breakdown, which should be fleshed up after we've done the first [migration](#migration-to-md-light): From 2028b78793d72410e2f003b1a9b723e97f07b8c8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Nov 2024 15:41:57 +0000 Subject: [PATCH 08/31] Remove architecture/psa-migration/testing.md This document is describes the testing strategy for the `MBEDTLS_USE_PSA_CRYPTO` option. This option is now always on, can't be disabled and the corresponding behaviour is the only library behaviour. Signed-off-by: Janos Follath --- docs/architecture/psa-migration/testing.md | 99 ---------------------- 1 file changed, 99 deletions(-) delete mode 100644 docs/architecture/psa-migration/testing.md diff --git a/docs/architecture/psa-migration/testing.md b/docs/architecture/psa-migration/testing.md deleted file mode 100644 index f205c16ac..000000000 --- a/docs/architecture/psa-migration/testing.md +++ /dev/null @@ -1,99 +0,0 @@ -Testing strategy for `MBEDTLS_USE_PSA_CRYPTO` -============================================= - -This document records the testing strategy used so far in implementing -`MBEDTLS_USE_PSA_CRYPTO`. - - -General considerations ----------------------- - -There needs to be at least one build in `all.sh` that enables -`MBEDTLS_USE_PSA_CRYPTO` and runs the full battery of tests; currently that's -ensured by the fact that `scripts/config.py full` enables -`MBEDTLS_USE_PSA_CRYPTO`. There needs to be at least one build with -`MBEDTLS_USE_PSA_CRYPTO` disabled (as long as it's optional); currently that's -ensured by the fact that it's disabled in the default config. - -Generally, code review is enough to ensure that PSA APIs are indeed used where -they should be when `MBEDTLS_USE_PSA_CRYPTO` is enabled. - -However, when it comes to TLS, we also have the option of using debug messages -to confirm which code path is taken. This is generally unnecessary, except when -a decision is made at run-time about whether to use the PSA or legacy code -path. (For example, for record protection, previously (until 3.1), some ciphers were supported -via PSA while some others weren't, with a run-time fallback. In this case, it's -good to have a debug message checked by the test case to confirm that the -right decision was made at run-time, i. e. that we didn't use the fallback for -ciphers that are supposed to be supported.) - - -New APIs meant for application use ----------------------------------- - -For example, `mbedtls_pk_setup_opaque()` is meant to be used by applications -in order to create PK contexts that can then be passed to existing TLS and -X.509 APIs (which remain unchanged). - -In that case, we want: - -- unit testing of the new API and directly-related APIs - for example: - - in `test_suite_pk` we have a new test function `pk_psa_utils` that exercises - `mbedtls_pk_setup_opaque()` and checks that various utility functions - (`mbedtls_pk_get_type()` etc.) work and the functions that are expected to - fail (`mbedtls_pk_verify()` etc) return the expected error. - - in `test_suite_pk` we modified the existing `pk_psa_sign` test function to - check that signature generation works as expected - - in `test_suite_pkwrite` we should have a new test function checking that - exporting (writing out) the public part of the key works as expected and - that exporting the private key fails as expected. -- integration testing of the new API with each existing API which should - accepts a context created this way - for example: - - in `programs/ssl/ssl_client2` a new option `key_opaque` that causes the - new API to be used, and one or more tests in `ssl-opt.sh` using that. - (We should have the same server-side.) - - in `test_suite_x509write` we have a new test function - `x509_csr_check_opaque()` checking integration of the new API with the - existing `mbedtls_x509write_csr_set_key()`. (And also - `mbedtls_x509write_crt_set_issuer_key()` since #5710.) - -For some APIs, for example with `mbedtls_ssl_conf_psk_opaque()`, testing in -`test_suite_ssl` was historically not possible, so we only have testing in -`ssl-opt.sh`. - -New APIs meant for internal use -------------------------------- - -For example, `mbedtls_cipher_setup_psa()` (no longer used, soon to be -deprecated - #5261) was meant to be used by the TLS layer, but probably not -directly by applications. - -In that case, we want: - -- unit testing of the new API and directly-related APIs - for example: - - in `test_suite_cipher`, the existing test functions `auth_crypt_tv` and - `test_vec_crypt` gained a new parameter `use_psa` and corresponding test - cases -- integration testing: - - usually already covered by existing tests for higher-level modules: - - for example simple use of `mbedtls_cipher_setup_psa()` in TLS is already - covered by running the existing TLS tests in a build with - `MBEDTLS_USA_PSA_CRYPTO` enabled - - however if use of the new API in higher layers involves more logic that - use of the old API, specific integrations test may be required - - for example, the logic to fall back from `mbedtls_cipher_setup_psa()` to - `mbedtls_cipher_setup()` in TLS is tested by `run_test_psa` in - `ssl-opt.sh`. - -Internal changes ----------------- - -For example, use of PSA to compute the TLS 1.2 PRF. - -Changes in this category rarely require specific testing, as everything should -be already be covered by running the existing tests in a build with -`MBEDTLS_USE_PSA_CRYPTO` enabled; however we need to make sure the existing -test have sufficient coverage, and improve them if necessary. - -However, if additional logic is involved, or there are run-time decisions about -whether to use the PSA or legacy code paths, specific tests might be in order. From 5b2ad4eda2aae2c3d3aa4956d3bf2ea3e752e310 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Nov 2024 16:00:54 +0000 Subject: [PATCH 09/31] Remove USE_PSA from psa-migration/strategy.md MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove documentation discussing cases when it is disabled. The goal is not to update the document, only to remove MBED_TLS_USE_PSA_CRYPTO, while making a minimal local context of the occurrance up to date and sensible. Signed-off-by: Janos Follath --- docs/architecture/psa-migration/strategy.md | 116 ++++++-------------- 1 file changed, 36 insertions(+), 80 deletions(-) diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md index b985a77fa..f7f7ff62a 100644 --- a/docs/architecture/psa-migration/strategy.md +++ b/docs/architecture/psa-migration/strategy.md @@ -12,11 +12,9 @@ G3. Allow isolation of short-term secrets (for example, TLS session keys). G4. Have a clean, unified API for Crypto (retire the legacy API). G5. Code size: compile out our implementation when a driver is available. -As of Mbed TLS 3.2, most of (G1) and all of (G2) is implemented when -`MBEDTLS_USE_PSA_CRYPTO` is enabled. For (G2) to take effect, the application -needs to be changed to use new APIs. For a more detailed account of what's -implemented, see `docs/use-psa-crypto.md`, where new APIs are about (G2), and -internal changes implement (G1). +As of Mbed TLS 3.2, most of (G1) and all of (G2) is implemented. For a more +detailed account of what's implemented, see `docs/use-psa-crypto.md`, where new +APIs are about (G2), and internal changes implement (G1). As of early 2023, work towards G5 is in progress: Mbed TLS 3.3 and 3.4 saw some improvements in this area, and more will be coming in future releases. @@ -32,37 +30,9 @@ We currently have a few compile-time options that are relevant to the migration: - `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the PSA Crypto APIs. -- `MBEDTLS_USE_PSA_CRYPTO` - disabled by default (enabled in "full" config), - controls usage of PSA Crypto APIs to perform operations in X.509 and TLS -(G1 above), as well as the availability of some new APIs (G2 above). - `PSA_CRYPTO_CONFIG` - disabled by default, supports builds with drivers and without the corresponding software implementation (G5 above). -The reasons why `MBEDTLS_USE_PSA_CRYPTO` is optional and disabled by default -are: -- it's not fully compatible with `MBEDTLS_ECP_RESTARTABLE`: you can enable - both, but then you won't get the full effect of RESTARTBLE (see the -documentation of this option in `mbedtls_config.h`); -- to avoid a hard/default dependency of TLS, X.509 and PK on - `MBEDTLS_PSA_CRYPTO_C`, for backward compatibility reasons: - - When `MBEDTLS_PSA_CRYPTO_C` is enabled and used, applications need to call - `psa_crypto_init()` before TLS/X.509 uses PSA functions. (This prevents us -from even enabling the option by default.) - - `MBEDTLS_PSA_CRYPTO_C` has a hard dependency on `MBEDTLS_ENTROPY_C || - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` but it's - currently possible to compile TLS and X.509 without any of the options. - Also, we can't just auto-enable `MBEDTLS_ENTROPY_C` as it doesn't build - out of the box on all platforms, and even less - `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` as it requires a user-provided RNG - function. - -The downside of this approach is that until we are able to make -`MBDEDTLS_USE_PSA_CRYPTO` non-optional (always enabled), we have to maintain -two versions of some parts of the code: one using PSA, the other using the -legacy APIs. However, see next section for strategies that can lower that -cost. The rest of this section explains the reasons for the -incompatibilities mentioned above. - At the time of writing (early 2022) it is unclear what could be done about the backward compatibility issues, and in particular if the cost of implementing solutions to these problems would be higher or lower than the cost of @@ -83,26 +53,20 @@ added to PSA in Mbed TLS 3.4, but support for ECDH is not present yet. It will then require follow-up work to make use of the new PSA APIs in PK/X.509/TLS in all places where we currently allow restartable operations. -### Backward compatibility issues with making `MBEDTLS_USE_PSA_CRYPTO` always on - -1. Existing applications may not be calling `psa_crypto_init()` before using - TLS, X.509 or PK. We can try to work around that by calling (the relevant -part of) it ourselves under the hood as needed, but that would likely require -splitting init between the parts that can fail and the parts that can't (see - for that). -2. It's currently not possible to enable `MBEDTLS_PSA_CRYPTO_C` in - configurations that don't have `MBEDTLS_ENTROPY_C`, and we can't just -auto-enable the latter, as it won't build or work out of the box on all -platforms. There are two kinds of things we'd need to do if we want to work -around that: - 1. Make it possible to enable the parts of PSA Crypto that don't require an - RNG (typically, public key operations, symmetric crypto, some key +### Backward compatibility issues + +It's currently not possible to enable `MBEDTLS_PSA_CRYPTO_C` in configurations +that don't have `MBEDTLS_ENTROPY_C`, and we can't just auto-enable the latter, +as it won't build or work out of the box on all platforms. There are two kinds +of things we'd need to do if we want to work around that: +1. Make it possible to enable the parts of PSA Crypto that don't require an + RNG (typically, public key operations, symmetric crypto, some key management functions (destroy etc)) in configurations that don't have `ENTROPY_C`. This requires going through the PSA code base to adjust dependencies. Risk: there may be annoying dependencies, some of which may be surprising. - 2. For operations that require an RNG, provide an alternative function - accepting an explicit `f_rng` parameter (see #5238), that would be +2. For operations that require an RNG, provide an alternative function + accepting an explicit `f_rng` parameter (see #5238), that would be available in entropy-less builds. (Then code using those functions still needs to have one version using it, for entropy-less builds, and one version using the standard function, for driver support in build with entropy.) @@ -125,9 +89,8 @@ These abstraction layers typically provide, in addition to the API for crypto operations, types and numerical identifiers for algorithms (for example `mbedtls_cipher_mode_t` and its values). The current strategy is to keep using those identifiers in most of the code, in -particular in existing structures and public APIs, even when -`MBEDTLS_USE_PSA_CRYPTO` is enabled. (This is not an issue for G1, G2, G3 -above, and is only potentially relevant for G4.) +particular in existing structures and public APIs. (This is not an issue for G1, +G2, G3 above, and is only potentially relevant for G4.) The are multiple strategies that can be used regarding the place of those layers in the migration to PSA. @@ -135,9 +98,8 @@ layers in the migration to PSA. Silently call to PSA from the abstraction layer ----------------------------------------------- -- Provide a new definition (conditionally on `USE_PSA_CRYPTO`) of wrapper - functions in the abstraction layer, that calls PSA instead of the legacy -crypto API. +- Provide a new definition of wrapper functions in the abstraction layer, that + calls PSA instead of the legacy crypto API. - Upside: changes contained to a single place, no need to change TLS or X.509 code anywhere. - Downside: tricky to implement if the PSA implementation is currently done on @@ -145,9 +107,8 @@ crypto API. This strategy is currently (early 2023) used for all operations in the PK layer; the MD layer uses a variant where it dispatches to PSA if a driver is -available and the driver subsystem has been initialized, regardless of whether -`USE_PSA_CRYPTO` is enabled; see `md-cipher-dispatch.md` in the same directory -for details. +available and the driver subsystem has been initialized; see +`md-cipher-dispatch.md` in the same directory for details. This strategy is not very well suited to the Cipher layer, as the PSA implementation is currently done on top of that layer. @@ -163,7 +124,7 @@ Replace calls for each operation -------------------------------- - For every operation that's done through this layer in TLS or X.509, just - replace function call with calls to PSA (conditionally on `USE_PSA_CRYPTO`) + replace function call with calls to PSA. - Upside: conceptually simple, and if the PSA implementation is currently done on top of that layer, avoids concerns about dependency loops. - Upside: opens the door to building TLS/X.509 without that layer, saving some @@ -220,8 +181,7 @@ Strategies currently (early 2022) used with each abstraction layer: - PK (for G1): silently call PSA - PK (for G2): opt-in use of PSA (new key type) - Cipher (G1): replace calls at each call site -- MD (G1, X.509 and TLS): replace calls at each call site (depending on - `USE_PSA_CRYPTO`) +- MD (G1, X.509 and TLS): replace calls at each call site - MD (G5): silently call PSA when a driver is available, see `md-cipher-dispatch.md`. @@ -249,8 +209,8 @@ We can roughly divide the work needed to get there in the following steps: 0. Have a working driver interface for the algorithms we want to replace. 1. Have users of these algorithms call to PSA or an abstraction layer than can dispatch to PSA, but not the low-level legacy API, for all operations. -(This is G1, and for PK, X.509 and TLS this is controlled by -`MBEDTLS_USE_PSA_CRYPTO`.) This needs to be done in the library and tests. +(This is G1, and for PK, X.509 and TLS.) This needs to be done in the library +and tests. 2. Have users of these algorithms not depend on the legacy API for information management (getting a size for a given algorithm, etc.) 3. Adapt compile-time guards used to query availability of a given algorithm; @@ -322,10 +282,8 @@ will check for `PSA_WANT_ALG_SHA_256`, while legacy-based code that wants to use SHA-256 will check for `MBEDTLS_SHA256_C` if using the `mbedtls_sha256` API, or for `MBEDTLS_MD_C && MBEDTLS_SHA256_C` if using the `mbedtls_md` API. -Code that obeys `MBEDTLS_USE_PSA_CRYPTO` will want to use one of the two -dependencies above depending on whether `MBEDTLS_USE_PSA_CRYPTO` is defined: -if it is, the code want the algorithm available in PSA, otherwise, it wants it -available via the legacy API(s) is it using (MD and/or low-level). +PSA based code will want to use the algorithm available in PSA, otherwise, it +wants it available via the legacy API(s) is it using (MD and/or low-level). As much as possible, we're trying to create for each algorithm a single new macro that can be used to express dependencies everywhere (except pure PSA @@ -333,9 +291,8 @@ code that should always use `PSA_WANT`). For example, for hashes this is the `MBEDTLS_MD_CAN_xxx` family. For ECC algorithms, we have similar `MBEDTLS_PK_CAN_xxx` macros. -Note that in order to achieve that goal, even for code that obeys -`USE_PSA_CRYPTO`, it is useful to impose that all algorithms that are -available via the legacy APIs are also available via PSA. +Note that in order to achieve that goal, it is useful to impose that all +algorithms that are available via the legacy APIs are also available via PSA. Executing step 3 will mostly consist of using the right dependency macros in the right places (once the previous steps are done). @@ -347,8 +304,8 @@ supporting existing features in new types of builds, testing will not involve adding cases to the test suites, but instead adding new components in `all.sh` that build and run tests in newly-supported configurations. For example, if we're making some part of the library work with hashes provided only by -drivers when `MBEDTLS_USE_PSA_CRYPTO` is defined, there should be a place in -`all.sh` that builds and run tests in such a configuration. +drivers, there should be a place in `all.sh` that builds and run tests in such a +configuration. There is however a risk, especially in step 3 where we change how dependencies are expressed (sometimes in bulk), to get things wrong in a way that would @@ -424,14 +381,13 @@ reducing the cost, and judgment calls may need to be made. Note: when it comes to holding public keys in the PK layer, depending on how the rest of the code is structured, it may be worth holding the key data in memory controlled by the PK layer as opposed to a PSA key slot, moving it to a -slot only when needed (see current `ecdsa_verify_wrap` when -`MBEDTLS_USE_PSA_CRYPTO` is defined) For example, when parsing a large -number, N, of X.509 certificates (for example the list of trusted roots), it -might be undesirable to use N PSA key slots for their public keys as long as -the certs are loaded. OTOH, this could also be addressed by merging the "X.509 -parsing on-demand" (#2478), and then the public key data would be held as -bytes in the X.509 CRT structure, and only moved to a PK context / PSA slot -when it's actually used. +slot only when needed (see current `ecdsa_verify_wrap`) For example, when +parsing a large number, N, of X.509 certificates (for example the list of +trusted roots), it might be undesirable to use N PSA key slots for their public +keys as long as the certs are loaded. OTOH, this could also be addressed by +merging the "X.509 parsing on-demand" (#2478), and then the public key data +would be held as bytes in the X.509 CRT structure, and only moved to a PK +context / PSA slot when it's actually used. Note: the PK layer actually consists of two relatively distinct parts: crypto operations, which will be covered by PSA, and parsing/writing (exporting) From bd445afa270049ddf936a6c8c5a86dbc8b9232ea Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 2 Dec 2024 14:44:28 +0000 Subject: [PATCH 10/31] Remove USE_PSA from remaining documentation MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove documentation discussing cases when it is disabled. Signed-off-by: Janos Follath --- README.md | 2 +- docs/architecture/psa-migration/psa-legacy-bridges.md | 10 ++++------ docs/architecture/psa-migration/psa-limitations.md | 10 +++++----- docs/architecture/psa-migration/syms.sh | 2 +- docs/architecture/tls13-support.md | 1 - docs/proposed/config-split.md | 1 - docs/psa-transition.md | 4 +--- 7 files changed, 12 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 317874f6f..7d3a4352b 100644 --- a/README.md +++ b/README.md @@ -295,7 +295,7 @@ Arm welcomes feedback on the design of the API. If you think something could be Mbed TLS includes a reference implementation of the PSA Cryptography API. However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms. -The X.509 and TLS code can use PSA cryptography for most operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`. Note that TLS 1.3 uses PSA cryptography for most operations regardless of this option. See `docs/use-psa-crypto.md` for details. +The X.509 and TLS code can use PSA cryptography for most operations. See `docs/use-psa-crypto.md` for details. ### PSA drivers diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md index 912344e31..75678c4f4 100644 --- a/docs/architecture/psa-migration/psa-legacy-bridges.md +++ b/docs/architecture/psa-migration/psa-legacy-bridges.md @@ -40,13 +40,13 @@ There is functionality that is tied to one API and is not directly available in * Only PSA supports isolating cryptographic material in a secure service. * The legacy API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys. -The legacy API can partially leverage PSA features via `MBEDTLS_USE_PSA_CRYPTO`, but this has limited scope. +The legacy API can partially leverage PSA features, but this has limited scope. In addition, many applications cannot be migrated in a single go. For large projects, it is impractical to rewrite a significant part of the code all at once. (For example, Mbed TLS itself will have taken more than 6 years to transition.) Projects that use one or more library in addition to Mbed TLS must follow the evolution of these libraries, each of which might have its own pace. ### Where mixing happens -Mbed TLS can be, and normally is, built with support for both APIs. Therefore no special effort is necessary to allow an application to use both APIs. +Mbed TLS is, built with support for both APIs. Therefore no special effort is necessary to allow an application to use both APIs. Special effort is necessary to use both APIs as part of the implementation of the same feature. From an informal analysis of typical application requirements, we identify four parts of the use of cryptography which can be provided by different APIs: @@ -155,7 +155,6 @@ Reasons for first creating a legacy key object, where it's impossible or impract Reasons for needing a PSA key object: * Using the key with third-party interface that takes a PSA key identifier as input. (Mbed TLS itself has a few TLS functions that take PSA key identifiers, but as of Mbed TLS 3.5, it is always possible to use a legacy key instead.) -* Benefiting from a PSA accelerator, or from PSA's world separation, even without `MBEDTLS_USE_PSA_CRYPTO`. (Not a priority scenario: we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA.) Gap: a way to create a PSA key object from an `mbedtls_pk_context`. This partially exists in the form of `mbedtls_pk_wrap_as_opaque`, but it is not fully satisfactory, for reasons that are detailed in “[API to create a PSA key from a PK context](#api-to-create-a-psa-key-from-a-pk-context)” below. @@ -167,7 +166,6 @@ There is a function `mbedtls_pk_setup_opaque` that mostly does this. However, it * It creates a PK key of type `MBEDTLS_PK_OPAQUE` that wraps the PSA key. This is good enough in some scenarios, but not others. For example, it's ok for pkwrite, because we've upgraded the pkwrite code to handle `MBEDTLS_PK_OPAQUE`. That doesn't help users of third-party libraries that haven't yet been upgraded. * It ties the lifetime of the PK object to the PSA key, which is error-prone: if the PSA key is destroyed but the PK object isn't, there is no way to reliably detect any subsequent misuse of the PK object. -* It is only available under `MBEDTLS_USE_PSA_CRYPTO`. This is not a priority concern, since we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA. However, this function is useful to use specific PSA keys in X.509/TLS regardless of whether X.509/TLS use the PSA API for all cryptographic operations, so this is a wart in the current API. It therefore appears that we need two ways to “convert” a PSA key to PK: @@ -176,7 +174,7 @@ It therefore appears that we need two ways to “convert” a PSA key to PK: Gap: a way to copy a PSA key into a PK context. This can only be expected to work if the PSA key is exportable. -After some discussion, have not identified anything we want to change in the behavior of `mbedtls_pk_setup_opaque`. We only want to generalize it to non-`MBEDTLS_USE_PSA_CRYPTO` and to document it better. +After some discussion, have not identified anything we want to change in the behavior of `mbedtls_pk_setup_opaque`. #### Signature formats @@ -319,7 +317,7 @@ Based on the [gap analysis](#using-a-psa-key-as-a-pk-context): [ACTION] [#8712](https://github.com/Mbed-TLS/mbedtls/issues/8712) Clarify the documentation of `mbedtls_pk_setup_opaque` regarding which algorithms the resulting key will perform with `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt`. -[ACTION] [#8710](https://github.com/Mbed-TLS/mbedtls/issues/8710) Provide `mbedtls_pk_setup_opaque` whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, not just when `MBEDTLS_USE_PSA_CRYPTO` is enabled. This is nice-to-have, not critical. Update `use-psa-crypto.md` accordingly. +[ACTION] [#8710](https://github.com/Mbed-TLS/mbedtls/issues/8710) Provide `mbedtls_pk_setup_opaque` whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled. This is nice-to-have, not critical. Update `use-psa-crypto.md` accordingly. [OPEN] What about `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext`? diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md index 29d7c5330..75814f770 100644 --- a/docs/architecture/psa-migration/psa-limitations.md +++ b/docs/architecture/psa-migration/psa-limitations.md @@ -21,11 +21,11 @@ TLS have not yet been adapted to take advantage of the new PSA APIs. See: - ; - . -Currently, when `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_ECP_RESTARTABLE` are -both enabled, some operations that should be restartable are not (ECDH in TLS -1.2 clients using ECDHE-ECDSA), as they are using PSA instead, and some -operations that should use PSA do not (signature generation & verification) as -they use the legacy API instead, in order to get restartable behaviour. +Currently, when `MBEDTLS_ECP_RESTARTABLE` is enabled, some operations that +should be restartable are not (ECDH in TLS 1.2 clients using ECDHE-ECDSA), as +they are using PSA instead, and some operations that should use PSA do not +(signature generation & verification) as they use the legacy API instead, in +order to get restartable behaviour. Things that are in the API but not implemented yet -------------------------------------------------- diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh index 6c9686eb2..0fc55dd8c 100755 --- a/docs/architecture/psa-migration/syms.sh +++ b/docs/architecture/psa-migration/syms.sh @@ -11,7 +11,7 @@ # # Usage: # - build the library with debug symbols and the config you're interested in -# (default, full minus MBEDTLS_USE_PSA_CRYPTO, full, etc.) +# (default, full, etc.) # - launch this script with 1 or more arguments depending on the analysis' goal: # - if only 1 argument is used (which is the name of the used config, # ex: full), then the analysis is done on libmbedx509 and libmbedtls diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index 6904c500d..52669fdf4 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -126,7 +126,6 @@ Support description | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a | | | | | MBEDTLS_PSA_CRYPTO_C | no (1) | - | MBEDTLS_USE_PSA_CRYPTO | yes | (1) These options must remain in their default state of enabled. (2) See the TLS 1.3 specific build options section below. diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 6fd8c4993..409141a66 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -290,7 +290,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_SHA512_SMALLER //#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT //#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY -//#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 //#define MBEDTLS_ECP_WINDOW_SIZE 4 diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 2d7ad15ab..51ac02877 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -50,8 +50,6 @@ Then use the [summary of API modules](#summary-of-api-modules), the table of con To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.) -You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. - By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. ### Header files @@ -908,7 +906,7 @@ This section discusses how to use a PSA key in a context that requires a PK obje * [`mbedtls_pk_copy_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ab8e88836fd9ee344ffe630c40447bd08) copies a PSA key into a PK object. The PSA key must be exportable. The PK object remains valid even if the PSA key is destroyed. * [`mbedtls_pk_copy_public_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a2a50247a528889c12ea0ddddb8b15a4e) copies the public part of a PSA key into a PK object. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. This functionality is only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive. +* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive. Here is some sample code illustrating how to use the PK module to format a PSA public key or the public key of a PSA key pair. ``` From 5e79f6a9edf6a769f17e4cb7478574d02b91d89e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 8 Dec 2024 14:40:07 +0000 Subject: [PATCH 11/31] Remove psa-migration/md-cipher-dispatch.md This is an architecture document focusing on how parts of the code base can accommodate both builds with PSA crypto disabled and builds with driver-only mechanisms. Going forward, this coexistence is no longer relevant. The document does explain why some parts of md and cipher are the way they are. In the future, we'll want to remove legacy code paths and keep only the PSA code paths. But for that, it isn't particularly useful to know how the dual code paths came about, or what constraints they had to obey. Those constraints no longer apply. Signed-off-by: Janos Follath --- .../psa-migration/md-cipher-dispatch.md | 603 ------------------ 1 file changed, 603 deletions(-) delete mode 100644 docs/architecture/psa-migration/md-cipher-dispatch.md diff --git a/docs/architecture/psa-migration/md-cipher-dispatch.md b/docs/architecture/psa-migration/md-cipher-dispatch.md deleted file mode 100644 index 6b59e18d0..000000000 --- a/docs/architecture/psa-migration/md-cipher-dispatch.md +++ /dev/null @@ -1,603 +0,0 @@ -PSA migration strategy for hashes and ciphers -============================================= - -## Introduction - -This document discusses a migration strategy for code that is currently using legacy cryptography APIs, and should transition to PSA, without a major version change. - -### Relationship with the main strategy document - -This is complementary to the main [strategy document](strategy.html) and is intended as a refinement. However, at this stage, there may be contradictions between the strategy proposed here and some of the earlier strategy. - -A difference between the original strategy and the current one is that in this work, we are not treating PSA as a black box. We can change experimental features, and we can call internal interfaces. - -## Requirements - -### User stories - -#### Backward compatibility user story - -As a developer of an application that uses Mbed TLS's interfaces (including legacy crypto), -I want Mbed TLS to preserve backward compatibility, -so that my code keeps working in new minor versions of Mbed TLS. - -#### Interface design user story - -As a developer of library code that uses Mbed TLS to perform cryptographic operations, -I want to know which functions to call and which feature macros to check, -so that my code works in all Mbed TLS configurations. - -Note: this is the same problem we face in X.509 and TLS. - -#### Hardware accelerator vendor user stories - -As a vendor of a platform with hardware acceleration for some crypto, -I want to build Mbed TLS in a way that uses my hardware wherever relevant, -so that my customers maximally benefit from my hardware. - -As a vendor of a platform with hardware acceleration for some crypto, -I want to build Mbed TLS without software that replicates what my hardware does, -to minimize the code size. - -#### Maintainer user stories - -As a maintainer of Mbed TLS, -I want to have clear rules for when to use which interface, -to avoid bugs in “unusual” configurations. - -As a maintainer of Mbed TLS, -I want to avoid duplicating code, -because this is inefficient and error-prone. - -### Use PSA more - -In the long term, all code using cryptography should use PSA interfaces, to benefit from PSA drivers, allow eliminating legacy interfaces (less code size, less maintenance). However, this can't be done without breaking [backward compatibility](#backward-compatibility). - -The goal of this work is to arrange for more non-PSA interfaces to use PSA interfaces under the hood, without breaking code in the cases where this doesn't work. Using PSA interfaces has two benefits: - -* Where a PSA driver is available, it likely has better performance, and sometimes better security, than the built-in software implementation. -* In many scenarios, where a PSA driver is available, this allows removing the software implementation altogether. -* We may be able to get rid of some redundancies, for example the duplication between the implementations of HMAC in `md.c` and in `psa_crypto_mac.c`, and HKDF in `hkdf.c` and `psa_crypto.c`. - -### Correct dependencies - -Traditionally, to determine whether a cryptographic mechanism was available, you had to check whether the corresponding Mbed TLS module or submodule was present: `MBEDTLS_SHA256_C` for SHA256, `MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC` for AES-CBC, etc. In code that uses the PSA interfaces, this needs to change to `PSA_WANT_xxx` symbols. - -### Backward compatibility - -All documented behavior must be preserved, except for interfaces currently described as experimental or unstable. Those interfaces can change, but we should minimize disruption by providing a transition path for reasonable use cases. - -#### Changeable configuration options - -The following configuration options are described as experimental, and are likely to change at least marginally: - -* `MBEDTLS_PSA_CRYPTO_CLIENT`: “This interface is experimental and may change or be removed without notice.” In practice we don't want to remove this, but we may constrain how it's used. -* `MBEDTLS_PSA_CRYPTO_DRIVERS`: “This interface is experimental. We intend to maintain backward compatibility with application code that relies on drivers, but the driver interfaces may change without notice.” In practice, this may mean constraints not only on how to write drivers, but also on how to integrate drivers into code that is platform code more than application code. - -### Non-goals - -It is not a goal at this stage to make more code directly call `psa_xxx` functions. Rather, the goal is to make more code call PSA drivers where available. How dispatch is done is secondary. - -## Problem analysis - -### Scope analysis - -#### Limitations of the use of PSA Crypto - -Parts of the library call the PSA API instead of legacy APIs for cryptographic calculations. This only applies to `pk.h`, X.509 and TLS. Applications must call `psa_crypto_init()` before calling any of the functions in these modules. - -In this work, we want two things: - -* Make non-covered modules call PSA, but only [when this will actually work](#why-psa-is-not-always-possible). This effectively brings those modules to a partial use-PSA behavior (benefiting from PSA accelerators when they're usable) regardless of whether the option is enabled. -* Call PSA when a covered module calls a non-covered module which calls another module, for example X.509 calling pk for PSS verification which calls RSA which calculates a hash ([see issue \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497)). This effectively extends the option to modules that aren't directly covered. - -#### Classification of callers - -We can classify code that implements or uses cryptographic mechanisms into several groups: - -* Software implementations of primitive cryptographic mechanisms. These are not expected to change. -* Software implementations of constructed cryptographic mechanisms (e.g. HMAC, CTR_DRBG, RSA (calling a hash for PSS/OAEP, and needing to know the hash length in PKCS1v1.5 sign/verify), …). These need to keep working whenever a legacy implementation of the auxiliary mechanism is available, regardless of whether a PSA implementation is also available. -* Code implementing the PSA crypto interface. This is not expected to change, except perhaps to expose some internal functionality to overhauled glue code. -* Code that uses PSA for crypto: `pk.h`, X.509, TLS, TLS 1.3, LMS. - -For the purposes of this work, three domains emerge: - -* **Legacy domain**: does not interact with PSA. Implementations of hashes, of cipher primitives, of arithmetic. -* **Mixed domain**: does not currently use PSA, but should [when possible](#why-psa-is-not-always-possible). This consists of the constructed cryptographic primitives (except LMS) -* **PSA domain**: includes pk, X.509 and TLS. Also TLS 1.3, LMS. - -#### Non-use-PSA modules - -The following modules in Mbed TLS call another module to perform cryptographic operations which, in the long term, will be provided through a PSA interface, but cannot make any PSA-related assumption. - -Hashes and HMAC (after the work on driver-only hashes): - -* entropy (hashes via MD-light) -* ECDSA (HMAC\_DRBG; `md.h` exposed through API) -* ECJPAKE (hashes via MD-light; `md.h` exposed through API) -* MD (hashes and HMAC) -* HKDF (HMAC via `md.h`; `md.h` exposed through API) -* HMAC\_DRBG (hashes and HMAC via `md.h`; `md.h` exposed through API) -* PKCS12 (hashes via MD-light) -* PKCS5 (HMAC via `md.h`; `md.h` exposed through API) -* PKCS7 (hashes via MD) -* RSA (hash via MD-light for PSS and OAEP; `md.h` exposed through API) -* PEM (MD5 hash via MD-light) - -Symmetric ciphers and AEADs (before work on driver-only cipher): - -* PEM: - * AES, DES or 3DES in CBC mode without padding, decrypt only (!). - * Currently using low-level non-generic APIs. - * No hard dependency, features guarded by `AES_C` resp. `DES_C`. - * Functions called: `setkey_dec()` + `crypt_cbc()`. -* PKCS12: - * In practice: 2DES or 3DES in CBC mode with PKCS7 padding, decrypt only - (when called from pkparse). - * In principle: any cipher-mode (default padding), passed an - `mbedtls_cipher_type_t` as an argument, no documented restriction. - * Cipher, generically, selected from ASN.1 or function parameters; - no documented restriction but in practice TODO (inc. padding and - en/decrypt, look at standards and tests) - * Unconditional dependency on `CIPHER_C` in `check_config.h`. - * Note: `cipher.h` exposed through API. - * Functions called: `setup`, `setkey`, `set_iv`, `reset`, `update`, `finish` (in sequence, once). -* PKCS5 (PBES2, `mbedtls_pkcs5_pbes2()`): - * 3DES or DES in CBC mode with PKCS7 padding, both encrypt and decrypt. - * Note: could also be AES in the future, see #7038. - * Unconditional dependency on `CIPHER_C` in `check_config.h`. - * Functions called: `setup`, `setkey`, `crypt`. -* CTR\_DRBG: - * AES in ECB mode, encrypt only. - * Currently using low-level non-generic API (`aes.h`). - * Unconditional dependency on `AES_C` in `check_config.h`. - * Functions called: `setkey_enc`, `crypt_ecb`. -* CCM: - * AES, Camellia or Aria in ECB mode, encrypt only. - * Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`. - * Unconditional dependency on `CIPHER_C` in `check_config.h`. - * Note: also called by `cipher.c` if enabled. - * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) -* CMAC: - * AES or DES in ECB mode, encrypt only. - * Unconditional dependency on `AES_C || DES_C` in `check_config.h`. - * Unconditional dependency on `CIPHER_C` in `check_config.h`. - * Note: also called by `cipher.c` if enabled. - * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) -* GCM: - * AES, Camellia or Aria in ECB mode, encrypt only. - * Unconditional dependency on `AES_C || CAMELLIA_C || ARIA_C` in `check_config.h`. - * Unconditional dependency on `CIPHER_C` in `check_config.h`. - * Note: also called by `cipher.c` if enabled. - * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) -* NIST\_KW: - * AES in ECB mode, both encryt and decrypt. - * Unconditional dependency on `AES_C || DES_C` in `check_config.h`. - * Unconditional dependency on `CIPHER_C` in `check_config.h`. - * Note: also called by `cipher.c` if enabled. - * Note: `cipher.h` exposed through API. - * Functions called: `info`, `setup`, `setkey`, `update` (several times) - (never finish) -* Cipher: - * potentially any cipher/AEAD in any mode and any direction - -Note: PSA cipher is built on Cipher, but PSA AEAD directly calls the underlying AEAD modules (GCM, CCM, ChachaPoly). - -### Difficulties - -#### Why PSA is not always possible - -Here are some reasons why calling `psa_xxx()` to perform a hash or cipher calculation might not be desirable in some circumstances, explaining why the application would arrange to call the legacy software implementation instead. - -* `MBEDTLS_PSA_CRYPTO_C` is disabled. -* There is a PSA driver which has not been initialized (this happens in `psa_crypto_init()`). -* For ciphers, the keystore is not initialized yet, and Mbed TLS uses a custom implementation of PSA ITS where the file system is not accessible yet (because something else needs to happen first, and the application takes care that it happens before it calls `psa_crypto_init()`). A possible workaround may be to dispatch to the internal functions that are called after the keystore lookup, rather than to the PSA API functions (but this is incompatible with `MBEDTLS_PSA_CRYPTO_CLIENT`). -* The requested mechanism is enabled in the legacy interface but not in the PSA interface. This was not really intended, but is possible, for example, if you enable `MBEDTLS_MD5_C` for PEM decoding with PBKDF1 but don't want `PSA_ALG_WANT_MD5` because it isn't supported for `PSA_ALG_RSA_PSS` and `PSA_ALG_DETERMINISTIC_ECDSA`. -* `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, and the client has not yet activated the connection to the server (this happens in `psa_crypto_init()`). -* `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, but the operation is part of the implementation of an encrypted communication with the crypto service, or the local implementation is faster because it avoids a costly remote procedure call. - -#### Indirect knowledge - -Consider for example the code in `rsa.c` to perform an RSA-PSS signature. It needs to calculate a hash. If `mbedtls_rsa_rsassa_pss_sign()` is called directly by application code, it is supposed to call the built-in implementation: calling a PSA accelerator would be a behavior change, acceptable only if this does not add a risk of failure or performance degradation ([PSA is impossible or undesirable in some circumstances](#why-psa-is-not-always-possible)). On the other hand, if `mbedtls_rsa_rsassa_pss_sign()` is called from X.509 code, it should use PSA to calculate hashes. It doesn't, currently, which is [bug \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497). - -Generally speaking, modules in the mixed domain: - -* must call PSA if called by a module in the PSA domain; -* must not call PSA (or must have a fallback) if their caller is not in the PSA domain and the PSA call is not guaranteed to work. - -#### Non-support guarantees: requirements - -Generally speaking, just because some feature is not enabled in `mbedtls_config.h` or `psa_config.h` doesn't guarantee that it won't be enabled in the build. We can enable additional features through `build_info.h`. - -If `PSA_WANT_xxx` is disabled, this should guarantee that attempting xxx through the PSA API will fail. This is generally guaranteed by the test suite `test_suite_psa_crypto_not_supported` with automatically enumerated test cases, so it would be inconvenient to carve out an exception. - -### Technical requirements - -Based on the preceding analysis, the core of the problem is: for code in the mixed domain (see [“Classification of callers”](#classification-of-callers)), how do we handle a cryptographic mechanism? This has several related subproblems: - -* How the mechanism is encoded (e.g. `mbedtls_md_type_t` vs `const *mbedtls_md_info_t` vs `psa_algorithm_t` for hashes). -* How to decide whether a specific algorithm or key type is supported (eventually based on `MBEDTLS_xxx_C` vs `PSA_WANT_xxx`). -* How to obtain metadata about algorithms (e.g. hash/MAC/tag size, key size). -* How to perform the operation (context type, which functions to call). - -We need a way to decide this based on the available information: - -* Who's the ultimate caller — see [indirect knowledge](#indirect-knowledge) — which is not actually available. -* Some parameter indicating which algorithm to use. -* The available cryptographic implementations, based on preprocessor symbols (`MBEDTLS_xxx_C`, `PSA_WANT_xxx`, `MBEDTLS_PSA_ACCEL_xxx`, etc.). -* Possibly additional runtime state (for example, we might check whether `psa_crypto_init` has been called). - -And we need to take care of the [the cases where PSA is not possible](#why-psa-is-not-always-possible): either make sure the current behavior is preserved, or (where allowed by backward compatibility) document a behavior change and, preferably, a workaround. - -### Working through an example: RSA-PSS - -Let us work through the example of RSA-PSS which calculates a hash, as in [see issue \#6497](https://github.com/Mbed-TLS/mbedtls/issues/6497). - -RSA is in the [mixed domain](#classification-of-callers). So: - -* When called from `psa_sign_hash` and other PSA functions, it must call the PSA hash accelerator if there is one. -* When called from user code, it must call the built-in hash implementation if PSA is not available (regardless of whether this is because `MBEDTLS_PSA_CRYPTO_C` is disabled, or because `PSA_WANT_ALG_xxx` is disabled for this hash, or because there is an accelerator driver which has not been initialized yet). - -RSA knows which hash algorithm to use based on a parameter of type `mbedtls_md_type_t`. (More generally, all mixed-domain modules that take an algorithm specification as a parameter take it via a numerical type, except HMAC\_DRBG and HKDF which take a `const mbedtls_md_info_t*` instead, and CMAC which takes a `const mbedtls_cipher_info_t *`.) - -#### Double encoding solution - -A natural solution is to double up the encoding of hashes in `mbedtls_md_type_t`. Pass `MBEDTLS_MD_SHA256` and `md` will dispatch to the legacy code, pass a new constant `MBEDTLS_MD_SHA256_USE_PSA` and `md` will dispatch through PSA. - -This maximally preserves backward compatibility, but then there's little potential for removing the software implementation. - -#### Availability of hashes in RSA-PSS - -Here we try to answer the question: As a caller of RSA-PSS via `rsa.h`, how do I know whether it can use a certain hash? - -* For a caller in the legacy domain: if e.g. `MBEDTLS_SHA256_C` is enabled, then I want RSA-PSS to support SHA-256. I don't care about negative support. So `MBEDTLS_SHA256_C` must imply support for RSA-PSS-SHA-256. It must work at all times, regardless of the state of PSA (e.g. drivers not initialized). -* For a caller in the PSA domain: if e.g. `PSA_WANT_ALG_SHA_256` is enabled, then I want RSA-PSS to support SHA-256, provided that `psa_crypto_init()` has been called. In some limited cases, such as `test_suite_psa_crypto_not_supported` when PSA implements RSA-PSS in software, we care about negative support: if `PSA_WANT_ALG_SHA_256` is disabled then `psa_verify_hash` must reject `PSA_WANT_ALG_SHA_256`. This can be done at the level of PSA before it calls the RSA module, though, so it doesn't have any implication on the RSA module. As far as `rsa.c` is concerned, what matters is that `PSA_WANT_ALG_SHA_256` implies that SHA-256 is supported after `psa_crypto_init()` has been called. -* For a caller in the mixed domain: requirements depend on the caller. Whatever solution RSA has to determine the availability of algorithms will apply to its caller as well. - -Conclusion so far: RSA must be able to do SHA-256 if either `MBEDTLS_SHA256_C` or `PSA_WANT_ALG_SHA_256` is enabled. If only `PSA_WANT_ALG_SHA_256` and not `MBEDTLS_SHA256_C` is enabled (which implies that PSA's SHA-256 comes from an accelerator driver), then SHA-256 only needs to work if `psa_crypto_init()` has been called. - -#### More in-depth discussion of compile-time availability determination - -The following combinations of compile-time support are possible: - -* `MBEDTLS_PSA_CRYPTO_CLIENT`. Then calling PSA may or may not be desirable for performance. There are plausible use cases where only the server has access to an accelerator so it's best to call the server, and plausible use cases where calling the server has overhead that negates the savings from using acceleration, if there are savings at all. In any case, calling PSA only works if the connection to the server has been established, meaning `psa_crypto_init` has been called successfully. In the rest of this case enumeration, assume `MBEDTLS_PSA_CRYPTO_CLIENT` is disabled. -* No PSA accelerator. Then just call `mbedtls_sha256`, it's all there is, and it doesn't matter (from an API perspective) exactly what call chain leads to it. -* PSA accelerator, no software implementation. Then we might as well call the accelerator, unless it's important that the call fails. At the time of writing, I can't think of a case where we would want to guarantee that if `MBEDTLS_xxx_C` is not enabled, but xxx is enabled through PSA, then a request to use algorithm xxx through some legacy interface must fail. -* Both PSA acceleration and the built-in implementation. In this case, we would prefer PSA for the acceleration, but we can only do this if the accelerator driver is working. For hashes, it's enough to assume the driver is initialized; we've [considered requiring hash drivers to work without initialization](https://github.com/Mbed-TLS/mbedtls/pull/6470). For ciphers, this is more complicated because the cipher functions require the keystore, and plausibly a cipher accelerator might want entropy (for side channel countermeasures) which might not be available at boot time. - -Note that it's a bit tricky to determine which algorithms are available. In the case where there is a PSA accelerator but no software implementation, we don't want the preprocessor symbols to indicate that the algorithm is available through the legacy domain, only through the PSA domain. What does this mean for the interfaces in the mixed domain? They can't guarantee the availability of the algorithm, but they must try if requested. - -### Designing an interface for hashes - -In this section, we specify a hash metadata and calculation for the [mixed domain](#classification-of-callers), i.e. code that can be called both from legacy code and from PSA code. - -#### Availability of hashes - -Generalizing the analysis in [“Availability of hashes in RSA-PSS”](#availability-of-hashes-in-RSA-PSS): - -A hash is available through the mixed-domain interface iff either of the following conditions is true: - -* A legacy hash interface is available and the hash algorithm is implemented in software. -* PSA crypto is enabled and the hash algorithm is implemented via PSA. - -We could go further and make PSA accelerators available to legacy callers that call any legacy hash interface, e.g. `md.h` or `shaX.h`. There is little point in doing this, however: callers should just use the mixed-domain interface. - -#### Implications between legacy availability and PSA availability - -There is no mandatory relationship between PSA support and legacy support for a mechanism. Users can configure legacy support and PSA support independently. Legacy support is automatically enabled if PSA support is requested, but only if there is no accelerator. - -It is strongly desirable to allow mechanisms available through PSA but not legacy: this allows saving code size when an accelerator is present. - -There is no strong reason to allow mechanisms available through legacy but not PSA when `MBEDTLS_PSA_CRYPTO_C` is enabled. This would only save at best a very small amount of code size in the PSA dispatch code. This may be more desirable when `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled (having a mechanism available only locally and not in the crypto service), but we do not have an explicit request for this and it would be entirely reasonable to forbid it. - -In this analysis, we have not found a compelling reason to require all legacy mechanisms to also be available through PSA. However, this can simplify both the implementation and the use of dispatch code thanks to some simplifying properties: - -* Mixed-domain code can call PSA code if it knows that `psa_crypto_init()` has been called, without having to inspect the specifics of algorithm support. -* Mixed-domain code can assume that PSA buffer calculations work correctly for all algorithms that it supports. - -#### Shape of the mixed-domain hash interface - -We now need to create an abstraction for mixed-domain hash calculation. (We could not create an abstraction, but that would require every piece of mixed-domain code to replicate the logic here. We went that route in Mbed TLS 3.3, but it made it effectively impossible to get something that works correctly.) - -Requirements: given a hash algorithm, - -* Obtain some metadata about it (size, block size). -* Calculate the hash. -* Set up a multipart operation to calculate the hash. The operation must support update, finish, reset, abort, clone. - -The existing interface in `md.h` is close to what we want, but not perfect. What's wrong with it? - -* It has an extra step of converting from `mbedtls_md_type_t` to `const mbedtls_md_info_t *`. -* It includes extra fluff such as names and HMAC. This costs code size. -* The md module has some legacy baggage dating from when it was more open, which we don't care about anymore. This may cost code size. - -These problems are easily solvable. - -* `mbedtls_md_info_t` can become a very thin type. We can't remove the extra function call from the source code of callers, but we can make it a very thin abstraction that compilers can often optimize. -* We can make names and HMAC optional. The mixed-domain hash interface won't be the full `MBEDTLS_MD_C` but a subset. -* We can optimize `md.c` without making API changes to `md.h`. - -### Scope reductions and priorities for 3.x - -This section documents things that we chose to temporarily exclude from the scope in the 3.x branch (which will eventually be in scope again after 4.0) as well as things we chose to prioritize if we don't have time to support everything. - -#### Don't support for `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C` - -We generally don't really support builds with `MBEDTLS_PSA_CRYPTO_CLIENT` without `MBEDTLS_PSA_CRYPTO_C`. For example, `MBEDTLS_SSL_PROTO_TLS1_3` require `MBEDTLS_PSA_CRYPTO_C`, while in principle they should only require `MBEDTLS_PSA_CRYPTO_CLIENT`. - -Considering this existing restriction which we do not plan to lift before 4.0, it is acceptable driver-only hashes and cipher support to have the same restriction in 3.x. - -It is however desirable for the design to keep support for `MBEDTLS_PSA_CRYPTO_CLIENT` in mind, in order to avoid making it more difficult to add in the future. - -#### For cipher: prioritize constrained devices and modern TLS - -The primary target is a configuration like TF-M's medium profile, plus TLS with only AEAD ciphersuites. - -This excludes things like: -- Support for encrypted PEM, PKCS5 and PKCS12 encryption, and PKCS8 encrypted keys in PK parse. (Not widely used on highly constrained devices.) -- Support for NIST-KW. (Same justification.) -- Support for CMAC. (Same justification, plus can be directly accelerated.) -- Support for CBC ciphersuites in TLS. (They've been recommended against for a while now.) - -### Dual-dispatch for block cipher primitives - -Considering the priorities stated above, initially we want to support GCM, CCM and CTR-DRBG. All three of them use the block cipher primitive only in the encrypt direction. Currently, GCM and CCM use the Cipher layer in order to work with AES, Aria and Camellia (DES is excluded by the standards due to its smaller block size) and CTR-DRBG directly uses the low-level API from `aes.h`. In all cases, access to the "block cipher primitive" is done by using "ECB mode" (which for both Cipher and `aes.h` only allows a single block, contrary to PSA which implements actual ECB mode). - -The two AEAD modes, GCM and CCM, have very similar needs and positions in the stack, strongly suggesting using the same design for both. On the other hand, there are a number of differences between CTR-DRBG and them. -- CTR-DRBG only uses AES (and there is no plan to extend it to other block ciphers at the moment), while GCM and CCM need to work with 3 block ciphers already. -- CTR-DRBG holds a special position in the stack: most users don't care about it per se, they only care about getting random numbers - in fact PSA users don't even need to know what DRBG is used. In particular, no part of the stack is asking questions like "is CTR-DRBG-AES available?" - an RNG needs to be available and that's it - contrary to similar questions about AES-GCM etc. which are asked for example by TLS. - -So, it makes sense to use different designs for CTR-DRBG on one hand, and GCM/CCM on the other hand: -- CTR-DRBG can just check if `AES_C` is present and "fall back" to PSA if not. -- GCM and CCM need an common abstraction layer that allows: - - Using AES, Aria or Camellia in a uniform way. - - Dispatching to built-in or driver. - -The abstraction layer used by GCM and CCM may either be a new internal module, or a subset of the existing Cipher API, extended with the ability to dispatch to a PSA driver. - -Reasons for making this layer's API a subset of the existing Cipher API: -- No need to design, implement and test a new module. (Will need to test the new subset though, as well as the extended behaviour.) -- No code change in GCM and CCM - only need to update dependencies. -- No risk for code duplication between a potential new module and Cipher: source-level, and in in particular in builds that still have `CIPHER_C` enabled. (Compiled-code duplication could be avoided by excluding the new module in such builds, though.) -- If want to support other users of Cipher later (such as NIST-KW, CMAC, PKCS5 and PKCS12), we can just extend dual-dispatch support to other modes/operations in Cipher and keep those extra modules unchanged as well. - -Possible costs of re-using (a subset of) the existing Cipher API instead of defining a new one: -- We carry over costs associated with `cipher_info_t` structures. (Currently the info structure is used for 3 things: (1) to check if the cipher is supported, (2) to check its block size, (3) because `setup()` requires it). -- We carry over questionable implementation decisions, like dynamic allocation of context. - -Those costs could be avoided by refactoring (parts of) Cipher, but that would probably mean either: -- significant differences in how the `cipher.h` API is implemented between builds with the full Cipher or only a subset; -- or more work to apply the simplifications to all of Cipher. - -Prototyping both approaches showed better code size savings and cleaner code with a new internal module (see section "Internal "block cipher" abstraction (Cipher light)" below). - -## Specification - -### MD light - -#### Definition of MD light - -MD light is a subset of `md.h` that implements the hash calculation interface described in ”[Designing an interface for hashes](#designing-an-interface-for-hashes)”. It is activated by `MBEDTLS_MD_LIGHT` in `mbedtls_config.h`. - -The following things enable MD light automatically in `build_info.h`: - -* A [mixed-domain](#classification-of-callers) module that needs to calculate hashes is enabled. -* `MBEDTLS_MD_C` is enabled. - -MD light includes the following types: - -* `mbedtls_md_type_t` -* `mbedtls_md_info_t` -* `mbedtls_md_context_t` - -MD light includes the following functions: - -* `mbedtls_md_info_from_type` -* `mbedtls_md_init` -* `mbedtls_md_free` -* `mbedtls_md_setup` — but `hmac` must be 0 if `MBEDTLS_MD_C` is disabled. -* `mbedtls_md_clone` -* `mbedtls_md_get_size` -* `mbedtls_md_get_type` -* `mbedtls_md_starts` -* `mbedtls_md_update` -* `mbedtls_md_finish` -* `mbedtls_md` - -Unlike the full MD, MD light does not support null pointers as `mbedtls_md_context_t *`. At least some functions still need to support null pointers as `const mbedtls_md_info_t *` because this arises when you try to use an unsupported algorithm (`mbedtls_md_info_from_type` returns `NULL`). - -#### MD algorithm support macros - -For each hash algorithm, `md.h` defines a macro `MBEDTLS_MD_CAN_xxx` whenever the corresponding hash is available through MD light. These macros are only defined when `MBEDTLS_MD_LIGHT` is enabled. Per “[Availability of hashes](#availability-of-hashes)”, `MBEDTLS_MD_CAN_xxx` is enabled if: - -* the corresponding `MBEDTLS_xxx_C` is defined; or -* one of `MBEDTLS_PSA_CRYPTO_C` or `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, and the corresponding `PSA_WANT_ALG_xxx` is enabled. - -Note that some algorithms have different spellings in legacy and PSA. Since MD is a legacy interface, we'll use the legacy names. Thus, for example: - -``` -#if defined(MBEDTLS_MD_LIGHT) -#if defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && PSA_WANT_ALG_SHA_256) -#define MBEDTLS_MD_CAN_SHA256 -#endif -#endif -``` - -Note: in the future, we may want to replace `defined(MBEDTLS_PSA_CRYPTO_C)` -with `defined(MBEDTLS_PSA_CRYTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)` but -for now this is out of scope. - -#### MD light internal support macros - -* If at least one hash has a PSA driver, define `MBEDTLS_MD_SOME_PSA`. -* If at least one hash has a legacy implementation, defined `MBEDTLS_MD_SOME_LEGACY`. - -#### Support for PSA in the MD context - -An MD context needs to contain either a legacy module's context (or a pointer to one, as is the case now), or a PSA context (or a pointer to one). - -I am inclined to remove the pointer indirection, but this means that an MD context would always be as large as the largest supported hash context. So for the time being, this specification keeps a pointer. For uniformity, PSA will also have a pointer (we may simplify this later). - -``` -enum { - MBEDTLS_MD_ENGINE_LEGACY, - MBEDTLS_MD_ENGINE_PSA, -} mbedtls_md_engine_t; // private type - -typedef struct mbedtls_md_context_t { - mbedtls_md_type_t type; -#if defined(MBEDTLS_MD_SOME_PSA) - mbedtls_md_engine_t engine; -#endif - void *md_ctx; // mbedtls_xxx_context or psa_hash_operation -#if defined(MBEDTLS_MD_C) - void *hmac_ctx; -#endif -} mbedtls_md_context_t; -``` - -All fields are private. - -The `engine` field is almost redundant with knowledge about `type`. However, when an algorithm is available both via a legacy module and a PSA accelerator, we will choose based on the runtime availability of the accelerator when the context is set up. This choice needs to be recorded in the context structure. - -#### Inclusion of MD info structures - -MD light needs to support hashes that are only enabled through PSA. Therefore the `mbedtls_md_info_t` structures must be included based on `MBEDTLS_MD_CAN_xxx` instead of just the legacy module. - -The same criterion applies in `mbedtls_md_info_from_type`. - -#### Conversion to PSA encoding - -The implementation needs to convert from a legacy type encoding to a PSA encoding. - -``` -static inline psa_algorithm_t psa_alg_of_md_info( - const mbedtls_md_info_t *md_info ); -``` - -#### Determination of PSA support at runtime - -``` -int psa_can_do_hash(psa_algorithm_t hash_alg); -``` - -The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. - -As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. - -Usage note: for algorithms that are not enabled via PSA, calling `psa_can_do_hash` is generally safe: whether it returns 0 or 1, you can call a PSA hash function on the algorithm and it will return `PSA_ERROR_NOT_SUPPORTED`. - -#### Support for PSA dispatch in hash operations - -Each function that performs some hash operation or context management needs to know whether to dispatch via PSA or legacy. - -If given an established context, use its `engine` field. - -If given an algorithm as an `mbedtls_md_type_t type` (possibly being the `type` field of a `const mbedtls_md_info_t *`): - -* If there is a PSA accelerator for this hash and `psa_can_do_hash(alg)`, call the corresponding PSA function, and if applicable set the engine to `MBEDTLS_MD_ENGINE_PSA`. (Skip this is `MBEDTLS_MD_SOME_PSA` is not defined.) -* Otherwise dispatch to the legacy module based on the type as currently done. (Skip this is `MBEDTLS_MD_SOME_LEGACY` is not defined.) -* If no dispatch is possible, return `MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE`. - -Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress. Document this. - -#### Error code conversion - -After calling a PSA function, MD light calls `mbedtls_md_error_from_psa` to convert its status code. - -### Support all legacy algorithms in PSA - -As discussed in [“Implications between legacy availability and PSA availability”](#implications-between-legacy-availability-and-psa-availability), we require the following property: - -> If an algorithm has a legacy implementation, it is also available through PSA. - -### MD light optimizations - -This section is not necessary to implement MD light, but will cut down its code size. - -#### Split names out of MD light - -Remove hash names from `mbedtls_md_info_t`. Use a simple switch-case or a separate list to implement `mbedtls_md_info_from_string` and `mbedtls_md_get_name`. - -#### Remove metadata from the info structure - -In `mbedtls_md_get_size` and in modules that want a hash's block size, instead of looking up hash metadata in the info structure, call the PSA macros. - -#### Optimize type conversions - -To allow optimizing conversions between `mbedtls_md_type_t` and `psa_algorithm_t`, renumber the `mbedtls_md_type_t` enum so that the values are the 8 lower bits of the PSA encoding. - -With this optimization, -``` -static inline psa_algorithm_t psa_alg_of_md_info( - const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( PSA_ALG_NONE ); - return( PSA_ALG_CATEGORY_HASH | md_info->type ); -} -``` - -Work in progress on this conversion is at https://github.com/gilles-peskine-arm/mbedtls/tree/hash-unify-ids-wip-1 - -#### Unify HMAC with PSA - -PSA has its own HMAC implementation. In builds with both `MBEDTLS_MD_C` and `PSA_WANT_ALG_HMAC` not fully provided by drivers, we should have a single implementation. Replace the one in `md.h` by calls to the PSA driver interface. This will also give mixed-domain modules access to HMAC accelerated directly by a PSA driver (eliminating the need to a HMAC interface in software if all supported hashes have an accelerator that includes HMAC support). - -### Improving support for `MBEDTLS_PSA_CRYPTO_CLIENT` - -So far, MD light only dispatches to PSA if an algorithm is available via `MBEDTLS_PSA_CRYPTO_C`, not if it's available via `MBEDTLS_PSA_CRYPTO_CLIENT`. - -The architecture can be extended to support `MBEDTLS_PSA_CRYPTO_CLIENT` with a little extra work. Here is an overview of the task breakdown, which should be fleshed up after we've done the first [migration](#migration-to-md-light): - -* Compile-time dependencies: instead of checking `defined(MBEDTLS_PSA_CRYPTO_C)`, check `defined(MBEDTLS_PSA_CRYPTO_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)`. -* Implementers of `MBEDTLS_PSA_CRYPTO_CLIENT` will need to provide `psa_can_do_hash()` (or a more general function `psa_can_do`) alongside `psa_crypto_init()`. Note that at this point, it will become a public interface, hence we won't be able to change it at a whim. - -### Internal "block cipher" abstraction (previously known as "Cipher light") - -#### Definition - -The new module is automatically enabled in `config_adjust_legacy_crypto.h` by modules that need -it (namely: CCM, GCM) only when `CIPHER_C` is not available, or the new module -is needed for PSA dispatch (see next section). Note: CCM and GCM currently -depend on the full `CIPHER_C` (enforced by `check_config.h`); this hard -dependency would be replaced by the above auto-enablement. - -The following API functions are offered: -``` -void mbedtls_block_cipher_init(mbedtls_block_cipher_context_t *ctx); -void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx); -int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, - mbedtls_cipher_id_t cipher_id); -int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, - const unsigned char *key, - unsigned key_bitlen); -int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx, - const unsigned char input[16], - unsigned char output[16]); -``` - -The only supported ciphers are AES, ARIA and Camellia. They are identified by -an `mbedtls_cipher_id_t` in the `setup()` function, because that's how they're -identifed by callers (GCM/CCM). - -#### Block cipher dual dispatch - -Support for dual dispatch in the new internal module `block_cipher` is extremely similar to that in MD light. - -A block cipher context contains either a legacy module's context (AES, ARIA, Camellia) or a PSA key identifier; it has a field indicating which one is in use. All fields are private. - -The `engine` field is almost redundant with knowledge about `type`. However, when an algorithm is available both via a legacy module and a PSA accelerator, we will choose based on the runtime availability of the accelerator when the context is set up. This choice needs to be recorded in the context structure. - -Support is determined at runtime using the new internal function -``` -int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg); -``` - -The job of this private function is to return 1 if `hash_alg` can be performed through PSA now, and 0 otherwise. It is only defined on algorithms that are enabled via PSA. As a starting point, return 1 if PSA crypto's driver subsystem has been initialized. - -Each function in the module needs to know whether to dispatch via PSA or legacy. All functions consult the context's `engine` field, except `setup()` which will set it according to the key type and the return value of `psa_can_do_cipher()` as discussed above. - -Note that this assumes that an operation that has been started via PSA can be completed. This implies that `mbedtls_psa_crypto_free` must not be called while an operation using PSA is in progress. - -After calling a PSA function, `block_cipher` functions call `mbedtls_cipher_error_from_psa` to convert its status code. From 62a1def44644ab268dc89572c4f9378d0417d01e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 8 Dec 2024 14:42:14 +0000 Subject: [PATCH 12/31] Remove psa-migration/psa-legacy-bridges.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is an architecture document focusing on how PSA APIs can be mixed with non-PSA APIs, notably including PK (and in fact, it's mostly about PK, since we didn't identify work to be done in other areas). It is not really relevant in 4.0/1.0, where the goals will be different — to do without low-level legacy APIs. Signed-off-by: Janos Follath --- .../psa-migration/psa-legacy-bridges.md | 342 ------------------ 1 file changed, 342 deletions(-) delete mode 100644 docs/architecture/psa-migration/psa-legacy-bridges.md diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md deleted file mode 100644 index 75678c4f4..000000000 --- a/docs/architecture/psa-migration/psa-legacy-bridges.md +++ /dev/null @@ -1,342 +0,0 @@ -Bridges between legacy and PSA crypto APIs -========================================== - -## Introduction - -### Goal of this document - -This document explores the needs of applications that use both Mbed TLS legacy crypto interfaces and PSA crypto interfaces. Based on [requirements](#requirements), we [analyze gaps](#gap-analysis) and [API design](#api-design). - -This is a design document. The target audience is library maintainers. See the companion document [“Transitioning to the PSA API”](../../psa-transition.md) for a user focus on the same topic. - -### Keywords - -* [TODO] A part of the analysis that isn't finished. -* [OPEN] Open question: a specific aspect of the design where there are several plausible decisions. -* [ACTION] A finalized part of the design that will need to be carried out. - -### Context - -Mbed TLS 3.x supports two cryptographic APIs: - -* The legacy API `mbedtls_xxx` is inherited from PolarSSL. -* The PSA API `psa_xxx` was introduced in Mbed TLS 2.17. - -Mbed TLS is gradually shifting from the legacy API to the PSA API. Mbed TLS 4.0 will be the first version where the PSA API is considered the main API, and large parts of the legacy API will be removed. - -In Mbed TLS 4.0, the cryptography will be provided by a separate project [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto). For simplicity, in this document, we just refer to the whole as “Mbed TLS”. - -### Document history - -This document was originally written when preparing Mbed TLS 3.6. Mbed TLS 3.6 includes both PSA and legacy APIs covering largely overlapping ground. Many legacy APIs will be removed in Mbed TLS 4.0. - -## Requirements - -### Why mix APIs? - -There is functionality that is tied to one API and is not directly available in the other API: - -* Only PSA fully supports PSA accelerators and secure element integration. -* Only PSA supports isolating cryptographic material in a secure service. -* The legacy API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys. - -The legacy API can partially leverage PSA features, but this has limited scope. - -In addition, many applications cannot be migrated in a single go. For large projects, it is impractical to rewrite a significant part of the code all at once. (For example, Mbed TLS itself will have taken more than 6 years to transition.) Projects that use one or more library in addition to Mbed TLS must follow the evolution of these libraries, each of which might have its own pace. - -### Where mixing happens - -Mbed TLS is, built with support for both APIs. Therefore no special effort is necessary to allow an application to use both APIs. - -Special effort is necessary to use both APIs as part of the implementation of the same feature. From an informal analysis of typical application requirements, we identify four parts of the use of cryptography which can be provided by different APIs: - -* Metadata manipulation: parsing and producing encrypted or signed files, finding mutually supported algorithms in a network protocol negotiation, etc. -* Key management: parsing, generating, deriving and formatting cryptographic keys. -* Data manipulation other than keys. In practice, most data formats within the scope of the legacy crypto APIs are trivial (ciphertexts, hashes, MACs, shared secrets). The one exception is ECDSA signatures. -* Cryptographic operations: hash, sign, encrypt, etc. - -From this, we deduce the following requirements: - -* Convert between PSA and legacy metadata. -* Creating a key with the legacy API and consuming it in the PSA API. -* Creating a key with the PSA API and consuming it in the legacy API. -* Manipulating data formats, other than keys, where the PSA API is lacking. - -### Scope limitations - -The goal of this document is to bridge the legacy API and the PSA API. The goal is not to provide a PSA way to do everything that is currently possible with the legacy API. The PSA API is less flexible in some regards, and extending it is out of scope in the present study. - -With respect to the legacy API, we do not consider functionality of low-level modules for individual algorithms. Our focus is on applications that use high-level legacy crypto modules (md, cipher, pk) and need to combine that with uses of the PSA APIs. - -## Gap analysis - -The document [“Transitioning to the PSA API”](../../psa-transition.md) enumerates the public header files in Mbed TLS 3.4 and the API elements (especially enums and functions) that they provide, listing PSA equivalents where they exist. There are gaps in two cases: - -* Where the PSA equivalents do not provide the same functionality. A typical example is parsing and formatting asymmetric keys. -* To convert between data representations used by legacy APIs and data representations used by PSA APIs. - -Based on “[Where mixing happens](#where-mixing-happens)”, we focus the gap analysis on two topics: metadata and keys. This chapter explores the gaps in each family of cryptographic mechanisms. - -### Generic metadata gaps - -#### Need for error code conversion - -Do we need public functions to convert between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` error codes? We have such functions for internal use. - -Mbed TLS needs these conversions because it has many functions that expose one API (legacy/API) but are implemented on top of the other API. Most applications would convert legacy and PSA error code to their own error codes, and converting between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` is not particularly helpful for that. Application code might need such conversion functions when implementing an X.509 or TLS callback (returning `MBEDTLS_ERR_xxx`) on top of PSA functions, but this is a very limited use case. - -Conclusion: no need for public error code conversion functions. - -### Hash gap analysis - -Hashes do not involve keys, and involves no nontrivial data format. Therefore the only gap is with metadata, namely specifying a hash algorithm. - -Hashes are often used as building blocks for other mechanisms (HMAC, signatures, key derivation, etc.). Therefore metadata about hashes is relevant not only when calculating hashes, but also when performing many other cryptographic operations. - -Gap: functions to convert between `psa_algorithm_t` hash algorithms and `mbedtls_md_type_t`. Such functions exist in Mbed TLS 3.5 (`mbedtls_md_psa_alg_from_type`, `mbedtls_md_type_from_psa_alg`) but they are declared only in private headers. - -### MAC gap analysis - -[TODO] - -### Cipher and AEAD gap analysis - -[TODO] - -### Key derivation gap analysis - -[TODO] - -### Random generation gap analysis - -[TODO] - -### Asymmetric cryptography gap analysis - -#### Asymmetric cryptography metadata - -The legacy API only has generic support for two key types: RSA and ECC, via the pk module. ECC keys can also be further classified according to their curve. The legacy API also supports DHM (Diffie-Hellman-Merkle = FFDH: finite-field Diffie-Hellman) keys, but those are not integrated in the pk module. - -An RSA or ECC key can potentially be used for different algorithms in the scope of the pk module: - -* RSA: PKCS#1v1.5 signature, PSS signature, PKCS#1v1.5 encryption, OAEP encryption. -* ECC: ECDSA signature (randomized or deterministic), ECDH key agreement (via `mbedtls_pk_ec`). - -ECC keys are also involved in EC-JPAKE, but this happens internally: the EC-JPAKE interface only needs one piece of metadata, namely, to identify a curve. - -Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (for the most part) limits them to one algorithm, there does not seem to be a need to convert between legacy and PSA asymmetric key types on their own. The useful metadata conversions are: - -* Selecting an **elliptic curve**. - - This means converting between an `mbedtls_ecp_group_id` and a pair of `{psa_ecc_family_t; size_t}`. - - This is fulfilled by `mbedtls_ecc_group_to_psa` and `mbedtls_ecc_group_from_psa`, which were introduced into the public API between Mbed TLS 3.5 and 3.6 ([#8664](https://github.com/Mbed-TLS/mbedtls/pull/8664)). - -* Selecting A **DHM group**. - - PSA only supports predefined groups, whereas legacy only supports ad hoc groups. An existing application referring to `MBEDTLS_DHM_RFC7919_FFDHExxx` values would need to refer to `PSA_DH_FAMILY_RFC7919`; an existing application using arbitrary groups cannot migrate to PSA. - -* Simultaneously supporting **a key type and an algorithm**. - - On the legacy side, this is an `mbedtls_pk_type_t` value and more. For ECDSA, the choice between randomized and deterministic is made at compile time. For RSA, the choice of encryption or signature algorithm is made either by configuring the underlying `mbedtls_rsa_context` or when calling the operation function. - - On the PSA side, this is a `psa_key_type_t` value and an algorithm which is normally encoded as policy information in a `psa_key_attributes_t`. The algorithm is also needed in its own right when calling operation functions. - -#### Using a legacy key pair or public key with PSA - -There are several scenarios where an application has a legacy key pair or public key (`mbedtls_pk_context`) and needs to create a PSA key object (`psa_key_id_t`). - -Reasons for first creating a legacy key object, where it's impossible or impractical to directly create a PSA key: - -* A very common case where the input is a legacy key object is parsing. PSA does not (yet) have an equivalent of the `mbedtls_pk_parse_xxx` functions. -* The PSA key creation interface is less flexible in some cases. In particular, PSA RSA key generation does not (yet) allow choosing the public exponent. -* The pk object may be created by a part of the application (or a third-party library) that hasn't been migrated to the PSA API yet. - -Reasons for needing a PSA key object: - -* Using the key with third-party interface that takes a PSA key identifier as input. (Mbed TLS itself has a few TLS functions that take PSA key identifiers, but as of Mbed TLS 3.5, it is always possible to use a legacy key instead.) - -Gap: a way to create a PSA key object from an `mbedtls_pk_context`. This partially exists in the form of `mbedtls_pk_wrap_as_opaque`, but it is not fully satisfactory, for reasons that are detailed in “[API to create a PSA key from a PK context](#api-to-create-a-psa-key-from-a-pk-context)” below. - -#### Using a PSA key as a PK context - -There are several scenarios where an application has a PSA key and needs to use it through an interface that wants an `mbedtls_pk_context` object. Typically, there is an existing key in the PSA key store (possibly in a secure element and non-exportable), and the key needs to be used in an interface that requires a `mbedtls_pk_context *` input, such as Mbed TLS's X.509 and TLS APIs or a similar third-party interface, or the `mbedtls_pk_write_xxx` interfaces which do not (yet) have PSA equivalents. - -There is a function `mbedtls_pk_setup_opaque` that mostly does this. However, it has several limitations: - -* It creates a PK key of type `MBEDTLS_PK_OPAQUE` that wraps the PSA key. This is good enough in some scenarios, but not others. For example, it's ok for pkwrite, because we've upgraded the pkwrite code to handle `MBEDTLS_PK_OPAQUE`. That doesn't help users of third-party libraries that haven't yet been upgraded. -* It ties the lifetime of the PK object to the PSA key, which is error-prone: if the PSA key is destroyed but the PK object isn't, there is no way to reliably detect any subsequent misuse of the PK object. - -It therefore appears that we need two ways to “convert” a PSA key to PK: - -* Wrapping, which is what `mbedtls_pk_setup_opaque` does. This works for any PSA key but is limited by the key's lifetime and creates a PK object with limited functionality. -* Copying, which requires a new function. This requires an exportable key but creates a fully independent, fully functional PK object. - -Gap: a way to copy a PSA key into a PK context. This can only be expected to work if the PSA key is exportable. - -After some discussion, have not identified anything we want to change in the behavior of `mbedtls_pk_setup_opaque`. - -#### Signature formats - -The pk module uses signature formats intended for X.509. The PSA module uses the simplest sensible signature format. - -* For RSA, the formats are the same. -* For ECDSA, PSA uses a fixed-size concatenation of (r,s), whereas X.509 and pk use an ASN.1 DER encoding of the sequence (r,s). - -Gap: We need APIs to convert between these two formats. The conversion code already exists under the hood, but it's in pieces that can't be called directly. - -There is a design choice here: do we provide conversions functions for ECDSA specifically, or do we provide conversion functions that take an algorithm as argument and just happen to be a no-op with RSA? One factor is plausible extensions. These conversions functions will remain useful in Mbed TLS 4.x and perhaps beyond. We will at least add EdDSA support, and its signature encoding is the fixed-size concatenation (r,s) even in X.509. We may well also add support for some post-quantum signatures, and their concrete format is still uncertain. - -Given the uncertainty, it would be nice to provide a sufficiently generic interface to convert between the PSA and the pk signature format, parametrized by the algorithm. However, it is difficult to predict exactly what parameters are needed. For example, converting from an ASN.1 ECDSA signature to (r,s) requires the knowledge of the curve, or at least the curve's size. Therefore we are not going to add a generic function at this stage. - -For ECDSA, there are two plausible APIs: follow the ASN.1/X.509 write/parse APIs, or present an ordinary input/output API. The ASN.1 APIs are the way they are to accommodate nested TLV structures. But ECDSA signatures do not appear nested in TLV structures in either TLS (there's just a signature field) or X.509 (the signature is inside a BITSTRING, not directly in a SEQUENCE). So there does not seem to be a need for an ASN.1-like API for the ASN.1 format, just the format conversion itself in a buffer that just contains the signature. - -#### Asymmetric cryptography TODO - -[TODO] Other gaps? - -## New APIs - -This section presents new APIs to implement based on the [gap analysis](#gap-analysis). - -### General notes - -Each action to implement a function entails: - -* Implement the library function. -* Document it precisely, including error conditions. -* Unit-test it. -* Mention it where relevant in the PSA transition guide. - -### Hash APIs - -Based on the [gap analysis](#hash-gap-analysis): - -[ACTION] [#8340](https://github.com/Mbed-TLS/mbedtls/issues/8340) Move `mbedtls_md_psa_alg_from_type` and `mbedtls_md_type_from_psa_alg` from `library/md_psa.h` to `include/mbedtls/md.h`. - -### MAC APIs - -[TODO] - -### Cipher and AEAD APIs - -[TODO] - -### Key derivation APIs - -[TODO] - -### Random generation APIs - -[TODO] - -### Asymmetric cryptography APIs - -#### Asymmetric cryptography metadata APIs - -Based on the [gap analysis](#asymmetric-cryptography-metadata): - -* No further work is needed about RSA specifically. The amount of metadata other than hashes is sufficiently small to be handled in ad hoc ways in applications, and hashes have [their own conversions](#hash-apis). -* No further work is needed about ECC specifically. We have just added adequate functions. -* No further work is needed about DHM specifically. There is no good way to translate the relevant information. -* [OPEN] Is there a decent way to convert between `mbedtls_pk_type_t` plus extra information, and `psa_key_type_t` plus policy information? The two APIs are different in crucial ways, with different splits between key type, policy information and operation algorithm. - Thinking so far: there isn't really a nice way to present this conversion. For a specific key, `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_copy_from_psa` do the job. - -#### API to create a PSA key from a PK context - -Based on the [gap analysis](#using-a-legacy-key-pair-or-public-key-with-psa): - -Given an `mbedtls_pk_context`, we want a function that creates a PSA key with the same key material and algorithm. “Same key material” is straightforward, but “same algorithm” is not, because a PK context has incomplete algorithm information. For example, there is no way to distinguish between an RSA key that is intended for signature or for encryption. Between algorithms of the same nature, there is no way to distinguish a key intended for PKCS#1v1.5 and one intended for PKCS#1v2.1 (OAEP/PSS): this is indicated in the underlying RSA context, but the indication there is only a default that can be overridden by calling `mbedtls_pk_{sign,verify}_ext`. Also there is no way to distinguish between `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)` and `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`: in the legacy interface, this is only determined when actually doing a signature/verification operation. Therefore the function that creates the PSA key needs extra information to indicate which algorithm to put in the key's policy. - -When creating a PSA key, apart from the key material, the key is determined by attributes, which fall under three categories: - -* Type and size. These are directly related to the key material and can be deduced from it if the key material is in a structured format, which is the case with an `mbedtls_pk_context` input. -* Policy. This includes the chosen algorithm, which as discussed above cannot be fully deduced from the `mbedtls_pk_context` object. Just choosing one algorithm is problematic because it doesn't allow implementation-specific extensions, such as Mbed TLS's enrollment algorithm. The intended usage flags cannot be deduced from the PK context either, but the conversion function could sensibly just enable all the relevant usage flags. Users who want a more restrictive usage can call `psa_copy_key` and `psa_destroy_key` to obtain a PSA key object with a more restrictive usage. -* Persistence and location. This is completely orthogonal to the information from the `mbedtls_pk_context` object. It is convenient, but not necessary, for the conversion function to allow customizing these aspects. If it doesn't, users can call the conversion function and then call `psa_copy_key` and `psa_destroy_key` to move the key to its desired location. - -To allow the full flexibility around policies, and make the creation of a persistent key more convenient, the conversion function shall take a `const psa_key_attributes_t *` input, like all other functions that create a PSA key. In addition, there shall be a helper function to populate a `psa_key_attributes_t` with a sensible default. This lets the caller choose a more flexible, or just different usage policy, unlike the default-then-copy approach which only allows restricting the policy. - -This is close to the existing function `mbedtls_pk_wrap_as_opaque`, but does not bake in the implementation-specific consideration that a PSA key has exactly two algorithms, and also allows the caller to benefit from default for the policy in more cases. - -[ACTION] [#8708](https://github.com/Mbed-TLS/mbedtls/issues/8708) Implement `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_import_into_psa` as described below. These functions are available whenever `MBEDTLS_PK_C` and `MBEDTLS_PSA_CRYPTO_CLIENT` are both defined. Deprecate `mbedtls_pk_wrap_as_opaque`. - -``` -int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, - psa_key_usage_flags_t usage, - psa_key_attributes_t *attributes); -int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key_id); -``` - -* `mbedtls_pk_get_psa_attributes` does not change the id/lifetime fields of the attributes (which indicate a volatile key by default). - * [OPEN] Or should it reset them to 0? Resetting is more convenient for the case where the pk key is a `MBEDTLS_PK_OPAQUE`. But that's an uncommon use case. It's probably less surprising if this function leaves the lifetime-related alone, since its job is to set the type-related and policy-related attributes. -* `mbedtls_pk_get_psa_attributes` sets the type and size based on what's in the pk context. - * The key type is a key pair if the context contains a private key and the indicated usage is a private-key usage. The key type is a public key if the context only contains a public key, in which case a private-key usage is an error. -* `mbedtls_pk_get_psa_attributes` sets the usage flags based on the `usage` parameter. It extends the usage to other usage that is possible: - * `EXPORT` and `COPY` are always set. - * If `SIGN_{HASH,MESSAGE}` is set then so is `VERIFY_{HASH,MESSAGE}`. - * If `DECRYPT` is set then so is `ENCRYPT`. - * It is an error if `usage` has more than one flag set, or has a usage that is incompatible with the key type. -* `mbedtls_pk_get_psa_attributes` sets the algorithm usage policy based on information in the key object and on `usage`. - * For an RSA key with the `MBEDTLS_RSA_PKCS_V15` padding mode, the algorithm policy is `PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_PKCS1V15_CRYPT` for an encrypt/decrypt usage. - * For an RSA key with the `MBEDTLS_RSA_PKCS_V21` padding mode, the algorithm policy is `PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_OAEP(hash)` for an encrypt/decrypt usage where `hash` is from the RSA key's parameters. (Note that `PSA_ALG_ANY_HASH` is only allowed in signature algorithms.) - * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDSA` with a sign/verify usage, the algorithm policy is `PSA_ALG_DETERMINISTIC_ECDSA` if `MBEDTLS_ECDSA_DETERMINISTIC` is enabled and `PSA_ALG_ECDSA` otherwise. In either case, the hash policy is `PSA_ALG_ANY_HASH`. - * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDKEY_DH` with the usage `PSA_KEY_USAGE_DERIVE`, the algorithm is `PSA_ALG_ECDH`. - * For a `MBEDTLS_PK_OPAQUE`, this function reads the attributes of the existing PK key and copies them (without overriding the lifetime and key identifier in `attributes`), then applies a public-key restriction if needed. - * Public-key restriction: if `usage` is a public-key usage, change the type to the corresponding public-key type, and remove private-key usage flags from the usage flags read from the existing key. -* `mbedtls_pk_import_into_psa` checks that the type field in the attributes is consistent with the content of the `mbedtls_pk_context` object (RSA/ECC, and availability of the private key). - * The key type can be a public key even if the private key is available. -* `mbedtls_pk_import_into_psa` does not need to check the bit-size in the attributes: `psa_import_key` will do enough checks. -* `mbedtls_pk_import_into_psa` does not check that the policy in the attributes is sensible. That's on the user. - -#### API to copy a PSA key to a PK context - -Based on the [gap analysis](#using-a-psa-key-as-a-pk-context): - -[ACTION] [#8709](https://github.com/Mbed-TLS/mbedtls/issues/8709) Implement `mbedtls_pk_copy_from_psa` as described below. - -``` -int mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_t key_id, - mbedtls_pk_context *pk); -``` - -* `pk` must be initialized, but not set up. -* It is an error if the key is neither a key pair nor a public key. -* It is an error if the key is not exportable. -* The resulting pk object has a transparent type, not `MBEDTLS_PK_OPAQUE`. That's `MBEDTLS_PK_RSA` for RSA keys (since pk objects don't use `MBEDTLS_PK_RSASSA_PSS` as a type), and `MBEDTLS_PK_ECKEY` for ECC keys (following the example of pkparse). -* Once this function returns, the pk object is completely independent of the PSA key. -* Calling `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt` on the resulting pk context will perform an algorithm that is compatible with the PSA key's primary algorithm policy (`psa_get_key_algorithm`) if that is a matching operation type (sign/verify, encrypt/decrypt), but with no restriction on the hash (as if the policy had `PSA_ALG_ANY_HASH` instead of a specific hash, and with `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` merged with `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)`). - * For ECDSA, the choice of deterministic vs randomized will be based on the compile-time setting `MBEDTLS_ECDSA_DETERMINISTIC`, like `mbedtls_pk_sign` today. - * For an RSA key, the output key will allow both encrypt/decrypt and sign/verify regardless of the original key's policy. The original key's policy determines the output key's padding mode. - * The primary intent of this requirement is to allow an application to switch to PSA for creating the key material (for example to benefit from a PSA accelerator driver, or to start using a secure element), without modifying the code that consumes the key. For RSA keys, the PSA primary algorithm policy is how one conveys the same information as RSA key padding information in the legacy API. Convey this in the documentation. - -#### API to create a PK object that wraps a PSA key - -Based on the [gap analysis](#using-a-psa-key-as-a-pk-context): - -[ACTION] [#8712](https://github.com/Mbed-TLS/mbedtls/issues/8712) Clarify the documentation of `mbedtls_pk_setup_opaque` regarding which algorithms the resulting key will perform with `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt`. - -[ACTION] [#8710](https://github.com/Mbed-TLS/mbedtls/issues/8710) Provide `mbedtls_pk_setup_opaque` whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled. This is nice-to-have, not critical. Update `use-psa-crypto.md` accordingly. - -[OPEN] What about `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext`? - -#### API to convert between signature formats - -Based on the [gap analysis](#signature-formats): - -[ACTION] [#7765](https://github.com/Mbed-TLS/mbedtls/issues/7765) Implement `mbedtls_ecdsa_raw_to_der` and `mbedtls_ecdsa_der_to_raw` as described below. - -``` -int mbedtls_ecdsa_raw_to_der(size_t bits, - const unsigned char *raw, size_t raw_len, - unsigned char *der, size_t der_size, size_t *der_len); -int mbedtls_ecdsa_der_to_raw(size_t bits, - const unsigned char *der, size_t der_len, - unsigned char *raw, size_t raw_size, size_t *raw_len); -``` - -* These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`. -* The input and output buffers can overlap. -* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is redundant in the raw-to-DER direction, but we have it anyway because [it helps catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971), and it isn't a burden on the caller because the information is readily available in practice. -* Should these functions rely on the ASN.1 module? We experimented [calling ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8681), [reimplementing simpler ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8696), and [providing the functions from the ASN.1 module](https://github.com/Mbed-TLS/mbedtls/pull/8703). Providing the functions from the ASN.1 module [won on a compromise of code size and simplicity](https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1893670015). From 3102c5985e2c6ce9e34fbde15fb3d7b681d7519b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 8 Dec 2024 14:44:50 +0000 Subject: [PATCH 13/31] Remove docs/use-psa-crypto.md The original purpose of this document was to answer the following question in more detail than the documentation of MBEDTLS_USE_PSA_CRYPTO in config.h: as a user, what do I gain and lose if I enable MBEDTLS_USE_PSA_CRYPTO? This question is no longer relevant. - General considerations section: not relevant as mentioned above - New APIs/API extensions: these are not new or extensions anymore. Also, for detailed information this section refers to the API documentation, which contains all the information the user needs. - Internal changes: these are discussed in detail in docs/architecture/psa-migration/psa-limitations.md. Signed-off-by: Janos Follath --- docs/use-psa-crypto.md | 116 ----------------------------------------- 1 file changed, 116 deletions(-) delete mode 100644 docs/use-psa-crypto.md diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md deleted file mode 100644 index 458b81558..000000000 --- a/docs/use-psa-crypto.md +++ /dev/null @@ -1,116 +0,0 @@ -This document describes how PSA Crypto is used in the X.509 and TLS libraries -from a user's perspective. - -In particular: -- X.509 and TLS libraries use PSA for cryptographic operations as much as - possible, see "Internal changes" below; -- APIs for using keys handled by PSA Crypto, such as - `mbedtls_pk_setup_opaque()` and `mbedtls_ssl_conf_psk_opaque()`, see -"PSA key APIs" below. - -General considerations ----------------------- - -**Application code:** you need to call `psa_crypto_init()` before calling any -function from the SSL/TLS, X.509 or PK modules, except for the various -mbedtls_xxx_init() functions which can be called at any time. - -PSA Key APIs -------------------------- - -### PSA-held (opaque) keys in the PK layer - -**API function:** `mbedtls_pk_setup_opaque()` - can be used to wrap a PSA key -pair into a PK context. The key can be used for private-key operations and its -public part can be exported. - -**Benefits:** isolation of long-term secrets, use of PSA Crypto drivers. - -**Limitations:** please refer to the documentation of `mbedtls_pk_setup_opaque()` -for a full list of supported operations and limitations. - -**Use in X.509 and TLS:** opt-in. The application needs to construct the PK context -using the new API in order to get the benefits; it can then pass the -resulting context to the following existing APIs: - -- `mbedtls_ssl_conf_own_cert()` or `mbedtls_ssl_set_hs_own_cert()` to use the - key together with a certificate for certificate-based key exchanges; -- `mbedtls_x509write_csr_set_key()` to generate a CSR (certificate signature - request); -- `mbedtls_x509write_crt_set_issuer_key()` to generate a certificate. - -### PSA-held (opaque) keys for TLS pre-shared keys (PSK) - -**API functions:** `mbedtls_ssl_conf_psk_opaque()` and -`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to -register a PSA key for use with a PSK key exchange. - -**Benefits:** isolation of long-term secrets. - -**Limitations:** none. - -**Use in TLS:** opt-in. The application needs to register the key using one of -the above APIs to get the benefits. - -### PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange - -**API function:** `mbedtls_ssl_set_hs_ecjpake_password_opaque()`. Call this -function from an application to register a PSA key for use with the TLS 1.2 EC -J-PAKE key exchange. - -**Benefits:** isolation of long-term secrets. - -**Limitations:** none. - -**Use in TLS:** opt-in. The application needs to register the key using one of -the above APIs to get the benefits. - -### PSA-based operations in the Cipher layer - -There is an API function `mbedtls_cipher_setup_psa()` to set up a context -that will call PSA to store the key and perform the operations. - -This function only worked for a small number of ciphers. It is now deprecated -and it is recommended to use `psa_cipher_xxx()` or `psa_aead_xxx()` functions -directly instead. - -**Warning:** This function will be removed in a future version of Mbed TLS. If -you are using it and would like us to keep it, please let us know about your -use case. - -Internal uses ----------------- - -All of these internal uses are relying on PSA Crypto. - -### TLS: most crypto operations based on PSA - -Current exceptions: - -- Finite-field (non-EC) Diffie-Hellman (used in key exchanges: DHE-RSA, - DHE-PSK). -- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see - the documentation of that option). - -Other than the above exceptions, all crypto operations are based on PSA. - -### X.509: most crypto operations based on PSA - -Current exceptions: - -- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see - the documentation of that option). - -Other than the above exception, all crypto operations are based on PSA. - -### PK layer: most crypto operations based on PSA - -Current exceptions: - -- Verification of RSA-PSS signatures with an MGF hash that's different from - the message hash. -- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see - the documentation of that option). - -Other than the above exceptions, all crypto operations are based on PSA. - From b51b73351da157b4801336379f57370f84dee543 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 8 Dec 2024 14:51:07 +0000 Subject: [PATCH 14/31] Fix sentences after removal of USE_PSA Some sentences or paragraphs became confusing or meaningless after removing USE_PSA and only fixing the local context/semantics. Fix the semantics where needed and remove parts that became meaningless. Signed-off-by: Janos Follath --- README.md | 2 -- docs/architecture/psa-migration/strategy.md | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7d3a4352b..b00d21ae5 100644 --- a/README.md +++ b/README.md @@ -295,8 +295,6 @@ Arm welcomes feedback on the design of the API. If you think something could be Mbed TLS includes a reference implementation of the PSA Cryptography API. However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms. -The X.509 and TLS code can use PSA cryptography for most operations. See `docs/use-psa-crypto.md` for details. - ### PSA drivers Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS. diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md index f7f7ff62a..6acdf34a3 100644 --- a/docs/architecture/psa-migration/strategy.md +++ b/docs/architecture/psa-migration/strategy.md @@ -28,8 +28,8 @@ Compile-time options We currently have a few compile-time options that are relevant to the migration: -- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the PSA - Crypto APIs. +- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the + implementation of PSA Crypto APIs. - `PSA_CRYPTO_CONFIG` - disabled by default, supports builds with drivers and without the corresponding software implementation (G5 above). From 2301a1092728e6f15ce46a42122c1b656d6c1099 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Dec 2024 18:05:46 +0100 Subject: [PATCH 15/31] Distinguish between MBEDTLS_PSA_CRYPTO_C and MBEDTLS_PSA_CRYPTO_CLIENT Signed-off-by: Gilles Peskine --- docs/architecture/psa-migration/strategy.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md index 6acdf34a3..2ac9cbdf5 100644 --- a/docs/architecture/psa-migration/strategy.md +++ b/docs/architecture/psa-migration/strategy.md @@ -26,12 +26,12 @@ the preceding ones to be completed. Compile-time options ==================== -We currently have a few compile-time options that are relevant to the migration: +We currently have one compile-time option that is relevant to the migration: -- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the - implementation of PSA Crypto APIs. -- `PSA_CRYPTO_CONFIG` - disabled by default, supports builds with drivers and - without the corresponding software implementation (G5 above). +- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the PSA + Crypto APIs with their implementations. (Builds with only + `MBEDTLS_PSA_CRYPTO_CLIENT`, where PSA crypto APIs are present but + implemented via third-party code, are out of scope of this document.) At the time of writing (early 2022) it is unclear what could be done about the backward compatibility issues, and in particular if the cost of implementing From 12438969fc36b3b6aff8f653f7975a7dcad612f4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 13 Dec 2024 14:36:06 +0000 Subject: [PATCH 16/31] Remove psa-migration/strategy.md This document is mainly about a plan that was driven by backward compatibility constraints that no longer exist in 4.0. Although some of it is still of interest to explain why 4.0 is the way it is (and more complicated than one would expect based on the APIs that are left in 4.0). But for this it should suffice to consult earlier versions and does not worth to maintain it. Signed-off-by: Janos Follath --- .../psa-migration/outcome-analysis.sh | 7 +- docs/architecture/psa-migration/strategy.md | 442 ------------------ 2 files changed, 3 insertions(+), 446 deletions(-) delete mode 100644 docs/architecture/psa-migration/strategy.md diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh index bbcdffd84..e1a5f0999 100755 --- a/docs/architecture/psa-migration/outcome-analysis.sh +++ b/docs/architecture/psa-migration/outcome-analysis.sh @@ -3,10 +3,9 @@ # This script runs tests before and after a PR and analyzes the results in # order to highlight any difference in the set of tests skipped. # -# It can be used to check the first testing criterion mentioned in strategy.md, -# end of section "Supporting builds with drivers without the software -# implementation", namely: the sets of tests skipped in the default config and -# the full config must be the same before and after the PR. +# It can be used to check for unintended consequences when making non-trivial +# changes to compile time guards: the sets of tests skipped in the default +# config and the full config must be the same before and after the PR. # # USAGE: # - First, commit any uncommited changes. (Also, see warning below.) diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md deleted file mode 100644 index 2ac9cbdf5..000000000 --- a/docs/architecture/psa-migration/strategy.md +++ /dev/null @@ -1,442 +0,0 @@ -This document explains the strategy that was used so far in starting the -migration to PSA Crypto and mentions future perspectives and open questions. - -Goals -===== - -Several benefits are expected from migrating to PSA Crypto: - -G1. Use PSA Crypto drivers when available. -G2. Allow isolation of long-term secrets (for example, private keys). -G3. Allow isolation of short-term secrets (for example, TLS session keys). -G4. Have a clean, unified API for Crypto (retire the legacy API). -G5. Code size: compile out our implementation when a driver is available. - -As of Mbed TLS 3.2, most of (G1) and all of (G2) is implemented. For a more -detailed account of what's implemented, see `docs/use-psa-crypto.md`, where new -APIs are about (G2), and internal changes implement (G1). - -As of early 2023, work towards G5 is in progress: Mbed TLS 3.3 and 3.4 saw -some improvements in this area, and more will be coming in future releases. - -Generally speaking, the numbering above doesn't mean that each goal requires -the preceding ones to be completed. - - -Compile-time options -==================== - -We currently have one compile-time option that is relevant to the migration: - -- `MBEDTLS_PSA_CRYPTO_C` - enabled by default, controls the presence of the PSA - Crypto APIs with their implementations. (Builds with only - `MBEDTLS_PSA_CRYPTO_CLIENT`, where PSA crypto APIs are present but - implemented via third-party code, are out of scope of this document.) - -At the time of writing (early 2022) it is unclear what could be done about the -backward compatibility issues, and in particular if the cost of implementing -solutions to these problems would be higher or lower than the cost of -maintaining dual code paths until the next major version. (Note: these -solutions would probably also solve other problems at the same time.) - -### `MBEDTLS_ECP_RESTARTABLE` - -Currently this option controls not only the presence of restartable APIs in -the crypto library, but also their use in the TLS and X.509 layers. Since PSA -Crypto does not support restartable operations, there's a clear conflict: the -TLS and X.509 layers can't both use only PSA APIs and get restartable -behaviour. - -Support for restartable (aka interruptible) ECDSA sign/verify operation was -added to PSA in Mbed TLS 3.4, but support for ECDH is not present yet. - -It will then require follow-up work to make use of the new PSA APIs in -PK/X.509/TLS in all places where we currently allow restartable operations. - -### Backward compatibility issues - -It's currently not possible to enable `MBEDTLS_PSA_CRYPTO_C` in configurations -that don't have `MBEDTLS_ENTROPY_C`, and we can't just auto-enable the latter, -as it won't build or work out of the box on all platforms. There are two kinds -of things we'd need to do if we want to work around that: -1. Make it possible to enable the parts of PSA Crypto that don't require an - RNG (typically, public key operations, symmetric crypto, some key -management functions (destroy etc)) in configurations that don't have -`ENTROPY_C`. This requires going through the PSA code base to adjust -dependencies. Risk: there may be annoying dependencies, some of which may be -surprising. -2. For operations that require an RNG, provide an alternative function - accepting an explicit `f_rng` parameter (see #5238), that would be -available in entropy-less builds. (Then code using those functions still needs -to have one version using it, for entropy-less builds, and one version using -the standard function, for driver support in build with entropy.) - -See . - -Taking advantage of the existing abstractions layers - or not -============================================================= - -The Crypto library in Mbed TLS currently has 3 abstraction layers that offer -algorithm-agnostic APIs for a class of algorithms: - -- MD for messages digests aka hashes (including HMAC) -- Cipher for symmetric ciphers (included AEAD) -- PK for asymmetric (aka public-key) cryptography (excluding key exchange) - -Note: key exchange (FFDH, ECDH) is not covered by an abstraction layer. - -These abstraction layers typically provide, in addition to the API for crypto -operations, types and numerical identifiers for algorithms (for -example `mbedtls_cipher_mode_t` and its values). The -current strategy is to keep using those identifiers in most of the code, in -particular in existing structures and public APIs. (This is not an issue for G1, -G2, G3 above, and is only potentially relevant for G4.) - -The are multiple strategies that can be used regarding the place of those -layers in the migration to PSA. - -Silently call to PSA from the abstraction layer ------------------------------------------------ - -- Provide a new definition of wrapper functions in the abstraction layer, that - calls PSA instead of the legacy crypto API. -- Upside: changes contained to a single place, no need to change TLS or X.509 - code anywhere. -- Downside: tricky to implement if the PSA implementation is currently done on - top of that layer (dependency loop). - -This strategy is currently (early 2023) used for all operations in the PK -layer; the MD layer uses a variant where it dispatches to PSA if a driver is -available and the driver subsystem has been initialized; see -`md-cipher-dispatch.md` in the same directory for details. - -This strategy is not very well suited to the Cipher layer, as the PSA -implementation is currently done on top of that layer. - -This strategy will probably be used for some time for the PK layer, while we -figure out what the future of that layer is: parts of it (parse/write, ECDSA -signatures in the format that X.509 & TLS want) are not covered by PSA, so -they will need to keep existing in some way. (Also, the PK layer is a good -place for dispatching to either PSA or `mbedtls_xxx_restartable` while that -part is not covered by PSA yet, if we decide to do that.) - -Replace calls for each operation --------------------------------- - -- For every operation that's done through this layer in TLS or X.509, just - replace function call with calls to PSA. -- Upside: conceptually simple, and if the PSA implementation is currently done - on top of that layer, avoids concerns about dependency loops. -- Upside: opens the door to building TLS/X.509 without that layer, saving some - code size. -- Downside: TLS/X.509 code has to be done for each operation. - -This strategy is currently (early 2023) used for the MD layer and the Cipher -layer in X.509 and TLS. Crypto modules however always call to MD which may -then dispatch to PSA, see `md-cipher-dispatch.md`. - -Opt-in use of PSA from the abstraction layer --------------------------------------------- - -- Provide a new way to set up a context that causes operations on that context - to be done via PSA. -- Upside: changes mostly contained in one place, TLS/X.509 code only needs to - be changed when setting up the context, but not when using it. In - particular, no changes to/duplication of existing public APIs that expect a - key to be passed as a context of this layer (eg, `mbedtls_pk_context`). -- Upside: avoids dependency loop when PSA implemented on top of that layer. -- Downside: when the context is typically set up by the application, requires - changes in application code. - -This strategy is not useful when no context is used, for example with the -one-shot function `mbedtls_md()`. - -There are two variants of this strategy: one where using the new setup -function also allows for key isolation (the key is only held by PSA, -supporting both G1 and G2 in that area), and one without isolation (the key is -still stored outside of PSA most of the time, supporting only G1). - -This strategy, with support for key isolation, is currently (early 2022) used for -private-key operations in the PK layer - see `mbedtls_pk_setup_opaque()`. This -allows use of PSA-held private ECDSA keys in TLS and X.509 with no change to -the TLS/X.509 code, but a contained change in the application. - -This strategy, without key isolation, was also previously used (until 3.1 -included) in the Cipher layer - see `mbedtls_cipher_setup_psa()`. This allowed -use of PSA for cipher operations in TLS with no change to the application -code, and a contained change in TLS code. (It only supported a subset of -ciphers.) - -Note: for private key operations in the PK layer, both the "silent" and the -"opt-in" strategy can apply, and can complement each other, as one provides -support for key isolation, but at the (unavoidable) code of change in -application code, while the other requires no application change to get -support for drivers, but fails to provide isolation support. - -Summary -------- - -Strategies currently (early 2022) used with each abstraction layer: - -- PK (for G1): silently call PSA -- PK (for G2): opt-in use of PSA (new key type) -- Cipher (G1): replace calls at each call site -- MD (G1, X.509 and TLS): replace calls at each call site -- MD (G5): silently call PSA when a driver is available, see - `md-cipher-dispatch.md`. - - -Supporting builds with drivers without the software implementation -================================================================== - -This section presents a plan towards G5: save code size by compiling out our -software implementation when a driver is available. - -Let's expand a bit on the definition of the goal: in such a configuration -(driver used, software implementation and abstraction layer compiled out), -we want: - -a. the library to build in a reasonably-complete configuration, -b. with all tests passing, -c. and no more tests skipped than the same configuration with software - implementation. - -Criterion (c) ensures not only test coverage, but that driver-based builds are -at feature parity with software-based builds. - -We can roughly divide the work needed to get there in the following steps: - -0. Have a working driver interface for the algorithms we want to replace. -1. Have users of these algorithms call to PSA or an abstraction layer than can - dispatch to PSA, but not the low-level legacy API, for all operations. -(This is G1, and for PK, X.509 and TLS.) This needs to be done in the library -and tests. -2. Have users of these algorithms not depend on the legacy API for information - management (getting a size for a given algorithm, etc.) -3. Adapt compile-time guards used to query availability of a given algorithm; - this needs to be done in the library (for crypto operations and data) and -tests. - -Note: the first two steps enable use of drivers, but not by themselves removal -of the software implementation. - -Note: the fact that step 1 is not achieved for all of libmbedcrypto (see -below) is the reason why criterion (a) has "a reasonably-complete -configuration", to allow working around internal crypto dependencies when -working on other parts such as X.509 and TLS - for example, a configuration -without RSA PKCS#1 v2.1 still allows reasonable use of X.509 and TLS. - -Note: this is a conceptual division that will sometimes translate to how the -work is divided into PRs, sometimes not. For example, in situations where it's -not possible to achieve good test coverage at the end of step 1 or step 2, it -is preferable to group with the next step(s) in the same PR until good test -coverage can be reached. - -**Status as of end of March 2023 (shortly after 3.4):** - -- Step 0 is achieved for most algorithms, with only a few gaps remaining. -- Step 1 is achieved for most of PK, X.509, and TLS when - `MBEDTLS_USE_PSA_CRYPTO` is enabled with only a few gaps remaining (see - docs/use-psa-crypto.md). -- Step 1 is achieved for the crypto library regarding hashes: everything uses - MD (not low-level hash APIs), which then dispatches to PSA if applicable. -- Step 1 is not achieved for all of the crypto library when it come to - ciphers. For example,`ctr_drbg.c` calls the legacy API `mbedtls_aes`. -- Step 2 is achieved for most of X.509 and TLS (same gaps as step 1) when - `MBEDTLS_USE_PSA_CRYPTO` is enabled. -- Step 3 is done for hashes and top-level ECC modules (ECDSA, ECDH, ECJPAKE). - -**Strategy for step 1:** - -Regarding PK, X.509, and TLS, this is mostly achieved with only a few gaps. -(The strategy was outlined in the previous section.) - -Regarding libmbedcrypto: -- for hashes and ciphers, see `md-cipher-dispatch.md` in the same directory; -- for ECC, we have no internal uses of the top-level algorithms (ECDSA, ECDH, - ECJPAKE), however they all depend on `ECP_C` which in turn depends on -`BIGNUM_C`. So, direct calls from TLS, X.509 and PK to ECP and Bignum will -need to be replaced; see and -linked issues for a summary of intermediate steps and open points. - -**Strategy for step 2:** - -The most satisfying situation here is when we can just use the PSA Crypto API -for information management as well. However sometimes it may not be -convenient, for example in parts of the code that accept old-style identifiers -(such as `mbedtls_md_type_t`) in their API and can't assume PSA to be -compiled in (such as `rsa.c`). - -When using an existing abstraction layer such as MD, it can provide -information management functions. In other cases, information that was in a -low-level module but logically belongs in a higher-level module can be moved -to that module (for example, TLS identifiers of curves and there conversion -to/from PSA or legacy identifiers belongs in TLS, not `ecp.c`). - -**Strategy for step 3:** - -There are currently two (complementary) ways for crypto-using code to check if a -particular algorithm is supported: using `MBEDTLS_xxx` macros, and using -`PSA_WANT_xxx` macros. For example, PSA-based code that want to use SHA-256 -will check for `PSA_WANT_ALG_SHA_256`, while legacy-based code that wants to -use SHA-256 will check for `MBEDTLS_SHA256_C` if using the `mbedtls_sha256` -API, or for `MBEDTLS_MD_C && MBEDTLS_SHA256_C` if using the `mbedtls_md` API. - -PSA based code will want to use the algorithm available in PSA, otherwise, it -wants it available via the legacy API(s) is it using (MD and/or low-level). - -As much as possible, we're trying to create for each algorithm a single new -macro that can be used to express dependencies everywhere (except pure PSA -code that should always use `PSA_WANT`). For example, for hashes this is the -`MBEDTLS_MD_CAN_xxx` family. For ECC algorithms, we have similar -`MBEDTLS_PK_CAN_xxx` macros. - -Note that in order to achieve that goal, it is useful to impose that all -algorithms that are available via the legacy APIs are also available via PSA. - -Executing step 3 will mostly consist of using the right dependency macros in -the right places (once the previous steps are done). - -**Note on testing** - -Since supporting driver-only builds is not about adding features, but about -supporting existing features in new types of builds, testing will not involve -adding cases to the test suites, but instead adding new components in `all.sh` -that build and run tests in newly-supported configurations. For example, if -we're making some part of the library work with hashes provided only by -drivers, there should be a place in `all.sh` that builds and run tests in such a -configuration. - -There is however a risk, especially in step 3 where we change how dependencies -are expressed (sometimes in bulk), to get things wrong in a way that would -result in more tests being skipped, which is easy to miss. Care must be -taken to ensure this does not happen. The following criteria can be used: - -1. The sets of tests skipped in the default config and the full config must be - the same before and after the PR that implements step 3. This is tested -manually for each PR that changes dependency declarations by using the script -`outcome-analysis.sh` in the present directory. -2. The set of tests skipped in the driver-only build is the same as in an - equivalent software-based configuration. This is tested automatically by the -CI in the "Results analysis" stage, by running -`tests/scripts/analyze_outcomes.py`. See the -`analyze_driver_vs_reference_xxx` actions in the script and the comments above -their declaration for how to do that locally. - - -Migrating away from the legacy API -================================== - -This section briefly introduces questions and possible plans towards G4, -mainly as they relate to choices in previous stages. - -The role of the PK/Cipher/MD APIs in user migration ---------------------------------------------------- - -We're currently taking advantage of the existing PK layer in order -to reduce the number of places where library code needs to be changed. It's -only natural to consider using the same strategy (with the PK, MD and Cipher -layers) for facilitating migration of application code. - -Note: a necessary first step for that would be to make sure PSA is no longer -implemented of top of the concerned layers - -### Zero-cost compatibility layer? - -The most favourable case is if we can have a zero-cost abstraction (no -runtime, RAM usage or code size penalty), for example just a bunch of -`#define`s, essentially mapping `mbedtls_` APIs to their `psa_` equivalent. - -Unfortunately that's unlikely to fully work. For example, the MD layer uses the -same context type for hashes and HMACs, while the PSA API (rightfully) has -distinct operation types. Similarly, the Cipher layer uses the same context -type for unauthenticated and AEAD ciphers, which again the PSA API -distinguishes. - -It is unclear how much value, if any, a zero-cost compatibility layer that's -incomplete (for example, for MD covering only hashes, or for Cipher covering -only AEAD) or differs significantly from the existing API (for example, -introducing new context types) would provide to users. - -### Low-cost compatibility layers? - -Another possibility is to keep most or all of the existing API for the PK, MD -and Cipher layers, implemented on top of PSA, aiming for the lowest possible -cost. For example, `mbedtls_md_context_t` would be defined as a (tagged) union -of `psa_hash_operation_t` and `psa_mac_operation_t`, then `mbedtls_md_setup()` -would initialize the correct part, and the rest of the functions be simple -wrappers around PSA functions. This would vastly reduce the complexity of the -layers compared to the existing (no need to dispatch through function -pointers, just call the corresponding PSA API). - -Since this would still represent a non-zero cost, not only in terms of code -size, but also in terms of maintenance (testing, etc.) this would probably -be a temporary solution: for example keep the compatibility layers in 4.0 (and -make them optional), but remove them in 5.0. - -Again, this provides the most value to users if we can manage to keep the -existing API unchanged. Their might be conflicts between this goal and that of -reducing the cost, and judgment calls may need to be made. - -Note: when it comes to holding public keys in the PK layer, depending on how -the rest of the code is structured, it may be worth holding the key data in -memory controlled by the PK layer as opposed to a PSA key slot, moving it to a -slot only when needed (see current `ecdsa_verify_wrap`) For example, when -parsing a large number, N, of X.509 certificates (for example the list of -trusted roots), it might be undesirable to use N PSA key slots for their public -keys as long as the certs are loaded. OTOH, this could also be addressed by -merging the "X.509 parsing on-demand" (#2478), and then the public key data -would be held as bytes in the X.509 CRT structure, and only moved to a PK -context / PSA slot when it's actually used. - -Note: the PK layer actually consists of two relatively distinct parts: crypto -operations, which will be covered by PSA, and parsing/writing (exporting) -from/to various formats, which is currently not fully covered by the PSA -Crypto API. - -### Algorithm identifiers and other identifiers - -It should be easy to provide the user with a bunch of `#define`s for algorithm -identifiers, for example `#define MBEDTLS_MD_SHA256 PSA_ALG_SHA_256`; most of -those would be in the MD, Cipher and PK compatibility layers mentioned above, -but there might be some in other modules that may be worth considering, for -example identifiers for elliptic curves. - -### Lower layers - -Generally speaking, we would retire all of the low-level, non-generic modules, -such as AES, SHA-256, RSA, DHM, ECDH, ECP, bignum, etc, without providing -compatibility APIs for them. People would be encouraged to switch to the PSA -API. (The compatibility implementation of the existing PK, MD, Cipher APIs -would mostly benefit people who already used those generic APis rather than -the low-level, alg-specific ones.) - -### APIs in TLS and X.509 - -Public APIs in TLS and X.509 may be affected by the migration in at least two -ways: - -1. APIs that rely on a legacy `mbedtls_` crypto type: for example - `mbedtls_ssl_conf_own_cert()` to configure a (certificate and the -associated) private key. Currently the private key is passed as a -`mbedtls_pk_context` object, which would probably change to a `psa_key_id_t`. -Since some users would probably still be using the compatibility PK layer, it -would need a way to easily extract the PSA key ID from the PK context. - -2. APIs the accept list of identifiers: for example - `mbedtls_ssl_conf_curves()` taking a list of `mbedtls_ecp_group_id`s. This -could be changed to accept a list of pairs (`psa_ecc_family_t`, size) but we -should probably take this opportunity to move to a identifier independent from -the underlying crypto implementation and use TLS-specific identifiers instead -(based on IANA values or custom enums), as is currently done in the new -`mbedtls_ssl_conf_groups()` API, see #4859). - -Testing -------- - -An question that needs careful consideration when we come around to removing -the low-level crypto APIs and making PK, MD and Cipher optional compatibility -layers is to be sure to preserve testing quality. A lot of the existing test -cases use the low level crypto APIs; we would need to either keep using that -API for tests, or manually migrate tests to the PSA Crypto API. Perhaps a -combination of both, perhaps evolving gradually over time. From e0037af243975c2e429c3b1688a20c68c0f01c4f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 17 Dec 2024 19:44:38 +0000 Subject: [PATCH 17/31] Fix broken references in docs Signed-off-by: Janos Follath --- docs/architecture/psa-migration/psa-limitations.md | 3 ++- docs/proposed/Makefile | 4 ---- docs/psa-transition.md | 4 ++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md index 75814f770..8f6b606db 100644 --- a/docs/architecture/psa-migration/psa-limitations.md +++ b/docs/architecture/psa-migration/psa-limitations.md @@ -1,7 +1,8 @@ This document lists current limitations of the PSA Crypto API (as of version 1.1) that may impact our ability to (1) use it for all crypto operations in TLS and X.509 and (2) support isolation of all long-term secrets in TLS (that -is, goals G1 and G2 in [strategy.md](strategy.md) in the same directory). +is, goals G1 and G2 in +[strategy.md](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/architecture/psa-migration/strategy.md)). This is supposed to be a complete list, based on a exhaustive review of crypto operations done in TLS and X.509 code, but of course it's still possible that diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile index 7f5254fab..b9f6e24f7 100644 --- a/docs/proposed/Makefile +++ b/docs/proposed/Makefile @@ -4,10 +4,6 @@ default: all all_markdown = \ config-split.md \ - psa-conditional-inclusion-c.md \ - psa-driver-developer-guide.md \ - psa-driver-integration-guide.md \ - psa-driver-interface.md \ # This line is intentionally left blank html: $(all_markdown:.md=.html) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 51ac02877..0758061f8 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -226,7 +226,7 @@ The PSA Crypto API may use accelerator drivers. In this case any options control In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library. -The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/driver-only-builds.md) for more information. +The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/driver-only-builds.md) for more information. ### Self-tests @@ -1276,7 +1276,7 @@ The PSA API is a cryptography API, not an arithmetic API. As a consequence, ther #### RSA-ALT interface -Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md). +Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). * If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code. * If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g. From 0aac2e5f37d4c0b18c72a091d56ad56e355d3226 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 18 Dec 2024 19:23:11 +0000 Subject: [PATCH 18/31] Fix broken reference in ChangeLog Signed-off-by: Janos Follath --- ChangeLog.d/psa-always-on.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt index 49edb3ed2..45f4d9b10 100644 --- a/ChangeLog.d/psa-always-on.txt +++ b/ChangeLog.d/psa-always-on.txt @@ -1,9 +1,10 @@ Default behavior changes * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem to perform cryptographic operations, with a few exceptions documented - in docs/use-psa-crypto.md. This corresponds to the behavior of - Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, - MBEDTLS_USE_PSA_CRYPTO is now always enabled. + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. * psa_crypto_init() must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. From 28c6290efa3060c7bb62b624324d8fced9ec8faf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 3 Dec 2024 18:07:02 +0000 Subject: [PATCH 19/31] Remove interruptible tests from TSAN component No effort was made to make the interruptible ECC PSA functions thread safe, as it was presumed that generally if you were using interruptible functionality, then you were unlikely to have mulitple threads. Signed-off-by: Paul Elliott --- tests/scripts/components-sanitizers.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 2496c3df6..454d1407f 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -111,6 +111,8 @@ component_test_tsan () { scripts/config.py set MBEDTLS_THREADING_PTHREAD # Self-tests do not currently use multiple threads. scripts/config.py unset MBEDTLS_SELF_TEST + # Interruptible ECC tests are not thread safe + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C From a05b8e2c9a7c989bb1b8fe8b4aad4450b845b843 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 19 Dec 2024 10:58:46 +0000 Subject: [PATCH 20/31] Update framework for negative tests Signed-off-by: Paul Elliott --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 7e6a3d255..b9065f171 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 7e6a3d255dcf1d8756d1535ac26bba8695afac30 +Subproject commit b9065f1717a3e0a24de7a13e298e906aaf44bd52 From b08dc92aaaecf24b2178df412c13960d2803bd9f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 17 Dec 2024 22:30:20 +0000 Subject: [PATCH 21/31] Update tf-psa-crypto for exercise key tests Signed-off-by: Paul Elliott --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 26bc88ccd..9e4ac374e 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 26bc88ccd708e8f5748b5aa90691980d5bb111c0 +Subproject commit 9e4ac374e2be67892e70b9c653c6872ba8a2031b From e809ef4623571fef8b8aae7df7adcc2b20e5bf54 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 17 Dec 2024 12:41:04 +0000 Subject: [PATCH 22/31] Update TF-PSA-Crypto submodule to add iop export public-key get_num_ops() Signed-off-by: Waleed Elmelegy --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 26bc88ccd..9e4ac374e 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 26bc88ccd708e8f5748b5aa90691980d5bb111c0 +Subproject commit 9e4ac374e2be67892e70b9c653c6872ba8a2031b From 48a32dd8a889919955c4ce4d461376c91464e779 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 13 Dec 2024 14:48:45 +0000 Subject: [PATCH 23/31] Move files out of Mbed TLS Signed-off-by: Elena Uziunaite --- tests/scripts/check_files.py | 567 ----------------------------------- 1 file changed, 567 deletions(-) delete mode 100755 tests/scripts/check_files.py diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py deleted file mode 100755 index d3fbe859e..000000000 --- a/tests/scripts/check_files.py +++ /dev/null @@ -1,567 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -""" -This script checks the current state of the source code for minor issues, -including incorrect file permissions, presence of tabs, non-Unix line endings, -trailing whitespace, and presence of UTF-8 BOM. -Note: requires python 3, must be run from Mbed TLS root. -""" - -import argparse -import codecs -import inspect -import logging -import os -import re -import subprocess -import sys -try: - from typing import FrozenSet, Optional, Pattern # pylint: disable=unused-import -except ImportError: - pass - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree - - -class FileIssueTracker: - """Base class for file-wide issue tracking. - - To implement a checker that processes a file as a whole, inherit from - this class and implement `check_file_for_issue` and define ``heading``. - - ``suffix_exemptions``: files whose name ends with a string in this set - will not be checked. - - ``path_exemptions``: files whose path (relative to the root of the source - tree) matches this regular expression will not be checked. This can be - ``None`` to match no path. Paths are normalized and converted to ``/`` - separators before matching. - - ``heading``: human-readable description of the issue - """ - - suffix_exemptions = frozenset() #type: FrozenSet[str] - path_exemptions = None #type: Optional[Pattern[str]] - # heading must be defined in derived classes. - # pylint: disable=no-member - - def __init__(self): - self.files_with_issues = {} - - @staticmethod - def normalize_path(filepath): - """Normalize ``filepath`` with / as the directory separator.""" - filepath = os.path.normpath(filepath) - # On Windows, we may have backslashes to separate directories. - # We need slashes to match exemption lists. - seps = os.path.sep - if os.path.altsep is not None: - seps += os.path.altsep - return '/'.join(filepath.split(seps)) - - def should_check_file(self, filepath): - """Whether the given file name should be checked. - - Files whose name ends with a string listed in ``self.suffix_exemptions`` - or whose path matches ``self.path_exemptions`` will not be checked. - """ - for files_exemption in self.suffix_exemptions: - if filepath.endswith(files_exemption): - return False - if self.path_exemptions and \ - re.match(self.path_exemptions, self.normalize_path(filepath)): - return False - return True - - def check_file_for_issue(self, filepath): - """Check the specified file for the issue that this class is for. - - Subclasses must implement this method. - """ - raise NotImplementedError - - def record_issue(self, filepath, line_number): - """Record that an issue was found at the specified location.""" - if filepath not in self.files_with_issues.keys(): - self.files_with_issues[filepath] = [] - self.files_with_issues[filepath].append(line_number) - - def output_file_issues(self, logger): - """Log all the locations where the issue was found.""" - if self.files_with_issues.values(): - logger.info(self.heading) - for filename, lines in sorted(self.files_with_issues.items()): - if lines: - logger.info("{}: {}".format( - filename, ", ".join(str(x) for x in lines) - )) - else: - logger.info(filename) - logger.info("") - -BINARY_FILE_PATH_RE_LIST = [ - r'docs/.*\.pdf\Z', - r'docs/.*\.png\Z', - r'tf-psa-crypto/docs/.*\.pdf\Z', - r'tf-psa-crypto/docs/.*\.png\Z', - r'programs/fuzz/corpuses/[^.]+\Z', - r'framework/data_files/[^.]+\Z', - r'framework/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z', - r'framework/data_files/.*\.req\.[^/]+\Z', - r'framework/data_files/.*malformed[^/]+\Z', - r'framework/data_files/format_pkcs12\.fmt\Z', - r'framework/data_files/.*\.bin\Z', -] -BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST)) - -class LineIssueTracker(FileIssueTracker): - """Base class for line-by-line issue tracking. - - To implement a checker that processes files line by line, inherit from - this class and implement `line_with_issue`. - """ - - # Exclude binary files. - path_exemptions = BINARY_FILE_PATH_RE - - def issue_with_line(self, line, filepath, line_number): - """Check the specified line for the issue that this class is for. - - Subclasses must implement this method. - """ - raise NotImplementedError - - def check_file_line(self, filepath, line, line_number): - if self.issue_with_line(line, filepath, line_number): - self.record_issue(filepath, line_number) - - def check_file_for_issue(self, filepath): - """Check the lines of the specified file. - - Subclasses must implement the ``issue_with_line`` method. - """ - with open(filepath, "rb") as f: - for i, line in enumerate(iter(f.readline, b"")): - self.check_file_line(filepath, line, i + 1) - - -def is_windows_file(filepath): - _root, ext = os.path.splitext(filepath) - return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj') - - -class ShebangIssueTracker(FileIssueTracker): - """Track files with a bad, missing or extraneous shebang line. - - Executable scripts must start with a valid shebang (#!) line. - """ - - heading = "Invalid shebang line:" - - # Allow either /bin/sh, /bin/bash, or /usr/bin/env. - # Allow at most one argument (this is a Linux limitation). - # For sh and bash, the argument if present must be options. - # For env, the argument must be the base name of the interpreter. - _shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?' - rb'|/usr/bin/env ([^\n /]+))$') - _extensions = { - b'bash': 'sh', - b'perl': 'pl', - b'python3': 'py', - b'sh': 'sh', - } - - path_exemptions = re.compile(r'framework/scripts/quiet/.*') - - def is_valid_shebang(self, first_line, filepath): - m = re.match(self._shebang_re, first_line) - if not m: - return False - interpreter = m.group(1) or m.group(2) - if interpreter not in self._extensions: - return False - if not filepath.endswith('.' + self._extensions[interpreter]): - return False - return True - - def check_file_for_issue(self, filepath): - is_executable = os.access(filepath, os.X_OK) - with open(filepath, "rb") as f: - first_line = f.readline() - if first_line.startswith(b'#!'): - if not is_executable: - # Shebang on a non-executable file - self.files_with_issues[filepath] = None - elif not self.is_valid_shebang(first_line, filepath): - self.files_with_issues[filepath] = [1] - elif is_executable: - # Executable without a shebang - self.files_with_issues[filepath] = None - - -class EndOfFileNewlineIssueTracker(FileIssueTracker): - """Track files that end with an incomplete line - (no newline character at the end of the last line).""" - - heading = "Missing newline at end of file:" - - path_exemptions = BINARY_FILE_PATH_RE - - def check_file_for_issue(self, filepath): - with open(filepath, "rb") as f: - try: - f.seek(-1, 2) - except OSError: - # This script only works on regular files. If we can't seek - # 1 before the end, it means that this position is before - # the beginning of the file, i.e. that the file is empty. - return - if f.read(1) != b"\n": - self.files_with_issues[filepath] = None - - -class Utf8BomIssueTracker(FileIssueTracker): - """Track files that start with a UTF-8 BOM. - Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM.""" - - heading = "UTF-8 BOM present:" - - suffix_exemptions = frozenset([".vcxproj", ".sln"]) - path_exemptions = BINARY_FILE_PATH_RE - - def check_file_for_issue(self, filepath): - with open(filepath, "rb") as f: - if f.read().startswith(codecs.BOM_UTF8): - self.files_with_issues[filepath] = None - - -class UnicodeIssueTracker(LineIssueTracker): - """Track lines with invalid characters or invalid text encoding.""" - - heading = "Invalid UTF-8 or forbidden character:" - - # Only allow valid UTF-8, and only other explicitly allowed characters. - # We deliberately exclude all characters that aren't a simple non-blank, - # non-zero-width glyph, apart from a very small set (tab, ordinary space, - # line breaks, "basic" no-break space and soft hyphen). In particular, - # non-ASCII control characters, combinig characters, and Unicode state - # changes (e.g. right-to-left text) are forbidden. - # Note that we do allow some characters with a risk of visual confusion, - # for example '-' (U+002D HYPHEN-MINUS) vs '­' (U+00AD SOFT HYPHEN) vs - # '‐' (U+2010 HYPHEN), or 'A' (U+0041 LATIN CAPITAL LETTER A) vs - # 'Α' (U+0391 GREEK CAPITAL LETTER ALPHA). - GOOD_CHARACTERS = ''.join([ - '\t\n\r -~', # ASCII (tabs and line endings are checked separately) - '\u00A0-\u00FF', # Latin-1 Supplement (for NO-BREAK SPACE and punctuation) - '\u2010-\u2027\u2030-\u205E', # General Punctuation (printable) - '\u2070\u2071\u2074-\u208E\u2090-\u209C', # Superscripts and Subscripts - '\u2190-\u21FF', # Arrows - '\u2200-\u22FF', # Mathematical Symbols - '\u2500-\u257F' # Box Drawings characters used in markdown trees - ]) - # Allow any of the characters and ranges above, and anything classified - # as a word constituent. - GOOD_CHARACTERS_RE = re.compile(r'[\w{}]+\Z'.format(GOOD_CHARACTERS)) - - def issue_with_line(self, line, _filepath, line_number): - try: - text = line.decode('utf-8') - except UnicodeDecodeError: - return True - if line_number == 1 and text.startswith('\uFEFF'): - # Strip BOM (U+FEFF ZERO WIDTH NO-BREAK SPACE) at the beginning. - # Which files are allowed to have a BOM is handled in - # Utf8BomIssueTracker. - text = text[1:] - return not self.GOOD_CHARACTERS_RE.match(text) - -class UnixLineEndingIssueTracker(LineIssueTracker): - """Track files with non-Unix line endings (i.e. files with CR).""" - - heading = "Non-Unix line endings:" - - def should_check_file(self, filepath): - if not super().should_check_file(filepath): - return False - return not is_windows_file(filepath) - - def issue_with_line(self, line, _filepath, _line_number): - return b"\r" in line - - -class WindowsLineEndingIssueTracker(LineIssueTracker): - """Track files with non-Windows line endings (i.e. CR or LF not in CRLF).""" - - heading = "Non-Windows line endings:" - - def should_check_file(self, filepath): - if not super().should_check_file(filepath): - return False - return is_windows_file(filepath) - - def issue_with_line(self, line, _filepath, _line_number): - return not line.endswith(b"\r\n") or b"\r" in line[:-2] - - -class TrailingWhitespaceIssueTracker(LineIssueTracker): - """Track lines with trailing whitespace.""" - - heading = "Trailing whitespace:" - suffix_exemptions = frozenset([".dsp", ".md"]) - - def issue_with_line(self, line, _filepath, _line_number): - return line.rstrip(b"\r\n") != line.rstrip() - - -class TabIssueTracker(LineIssueTracker): - """Track lines with tabs.""" - - heading = "Tabs present:" - suffix_exemptions = frozenset([ - ".make", - ".pem", # some openssl dumps have tabs - ".sln", - "/.gitmodules", - "/Makefile", - "/Makefile.inc", - "/generate_visualc_files.pl", - ]) - - def issue_with_line(self, line, _filepath, _line_number): - return b"\t" in line - - -class MergeArtifactIssueTracker(LineIssueTracker): - """Track lines with merge artifacts. - These are leftovers from a ``git merge`` that wasn't fully edited.""" - - heading = "Merge artifact:" - - def issue_with_line(self, line, _filepath, _line_number): - # Detect leftover git conflict markers. - if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '): - return True - if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3 - return True - if line.rstrip(b'\r\n') == b'=======' and \ - not _filepath.endswith('.md'): - return True - return False - - -def this_location(): - frame = inspect.currentframe() - assert frame is not None - info = inspect.getframeinfo(frame) - return os.path.basename(info.filename), info.lineno -THIS_FILE_BASE_NAME, LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER = this_location() - -class LicenseIssueTracker(LineIssueTracker): - """Check copyright statements and license indications. - - This class only checks that statements are correct if present. It does - not enforce the presence of statements in each file. - """ - - heading = "License issue:" - - LICENSE_EXEMPTION_RE_LIST = [ - # Exempt third-party drivers which may be under a different license - r'tf-psa-crypto/drivers/(?=(everest)/.*)', - # Documentation explaining the license may have accidental - # false positives. - r'(ChangeLog|LICENSE|framework\/LICENSE|[-0-9A-Z_a-z]+\.md)\Z', - # Files imported from TF-M, and not used except in test builds, - # may be under a different license. - r'configs/ext/crypto_config_profile_medium\.h\Z', - r'configs/ext/tfm_mbedcrypto_config_profile_medium\.h\Z', - r'configs/ext/README\.md\Z', - # Third-party file. - r'dco\.txt\Z', - r'framework\/dco\.txt\Z', - ] - path_exemptions = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST + - LICENSE_EXEMPTION_RE_LIST)) - - COPYRIGHT_HOLDER = rb'The Mbed TLS Contributors' - # Catch "Copyright foo", "Copyright (C) foo", "Copyright © foo", etc. - COPYRIGHT_RE = re.compile(rb'.*\bcopyright\s+((?:\w|\s|[()]|[^ -~])*\w)', re.I) - - SPDX_HEADER_KEY = b'SPDX-License-Identifier' - LICENSE_IDENTIFIER = b'Apache-2.0 OR GPL-2.0-or-later' - SPDX_RE = re.compile(br'.*?(' + - re.escape(SPDX_HEADER_KEY) + - br')(:\s*(.*?)\W*\Z|.*)', re.I) - - LICENSE_MENTION_RE = re.compile(rb'.*(?:' + rb'|'.join([ - rb'Apache License', - rb'General Public License', - ]) + rb')', re.I) - - def __init__(self): - super().__init__() - # Record what problem was caused. We can't easily report it due to - # the structure of the script. To be fixed after - # https://github.com/Mbed-TLS/mbedtls/pull/2506 - self.problem = None - - def issue_with_line(self, line, filepath, line_number): - #pylint: disable=too-many-return-statements - - # Use endswith() rather than the more correct os.path.basename() - # because experimentally, it makes a significant difference to - # the running time. - if filepath.endswith(THIS_FILE_BASE_NAME) and \ - line_number > LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER: - # Avoid false positives from the code in this class. - # Also skip the rest of this file, which is highly unlikely to - # contain any problematic statements since we put those near the - # top of files. - return False - - m = self.COPYRIGHT_RE.match(line) - if m and m.group(1) != self.COPYRIGHT_HOLDER: - self.problem = 'Invalid copyright line' - return True - - m = self.SPDX_RE.match(line) - if m: - if m.group(1) != self.SPDX_HEADER_KEY: - self.problem = 'Misspelled ' + self.SPDX_HEADER_KEY.decode() - return True - if not m.group(3): - self.problem = 'Improperly formatted SPDX license identifier' - return True - if m.group(3) != self.LICENSE_IDENTIFIER: - self.problem = 'Wrong SPDX license identifier' - return True - - m = self.LICENSE_MENTION_RE.match(line) - if m: - self.problem = 'Suspicious license mention' - return True - - return False - - -class ErrorAddIssueTracker(LineIssueTracker): - """Signal direct additions of error codes. - - Adding a low-level error code with a high-level error code is deprecated - and should use MBEDTLS_ERROR_ADD. - """ - - heading = "Direct addition of error codes" - - _ERR_PLUS_RE = re.compile(br'MBEDTLS_ERR_\w+ *\+|' - br'\+ *MBEDTLS_ERR_') - _EXCLUDE_RE = re.compile(br' *case ') - - def issue_with_line(self, line, filepath, line_number): - if self._ERR_PLUS_RE.search(line) and not self._EXCLUDE_RE.match(line): - return True - return False - - -class IntegrityChecker: - """Sanity-check files under the current directory.""" - - def __init__(self, log_file): - """Instantiate the sanity checker. - Check files under the current directory. - Write a report of issues to log_file.""" - build_tree.check_repo_path() - self.logger = None - self.setup_logger(log_file) - self.issues_to_check = [ - ShebangIssueTracker(), - EndOfFileNewlineIssueTracker(), - Utf8BomIssueTracker(), - UnicodeIssueTracker(), - UnixLineEndingIssueTracker(), - WindowsLineEndingIssueTracker(), - TrailingWhitespaceIssueTracker(), - TabIssueTracker(), - MergeArtifactIssueTracker(), - LicenseIssueTracker(), - ErrorAddIssueTracker(), - ] - - def setup_logger(self, log_file, level=logging.INFO): - """Log to log_file if provided, or to stderr if None.""" - self.logger = logging.getLogger() - self.logger.setLevel(level) - if log_file: - handler = logging.FileHandler(log_file) - self.logger.addHandler(handler) - else: - console = logging.StreamHandler() - self.logger.addHandler(console) - - @staticmethod - def collect_files(): - """Return the list of files to check. - - These are the regular files commited into Git. - """ - bytes_output = subprocess.check_output(['git', '-C', 'framework', - 'ls-files', '-z']) - bytes_framework_filepaths = bytes_output.split(b'\0')[:-1] - bytes_framework_filepaths = ["framework/".encode() + filepath - for filepath in bytes_framework_filepaths] - - bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) - bytes_filepaths = bytes_output.split(b'\0')[:-1] + \ - bytes_framework_filepaths - ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) - - # Filter out directories. Normally Git doesn't list directories - # (it only knows about the files inside them), but there is - # at least one case where 'git ls-files' includes a directory: - # submodules. Just skip submodules (and any other directories). - ascii_filepaths = [fp for fp in ascii_filepaths - if os.path.isfile(fp)] - # Prepend './' to files in the top-level directory so that - # something like `'/Makefile' in fp` matches in the top-level - # directory as well as in subdirectories. - return [fp if os.path.dirname(fp) else os.path.join(os.curdir, fp) - for fp in ascii_filepaths] - - def check_files(self): - """Check all files for all issues.""" - for issue_to_check in self.issues_to_check: - for filepath in self.collect_files(): - if issue_to_check.should_check_file(filepath): - issue_to_check.check_file_for_issue(filepath) - - def output_issues(self): - """Log the issues found and their locations. - - Return 1 if there were issues, 0 otherwise. - """ - integrity_return_code = 0 - for issue_to_check in self.issues_to_check: - if issue_to_check.files_with_issues: - integrity_return_code = 1 - issue_to_check.output_file_issues(self.logger) - return integrity_return_code - - -def run_main(): - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument( - "-l", "--log_file", type=str, help="path to optional output log", - ) - check_args = parser.parse_args() - integrity_check = IntegrityChecker(check_args.log_file) - integrity_check.check_files() - return_code = integrity_check.output_issues() - sys.exit(return_code) - - -if __name__ == "__main__": - run_main() From 59fbed801e19182f3eb9c7e68cc48b7e83d94e58 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Mon, 25 Nov 2024 12:25:30 +0000 Subject: [PATCH 24/31] Adujst paths Signed-off-by: Elena Uziunaite --- tests/scripts/components-basic-checks.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index fa9e99bd9..99fd0d76c 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -43,7 +43,7 @@ component_check_doxy_blocks () { component_check_files () { msg "Check: file sanity checks (permissions, encodings)" # < 1s - tests/scripts/check_files.py + framework/scripts/check_files.py } component_check_changelog () { From 792dbed87bb46694ff243f37d860d66a313331c9 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 19 Dec 2024 20:49:27 +0200 Subject: [PATCH 25/31] Update submodule Signed-off-by: Elena Uziunaite --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index b9065f171..d9d14c4d3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit b9065f1717a3e0a24de7a13e298e906aaf44bd52 +Subproject commit d9d14c4d30290f7b34ac8fe1d4d4580ac6c8e9e5 From 42f0e763f151cf99b0764ee08a3f9ffbb64c9a71 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Wed, 11 Dec 2024 12:37:07 +0000 Subject: [PATCH 26/31] Update submodule Signed-off-by: Elena Uziunaite --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d9d14c4d3..2db68049e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d9d14c4d30290f7b34ac8fe1d4d4580ac6c8e9e5 +Subproject commit 2db68049e1ba586407a1db6a37e94a1f9836142f From 34a0b6dc329c395f7748ee0f35e13ef31767d136 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 17 Dec 2024 13:41:52 +0000 Subject: [PATCH 27/31] Update framework submodule for CMake TF-PSA-Crypto This commit updates the framework submodule to include commits relevant to running TF-PSA-Crypto using CMake build system. Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2db68049e..81dfe001e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2db68049e1ba586407a1db6a37e94a1f9836142f +Subproject commit 81dfe001e19c8d2c09d2ac1df2f5d655b0f04a7d From 1e8992b63e9d23c298039922046b1e6a3134f98d Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 24 Dec 2024 14:32:42 +0000 Subject: [PATCH 28/31] Update TF-PSA-Crypto for out of source builds This commit updates TF-PSA-Crypto to enable out of source builds by default. Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 9e4ac374e..e95def83c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 9e4ac374e2be67892e70b9c653c6872ba8a2031b +Subproject commit e95def83c262522fd0c78b89837b218ac839138a From 965b829b541e8177317561b54d55776167aa7d45 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Jan 2025 09:51:01 +0100 Subject: [PATCH 29/31] Move files into the framework The following files are added (imported) from the main Mbed TLS repo: scripts/assemble_changelog.py scripts/check-doxy-blocks.pl scripts/check-python-files.sh scripts/doxygen.sh scripts/apidoc_full.sh scripts/recursion.pl Signed-off-by: Valerio Setti --- .gitattributes | 2 - .github/ISSUE_TEMPLATE/bug_report.md | 35 - .github/ISSUE_TEMPLATE/config.yml | 8 - .github/ISSUE_TEMPLATE/feature_request.md | 17 - .github/pull_request_template.md | 31 - .gitignore | 76 - .gitmodules | 6 - .globalrc | 3 - .mypy.ini | 4 - .pylintrc | 80 - .readthedocs.yaml | 37 - .travis.yml | 28 - .uncrustify.cfg | 240 - 3rdparty/.gitignore | 1 - BRANCHES.md | 115 - BUGS.md | 20 - CMakeLists.txt | 566 - CONTRIBUTING.md | 97 - ChangeLog | 6109 ------- ChangeLog.d/00README.md | 91 - ChangeLog.d/9126.txt | 5 - ChangeLog.d/9302.txt | 6 - ChangeLog.d/9690.txt | 8 - ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 - ChangeLog.d/add-psa-iop-generate-key.txt | 3 - ChangeLog.d/add-psa-iop-key-agreement.txt | 4 - ChangeLog.d/add-psa-key-agreement.txt | 3 - ChangeLog.d/asn1-missing-guard-in-rsa.txt | 3 - ChangeLog.d/check-config.txt | 9 - ChangeLog.d/configuration-split.txt | 16 - ChangeLog.d/dynamic-keystore.txt | 10 - ChangeLog.d/ecdsa-conversion-overflow.txt | 6 - ChangeLog.d/fix-aesni-asm-clobbers.txt | 5 - .../fix-clang-psa-build-without-dhm.txt | 3 - ...ion-when-memcpy-is-function-like-macro.txt | 2 - ChangeLog.d/fix-compilation-with-djgpp.txt | 2 - ...concurrently-loading-non-existent-keys.txt | 4 - ChangeLog.d/fix-driver-schema-check.txt | 3 - ChangeLog.d/fix-legacy-compression-issue.txt | 6 - ChangeLog.d/fix-psa-cmac.txt | 4 - ...nation_warning_messages_for_GNU_SOURCE.txt | 5 - .../fix-rsa-performance-regression.txt | 3 - .../fix-secure-element-key-creation.txt | 5 - ChangeLog.d/fix-server-mode-only-build.txt | 3 - ChangeLog.d/fix-test-suite-pk-warnings.txt | 3 - .../fix_reporting_of_key_usage_issues.txt | 11 - ChangeLog.d/fix_ubsan_mp_aead_gcm.txt | 3 - ...tls_psa_ecp_generate_key-no_public_key.txt | 3 - ChangeLog.d/mbedtls_psa_register_se_key.txt | 3 - ...sa_rsa_load_representation-memory_leak.txt | 3 - ChangeLog.d/pk-norsa-warning.txt | 2 - ChangeLog.d/psa-always-on.txt | 10 - ChangeLog.d/psa-crypto-config-always-on.txt | 7 - ...decrypt-ccm_star-iv_length_enforcement.txt | 3 - ChangeLog.d/psa_generate_key_custom.txt | 9 - ChangeLog.d/psa_util-bits-0.txt | 3 - .../psa_util_in_builds_without_psa.txt | 5 - ChangeLog.d/remove-crypto-alt-interface.txt | 5 - ChangeLog.d/remove-via-padlock-support.txt | 3 - .../replace-close-with-mbedtls_net_close.txt | 4 - ChangeLog.d/repo-split.txt | 5 - ...ring-conversions-out-of-the-oid-module.txt | 4 - ChangeLog.d/tls-key-exchange-rsa.txt | 2 - ChangeLog.d/tls13-cert-regressions.txt | 18 - .../tls13-middlebox-compat-disabled.txt | 4 - ChangeLog.d/tls13-without-tickets.txt | 3 - DartConfiguration.tcl | 4 - LICENSE | 553 - Makefile | 247 - README.md | 326 - SECURITY.md | 146 - SUPPORT.md | 16 - cmake/MbedTLSConfig.cmake.in | 3 - configs/README.txt | 24 - configs/config-ccm-psk-dtls1_2.h | 66 - configs/config-ccm-psk-tls1_2.h | 58 - configs/config-suite-b.h | 53 - configs/config-symmetric-only.h | 16 - configs/config-tfm.h | 12 - configs/config-thread.h | 43 - configs/crypto-config-ccm-aes-sha256.h | 28 - configs/crypto-config-ccm-psk-tls1_2.h | 45 - configs/crypto-config-suite-b.h | 79 - configs/crypto-config-symmetric-only.h | 91 - configs/crypto-config-thread.h | 70 - configs/ext/README.md | 26 - configs/ext/config_tfm.h | 13 - configs/ext/crypto_config_profile_medium.h | 705 - configs/ext/mbedtls_entropy_nv_seed_config.h | 13 - .../tfm_mbedcrypto_config_profile_medium.h | 85 - dco.txt | 37 - docs/.gitignore | 4 - docs/3.0-migration-guide.md | 1039 -- docs/Makefile | 40 - docs/architecture/Makefile | 21 - .../psa-migration/outcome-analysis.sh | 139 - .../psa-migration/psa-limitations.md | 338 - docs/architecture/psa-migration/syms.sh | 73 - docs/architecture/testing/invasive-testing.md | 367 - docs/architecture/testing/test-framework.md | 64 - docs/architecture/tls13-support.md | 433 - docs/conf.py | 34 - docs/index.rst | 20 - docs/proposed/Makefile | 22 - docs/proposed/README | 4 - docs/proposed/config-split.md | 469 - docs/psa-transition.md | 1318 -- docs/redirects.yaml | 11 - docs/requirements.in | 3 - docs/requirements.txt | 84 - docs/tls13-early-data.md | 192 - doxygen/input/doc_encdec.h | 54 - doxygen/input/doc_hashing.h | 30 - doxygen/input/doc_mainpage.h | 19 - doxygen/input/doc_rng.h | 27 - doxygen/input/doc_ssltls.h | 37 - doxygen/input/doc_tcpip.h | 32 - doxygen/input/doc_x509.h | 31 - doxygen/mbedtls.doxyfile | 56 - framework | 1 - include/.gitignore | 4 - include/CMakeLists.txt | 15 - include/mbedtls/build_info.h | 90 - include/mbedtls/check_config.h | 435 - include/mbedtls/compat-2.x.h | 46 - include/mbedtls/config_adjust_ssl.h | 90 - include/mbedtls/config_adjust_x509.h | 35 - include/mbedtls/debug.h | 156 - include/mbedtls/error.h | 67 - include/mbedtls/mbedtls_config.h | 1335 -- include/mbedtls/net_sockets.h | 299 - include/mbedtls/pkcs7.h | 240 - include/mbedtls/ssl.h | 5592 ------ include/mbedtls/ssl_cache.h | 187 - include/mbedtls/ssl_ciphersuites.h | 453 - include/mbedtls/ssl_cookie.h | 106 - include/mbedtls/ssl_ticket.h | 197 - include/mbedtls/timing.h | 94 - include/mbedtls/version.h | 78 - include/mbedtls/x509.h | 531 - include/mbedtls/x509_crl.h | 181 - include/mbedtls/x509_crt.h | 1203 -- include/mbedtls/x509_csr.h | 379 - library/.gitignore | 9 - library/CMakeLists.txt | 235 - library/Makefile | 417 - library/debug.c | 465 - library/debug_internal.h | 172 - library/mps_common.h | 181 - library/mps_error.h | 89 - library/mps_reader.c | 538 - library/mps_reader.h | 366 - library/mps_trace.c | 112 - library/mps_trace.h | 154 - library/net_sockets.c | 696 - library/pkcs7.c | 771 - library/ssl_cache.c | 409 - library/ssl_ciphersuites.c | 1876 -- library/ssl_ciphersuites_internal.h | 152 - library/ssl_client.c | 1016 -- library/ssl_client.h | 18 - library/ssl_cookie.c | 383 - library/ssl_debug_helpers.h | 81 - library/ssl_misc.h | 3018 ---- library/ssl_msg.c | 6364 ------- library/ssl_ticket.c | 555 - library/ssl_tls.c | 9915 ----------- library/ssl_tls12_client.c | 3585 ---- library/ssl_tls12_server.c | 4401 ----- library/ssl_tls13_client.c | 3181 ---- library/ssl_tls13_generic.c | 1745 -- library/ssl_tls13_invasive.h | 23 - library/ssl_tls13_keys.c | 1883 -- library/ssl_tls13_keys.h | 651 - library/ssl_tls13_server.c | 3601 ---- library/timing.c | 154 - library/version.c | 32 - library/x509.c | 1844 -- library/x509_create.c | 738 - library/x509_crl.c | 712 - library/x509_crt.c | 3302 ---- library/x509_csr.c | 638 - library/x509_internal.h | 87 - library/x509write.c | 174 - library/x509write_crt.c | 685 - library/x509write_csr.c | 334 - pkgconfig/.gitignore | 2 - pkgconfig/CMakeLists.txt | 25 - pkgconfig/JoinPaths.cmake | 27 - pkgconfig/mbedcrypto.pc.in | 10 - pkgconfig/mbedtls.pc.in | 11 - pkgconfig/mbedx509.pc.in | 11 - programs/.gitignore | 76 - programs/CMakeLists.txt | 15 - programs/Makefile | 441 - programs/README.md | 118 - programs/aes/CMakeLists.txt | 15 - programs/aes/crypt_and_hash.c | 577 - programs/cipher/CMakeLists.txt | 15 - programs/cipher/cipher_aead_demo.c | 259 - programs/demo_common.sh | 137 - programs/fuzz/.gitignore | 10 - programs/fuzz/CMakeLists.txt | 57 - programs/fuzz/Makefile | 46 - programs/fuzz/README.md | 68 - programs/fuzz/common.c | 105 - programs/fuzz/common.h | 28 - programs/fuzz/corpuses/client | Bin 4037 -> 0 bytes programs/fuzz/corpuses/dtlsclient | Bin 4058 -> 0 bytes programs/fuzz/corpuses/dtlsserver | Bin 1189 -> 0 bytes programs/fuzz/corpuses/server | Bin 675 -> 0 bytes programs/fuzz/fuzz_client.c | 193 - programs/fuzz/fuzz_client.options | 2 - programs/fuzz/fuzz_dtlsclient.c | 136 - programs/fuzz/fuzz_dtlsclient.options | 2 - programs/fuzz/fuzz_dtlsserver.c | 181 - programs/fuzz/fuzz_dtlsserver.options | 2 - programs/fuzz/fuzz_pkcs7.c | 21 - programs/fuzz/fuzz_pkcs7.options | 2 - programs/fuzz/fuzz_privkey.c | 104 - programs/fuzz/fuzz_privkey.options | 2 - programs/fuzz/fuzz_pubkey.c | 91 - programs/fuzz/fuzz_pubkey.options | 2 - programs/fuzz/fuzz_server.c | 216 - programs/fuzz/fuzz_server.options | 2 - programs/fuzz/fuzz_x509crl.c | 40 - programs/fuzz/fuzz_x509crl.options | 2 - programs/fuzz/fuzz_x509crt.c | 40 - programs/fuzz/fuzz_x509crt.options | 2 - programs/fuzz/fuzz_x509csr.c | 40 - programs/fuzz/fuzz_x509csr.options | 2 - programs/fuzz/onefile.c | 68 - programs/hash/CMakeLists.txt | 17 - programs/hash/generic_sum.c | 209 - programs/hash/hello.c | 45 - programs/hash/md_hmac_demo.c | 136 - programs/pkey/CMakeLists.txt | 45 - programs/pkey/dh_client.c | 288 - programs/pkey/dh_genprime.c | 161 - programs/pkey/dh_prime.txt | 2 - programs/pkey/dh_server.c | 306 - programs/pkey/ecdh_curve25519.c | 189 - programs/pkey/ecdsa.c | 220 - programs/pkey/gen_key.c | 477 - programs/pkey/key_app.c | 368 - programs/pkey/key_app_writer.c | 494 - programs/pkey/mpi_demo.c | 84 - programs/pkey/pk_decrypt.c | 153 - programs/pkey/pk_encrypt.c | 154 - programs/pkey/pk_sign.c | 155 - programs/pkey/pk_verify.c | 128 - programs/pkey/rsa_decrypt.c | 172 - programs/pkey/rsa_encrypt.c | 149 - programs/pkey/rsa_genkey.c | 141 - programs/pkey/rsa_priv.txt | 8 - programs/pkey/rsa_pub.txt | 2 - programs/pkey/rsa_sign.c | 155 - programs/pkey/rsa_sign_pss.c | 161 - programs/pkey/rsa_verify.c | 134 - programs/pkey/rsa_verify_pss.c | 136 - programs/random/CMakeLists.txt | 16 - programs/random/gen_entropy.c | 75 - programs/random/gen_random_ctr_drbg.c | 107 - programs/ssl/CMakeLists.txt | 73 - programs/ssl/dtls_client.c | 336 - programs/ssl/dtls_server.c | 409 - programs/ssl/mini_client.c | 270 - programs/ssl/ssl_client1.c | 285 - programs/ssl/ssl_client2.c | 3238 ---- programs/ssl/ssl_context_info.c | 1008 -- programs/ssl/ssl_fork_server.c | 376 - programs/ssl/ssl_mail_client.c | 813 - programs/ssl/ssl_pthread_server.c | 490 - programs/ssl/ssl_server.c | 356 - programs/ssl/ssl_server2.c | 4359 ----- programs/ssl/ssl_test_common_source.c | 377 - programs/ssl/ssl_test_lib.c | 648 - programs/ssl/ssl_test_lib.h | 331 - programs/test/CMakeLists.txt | 111 - programs/test/benchmark.c | 1272 -- programs/test/cmake_package/.gitignore | 4 - programs/test/cmake_package/CMakeLists.txt | 38 - programs/test/cmake_package/cmake_package.c | 27 - .../test/cmake_package_install/.gitignore | 4 - .../test/cmake_package_install/CMakeLists.txt | 41 - .../cmake_package_install.c | 28 - programs/test/cmake_subproject/.gitignore | 3 - programs/test/cmake_subproject/CMakeLists.txt | 23 - .../test/cmake_subproject/cmake_subproject.c | 28 - programs/test/dlopen.c | 101 - programs/test/dlopen_demo.sh | 42 - programs/test/generate_cpp_dummy_build.sh | 91 - programs/test/metatest.c | 484 - programs/test/query_compile_time_config.c | 66 - programs/test/query_config.h | 34 - programs/test/query_included_headers.c | 29 - programs/test/selftest.c | 584 - programs/test/udp_proxy.c | 964 -- programs/test/udp_proxy_wrapper.sh | 120 - programs/test/zeroize.c | 72 - programs/util/CMakeLists.txt | 21 - programs/util/pem2der.c | 265 - programs/util/strerror.c | 61 - programs/wince_main.c | 31 - programs/x509/CMakeLists.txt | 28 - programs/x509/cert_app.c | 456 - programs/x509/cert_req.c | 514 - programs/x509/cert_write.c | 1016 -- programs/x509/crl_app.c | 132 - programs/x509/load_roots.c | 165 - programs/x509/req_app.c | 132 - scripts/abi_check.py | 677 - scripts/basic.requirements.txt | 5 - scripts/bump_version.sh | 148 - .../scripts => scripts}/check-doxy-blocks.pl | 0 .../scripts => scripts}/check-python-files.sh | 0 scripts/ci.requirements.txt | 28 - scripts/code_size_compare.py | 953 -- scripts/common.make | 170 - scripts/config.py | 515 - scripts/data_files/error.fmt | 155 - scripts/data_files/query_config.fmt | 121 - scripts/data_files/version_features.fmt | 50 - .../data_files/vs2017-app-template.vcxproj | 175 - .../data_files/vs2017-main-template.vcxproj | 163 - scripts/data_files/vs2017-sln-template.sln | 30 - {tests/scripts => scripts}/doxygen.sh | 0 scripts/driver.requirements.txt | 19 - scripts/ecc-heap.sh | 87 - scripts/ecp_comb_table.py | 237 - scripts/footprint.sh | 108 - scripts/framework_scripts_path.py | 17 - scripts/generate_errors.pl | 244 - scripts/generate_features.pl | 79 - scripts/generate_query_config.pl | 116 - scripts/generate_visualc_files.pl | 314 - scripts/lcov.sh | 96 - scripts/maintainer.requirements.txt | 10 - scripts/make_generated_files.bat | 35 - scripts/massif_max.pl | 36 - scripts/memory.sh | 129 - scripts/min_requirements.py | 129 - scripts/prepare_release.sh | 70 - scripts/project_name.txt | 1 - {tests/scripts => scripts}/recursion.pl | 0 scripts/sbom.cdx.json | 48 - scripts/tmp_ignore_makefiles.sh | 47 - tests/.gitignore | 26 - tests/.jenkins/Jenkinsfile | 1 - tests/CMakeLists.txt | 224 - tests/Descriptions.txt | 22 - tests/Makefile | 386 - tests/compat-in-docker.sh | 55 - tests/compat.sh | 1240 -- tests/configs/tls13-only.h | 28 - tests/configs/user-config-for-test.h | 29 - tests/configs/user-config-malloc-0-null.h | 22 - tests/configs/user-config-zeroize-memset.h | 17 - tests/context-info.sh | 428 - tests/git-scripts/README.md | 16 - tests/git-scripts/pre-push.sh | 34 - tests/include/alt-dummy/platform_alt.h | 16 - tests/include/alt-dummy/threading_alt.h | 14 - tests/include/alt-dummy/timing_alt.h | 19 - tests/include/test/certs.h | 234 - tests/include/test/ssl_helpers.h | 664 - tests/make-in-docker.sh | 21 - tests/opt-testcases/sample.sh | 383 - tests/opt-testcases/tls13-kex-modes.sh | 3325 ---- tests/opt-testcases/tls13-misc.sh | 1310 -- tests/psa-client-server/README.md | 6 - tests/psa-client-server/psasim/.gitignore | 12 - tests/psa-client-server/psasim/Makefile | 81 - tests/psa-client-server/psasim/README.md | 61 - .../psa-client-server/psasim/include/client.h | 75 - .../psa-client-server/psasim/include/common.h | 52 - .../psasim/include/error_ext.h | 19 - tests/psa-client-server/psasim/include/init.h | 15 - .../psasim/include/lifecycle.h | 17 - .../psasim/include/service.h | 253 - tests/psa-client-server/psasim/include/util.h | 31 - tests/psa-client-server/psasim/src/aut_main.c | 71 - .../psasim/src/aut_psa_aead_encrypt.c | 227 - .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 109 - .../src/aut_psa_asymmetric_encrypt_decrypt.c | 81 - .../src/aut_psa_cipher_encrypt_decrypt.c | 81 - .../psasim/src/aut_psa_hash.c | 167 - .../psasim/src/aut_psa_hash_compute.c | 81 - .../psasim/src/aut_psa_hkdf.c | 121 - .../psasim/src/aut_psa_key_agreement.c | 146 - .../psasim/src/aut_psa_mac.c | 162 - .../psasim/src/aut_psa_random.c | 47 - .../psasim/src/aut_psa_sign_verify.c | 93 - tests/psa-client-server/psasim/src/client.c | 23 - .../psasim/src/manifest.json | 29 - .../psasim/src/psa_ff_client.c | 385 - .../psasim/src/psa_ff_server.c | 655 - .../psasim/src/psa_functions_codes.h | 102 - .../psasim/src/psa_sim_crypto_client.c | 7526 -------- .../psasim/src/psa_sim_crypto_server.c | 8791 ---------- .../psasim/src/psa_sim_generate.pl | 1208 -- .../psasim/src/psa_sim_serialise.c | 1729 -- .../psasim/src/psa_sim_serialise.h | 1389 -- .../psasim/src/psa_sim_serialise.pl | 1047 -- tests/psa-client-server/psasim/src/server.c | 118 - .../psasim/test/kill_servers.sh | 17 - .../psa-client-server/psasim/test/run_test.sh | 24 - .../psasim/test/start_server.sh | 17 - .../psasim/tools/psa_autogen.py | 174 - tests/scripts/all.sh | 112 - tests/scripts/analyze_outcomes.py | 775 - tests/scripts/audit-validity-dates.py | 469 - tests/scripts/basic-build-test.sh | 249 - tests/scripts/check-generated-files.sh | 188 - tests/scripts/check_names.py | 991 -- tests/scripts/components-basic-checks.sh | 167 - tests/scripts/components-build-system.sh | 250 - tests/scripts/components-compiler.sh | 146 - tests/scripts/components-compliance.sh | 32 - .../components-configuration-crypto.sh | 2628 --- .../components-configuration-platform.sh | 111 - tests/scripts/components-configuration-tls.sh | 661 - .../scripts/components-configuration-x509.sh | 35 - tests/scripts/components-configuration.sh | 349 - tests/scripts/components-platform.sh | 604 - tests/scripts/components-psasim.sh | 99 - tests/scripts/components-sanitizers.sh | 192 - tests/scripts/depends.py | 689 - tests/scripts/gen_ctr_drbg.pl | 96 - tests/scripts/gen_gcm_decrypt.pl | 101 - tests/scripts/gen_gcm_encrypt.pl | 84 - tests/scripts/gen_pkcs1_v21_sign_verify.pl | 74 - tests/scripts/generate-afl-tests.sh | 71 - tests/scripts/generate_server9_bad_saltlen.py | 87 - tests/scripts/list-identifiers.sh | 54 - tests/scripts/list_internal_identifiers.py | 47 - tests/scripts/mbedtls-all.sh | 16 - tests/scripts/pkgconfig.sh | 40 - tests/scripts/psa_collect_statuses.py | 128 - tests/scripts/run-metatests.sh | 89 - tests/scripts/run-test-suites.pl | 165 - tests/scripts/run_demos.py | 65 - tests/scripts/scripts_path.py | 20 - tests/scripts/set_psa_test_dependencies.py | 284 - tests/scripts/test_config_script.py | 175 - tests/scripts/test_psa_compliance.py | 172 - tests/scripts/test_psa_constant_names.py | 194 - tests/scripts/test_zeroize.gdb | 64 - tests/src/certs.c | 480 - tests/src/test_helpers/ssl_helpers.c | 2578 --- tests/ssl-opt.sh | 14198 ---------------- tests/suites/test_suite_config.function | 14 - .../test_suite_config.tls_combinations.data | 9 - .../suites/test_suite_constant_time_hmac.data | 15 - .../test_suite_constant_time_hmac.function | 159 - tests/suites/test_suite_debug.data | 67 - tests/suites/test_suite_debug.function | 240 - tests/suites/test_suite_error.data | 21 - tests/suites/test_suite_error.function | 21 - tests/suites/test_suite_mps.data | 125 - tests/suites/test_suite_mps.function | 1164 -- tests/suites/test_suite_net.data | 8 - tests/suites/test_suite_net.function | 137 - tests/suites/test_suite_pkcs7.data | 3257 ---- tests/suites/test_suite_pkcs7.function | 171 - tests/suites/test_suite_ssl.data | 3363 ---- tests/suites/test_suite_ssl.function | 5037 ------ tests/suites/test_suite_ssl_decrypt.function | 312 - tests/suites/test_suite_ssl_decrypt.misc.data | 399 - tests/suites/test_suite_test_helpers.data | 23 - tests/suites/test_suite_test_helpers.function | 40 - tests/suites/test_suite_timing.data | 8 - tests/suites/test_suite_timing.function | 57 - tests/suites/test_suite_version.data | 15 - tests/suites/test_suite_version.function | 73 - tests/suites/test_suite_x509parse.data | 3486 ---- tests/suites/test_suite_x509parse.function | 1775 -- tests/suites/test_suite_x509write.data | 319 - tests/suites/test_suite_x509write.function | 793 - tf-psa-crypto | 1 - visualc/VS2017/.gitignore | 16 - 481 files changed, 199465 deletions(-) delete mode 100644 .gitattributes delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md delete mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md delete mode 100644 .github/pull_request_template.md delete mode 100644 .gitignore delete mode 100644 .gitmodules delete mode 100644 .globalrc delete mode 100644 .mypy.ini delete mode 100644 .pylintrc delete mode 100644 .readthedocs.yaml delete mode 100644 .travis.yml delete mode 100644 .uncrustify.cfg delete mode 100644 3rdparty/.gitignore delete mode 100644 BRANCHES.md delete mode 100644 BUGS.md delete mode 100644 CMakeLists.txt delete mode 100644 CONTRIBUTING.md delete mode 100644 ChangeLog delete mode 100644 ChangeLog.d/00README.md delete mode 100644 ChangeLog.d/9126.txt delete mode 100644 ChangeLog.d/9302.txt delete mode 100644 ChangeLog.d/9690.txt delete mode 100644 ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt delete mode 100644 ChangeLog.d/add-psa-iop-generate-key.txt delete mode 100644 ChangeLog.d/add-psa-iop-key-agreement.txt delete mode 100644 ChangeLog.d/add-psa-key-agreement.txt delete mode 100644 ChangeLog.d/asn1-missing-guard-in-rsa.txt delete mode 100644 ChangeLog.d/check-config.txt delete mode 100644 ChangeLog.d/configuration-split.txt delete mode 100644 ChangeLog.d/dynamic-keystore.txt delete mode 100644 ChangeLog.d/ecdsa-conversion-overflow.txt delete mode 100644 ChangeLog.d/fix-aesni-asm-clobbers.txt delete mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt delete mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt delete mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt delete mode 100644 ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt delete mode 100644 ChangeLog.d/fix-driver-schema-check.txt delete mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt delete mode 100644 ChangeLog.d/fix-psa-cmac.txt delete mode 100644 ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt delete mode 100644 ChangeLog.d/fix-rsa-performance-regression.txt delete mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt delete mode 100644 ChangeLog.d/fix-server-mode-only-build.txt delete mode 100644 ChangeLog.d/fix-test-suite-pk-warnings.txt delete mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt delete mode 100644 ChangeLog.d/fix_ubsan_mp_aead_gcm.txt delete mode 100644 ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt delete mode 100644 ChangeLog.d/mbedtls_psa_register_se_key.txt delete mode 100644 ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt delete mode 100644 ChangeLog.d/pk-norsa-warning.txt delete mode 100644 ChangeLog.d/psa-always-on.txt delete mode 100644 ChangeLog.d/psa-crypto-config-always-on.txt delete mode 100644 ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt delete mode 100644 ChangeLog.d/psa_generate_key_custom.txt delete mode 100644 ChangeLog.d/psa_util-bits-0.txt delete mode 100644 ChangeLog.d/psa_util_in_builds_without_psa.txt delete mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/remove-via-padlock-support.txt delete mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt delete mode 100644 ChangeLog.d/repo-split.txt delete mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt delete mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt delete mode 100644 ChangeLog.d/tls13-cert-regressions.txt delete mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt delete mode 100644 ChangeLog.d/tls13-without-tickets.txt delete mode 100644 DartConfiguration.tcl delete mode 100644 LICENSE delete mode 100644 Makefile delete mode 100644 README.md delete mode 100644 SECURITY.md delete mode 100644 SUPPORT.md delete mode 100644 cmake/MbedTLSConfig.cmake.in delete mode 100644 configs/README.txt delete mode 100644 configs/config-ccm-psk-dtls1_2.h delete mode 100644 configs/config-ccm-psk-tls1_2.h delete mode 100644 configs/config-suite-b.h delete mode 100644 configs/config-symmetric-only.h delete mode 100644 configs/config-tfm.h delete mode 100644 configs/config-thread.h delete mode 100644 configs/crypto-config-ccm-aes-sha256.h delete mode 100644 configs/crypto-config-ccm-psk-tls1_2.h delete mode 100644 configs/crypto-config-suite-b.h delete mode 100644 configs/crypto-config-symmetric-only.h delete mode 100644 configs/crypto-config-thread.h delete mode 100644 configs/ext/README.md delete mode 100644 configs/ext/config_tfm.h delete mode 100644 configs/ext/crypto_config_profile_medium.h delete mode 100644 configs/ext/mbedtls_entropy_nv_seed_config.h delete mode 100644 configs/ext/tfm_mbedcrypto_config_profile_medium.h delete mode 100644 dco.txt delete mode 100644 docs/.gitignore delete mode 100644 docs/3.0-migration-guide.md delete mode 100644 docs/Makefile delete mode 100644 docs/architecture/Makefile delete mode 100755 docs/architecture/psa-migration/outcome-analysis.sh delete mode 100644 docs/architecture/psa-migration/psa-limitations.md delete mode 100755 docs/architecture/psa-migration/syms.sh delete mode 100644 docs/architecture/testing/invasive-testing.md delete mode 100644 docs/architecture/testing/test-framework.md delete mode 100644 docs/architecture/tls13-support.md delete mode 100644 docs/conf.py delete mode 100644 docs/index.rst delete mode 100644 docs/proposed/Makefile delete mode 100644 docs/proposed/README delete mode 100644 docs/proposed/config-split.md delete mode 100644 docs/psa-transition.md delete mode 100644 docs/redirects.yaml delete mode 100644 docs/requirements.in delete mode 100644 docs/requirements.txt delete mode 100644 docs/tls13-early-data.md delete mode 100644 doxygen/input/doc_encdec.h delete mode 100644 doxygen/input/doc_hashing.h delete mode 100644 doxygen/input/doc_mainpage.h delete mode 100644 doxygen/input/doc_rng.h delete mode 100644 doxygen/input/doc_ssltls.h delete mode 100644 doxygen/input/doc_tcpip.h delete mode 100644 doxygen/input/doc_x509.h delete mode 100644 doxygen/mbedtls.doxyfile delete mode 160000 framework delete mode 100644 include/.gitignore delete mode 100644 include/CMakeLists.txt delete mode 100644 include/mbedtls/build_info.h delete mode 100644 include/mbedtls/check_config.h delete mode 100644 include/mbedtls/compat-2.x.h delete mode 100644 include/mbedtls/config_adjust_ssl.h delete mode 100644 include/mbedtls/config_adjust_x509.h delete mode 100644 include/mbedtls/debug.h delete mode 100644 include/mbedtls/error.h delete mode 100644 include/mbedtls/mbedtls_config.h delete mode 100644 include/mbedtls/net_sockets.h delete mode 100644 include/mbedtls/pkcs7.h delete mode 100644 include/mbedtls/ssl.h delete mode 100644 include/mbedtls/ssl_cache.h delete mode 100644 include/mbedtls/ssl_ciphersuites.h delete mode 100644 include/mbedtls/ssl_cookie.h delete mode 100644 include/mbedtls/ssl_ticket.h delete mode 100644 include/mbedtls/timing.h delete mode 100644 include/mbedtls/version.h delete mode 100644 include/mbedtls/x509.h delete mode 100644 include/mbedtls/x509_crl.h delete mode 100644 include/mbedtls/x509_crt.h delete mode 100644 include/mbedtls/x509_csr.h delete mode 100644 library/.gitignore delete mode 100644 library/CMakeLists.txt delete mode 100644 library/Makefile delete mode 100644 library/debug.c delete mode 100644 library/debug_internal.h delete mode 100644 library/mps_common.h delete mode 100644 library/mps_error.h delete mode 100644 library/mps_reader.c delete mode 100644 library/mps_reader.h delete mode 100644 library/mps_trace.c delete mode 100644 library/mps_trace.h delete mode 100644 library/net_sockets.c delete mode 100644 library/pkcs7.c delete mode 100644 library/ssl_cache.c delete mode 100644 library/ssl_ciphersuites.c delete mode 100644 library/ssl_ciphersuites_internal.h delete mode 100644 library/ssl_client.c delete mode 100644 library/ssl_client.h delete mode 100644 library/ssl_cookie.c delete mode 100644 library/ssl_debug_helpers.h delete mode 100644 library/ssl_misc.h delete mode 100644 library/ssl_msg.c delete mode 100644 library/ssl_ticket.c delete mode 100644 library/ssl_tls.c delete mode 100644 library/ssl_tls12_client.c delete mode 100644 library/ssl_tls12_server.c delete mode 100644 library/ssl_tls13_client.c delete mode 100644 library/ssl_tls13_generic.c delete mode 100644 library/ssl_tls13_invasive.h delete mode 100644 library/ssl_tls13_keys.c delete mode 100644 library/ssl_tls13_keys.h delete mode 100644 library/ssl_tls13_server.c delete mode 100644 library/timing.c delete mode 100644 library/version.c delete mode 100644 library/x509.c delete mode 100644 library/x509_create.c delete mode 100644 library/x509_crl.c delete mode 100644 library/x509_crt.c delete mode 100644 library/x509_csr.c delete mode 100644 library/x509_internal.h delete mode 100644 library/x509write.c delete mode 100644 library/x509write_crt.c delete mode 100644 library/x509write_csr.c delete mode 100644 pkgconfig/.gitignore delete mode 100644 pkgconfig/CMakeLists.txt delete mode 100644 pkgconfig/JoinPaths.cmake delete mode 100644 pkgconfig/mbedcrypto.pc.in delete mode 100644 pkgconfig/mbedtls.pc.in delete mode 100644 pkgconfig/mbedx509.pc.in delete mode 100644 programs/.gitignore delete mode 100644 programs/CMakeLists.txt delete mode 100644 programs/Makefile delete mode 100644 programs/README.md delete mode 100644 programs/aes/CMakeLists.txt delete mode 100644 programs/aes/crypt_and_hash.c delete mode 100644 programs/cipher/CMakeLists.txt delete mode 100644 programs/cipher/cipher_aead_demo.c delete mode 100644 programs/demo_common.sh delete mode 100644 programs/fuzz/.gitignore delete mode 100644 programs/fuzz/CMakeLists.txt delete mode 100644 programs/fuzz/Makefile delete mode 100644 programs/fuzz/README.md delete mode 100644 programs/fuzz/common.c delete mode 100644 programs/fuzz/common.h delete mode 100644 programs/fuzz/corpuses/client delete mode 100644 programs/fuzz/corpuses/dtlsclient delete mode 100644 programs/fuzz/corpuses/dtlsserver delete mode 100644 programs/fuzz/corpuses/server delete mode 100644 programs/fuzz/fuzz_client.c delete mode 100644 programs/fuzz/fuzz_client.options delete mode 100644 programs/fuzz/fuzz_dtlsclient.c delete mode 100644 programs/fuzz/fuzz_dtlsclient.options delete mode 100644 programs/fuzz/fuzz_dtlsserver.c delete mode 100644 programs/fuzz/fuzz_dtlsserver.options delete mode 100644 programs/fuzz/fuzz_pkcs7.c delete mode 100644 programs/fuzz/fuzz_pkcs7.options delete mode 100644 programs/fuzz/fuzz_privkey.c delete mode 100644 programs/fuzz/fuzz_privkey.options delete mode 100644 programs/fuzz/fuzz_pubkey.c delete mode 100644 programs/fuzz/fuzz_pubkey.options delete mode 100644 programs/fuzz/fuzz_server.c delete mode 100644 programs/fuzz/fuzz_server.options delete mode 100644 programs/fuzz/fuzz_x509crl.c delete mode 100644 programs/fuzz/fuzz_x509crl.options delete mode 100644 programs/fuzz/fuzz_x509crt.c delete mode 100644 programs/fuzz/fuzz_x509crt.options delete mode 100644 programs/fuzz/fuzz_x509csr.c delete mode 100644 programs/fuzz/fuzz_x509csr.options delete mode 100644 programs/fuzz/onefile.c delete mode 100644 programs/hash/CMakeLists.txt delete mode 100644 programs/hash/generic_sum.c delete mode 100644 programs/hash/hello.c delete mode 100644 programs/hash/md_hmac_demo.c delete mode 100644 programs/pkey/CMakeLists.txt delete mode 100644 programs/pkey/dh_client.c delete mode 100644 programs/pkey/dh_genprime.c delete mode 100644 programs/pkey/dh_prime.txt delete mode 100644 programs/pkey/dh_server.c delete mode 100644 programs/pkey/ecdh_curve25519.c delete mode 100644 programs/pkey/ecdsa.c delete mode 100644 programs/pkey/gen_key.c delete mode 100644 programs/pkey/key_app.c delete mode 100644 programs/pkey/key_app_writer.c delete mode 100644 programs/pkey/mpi_demo.c delete mode 100644 programs/pkey/pk_decrypt.c delete mode 100644 programs/pkey/pk_encrypt.c delete mode 100644 programs/pkey/pk_sign.c delete mode 100644 programs/pkey/pk_verify.c delete mode 100644 programs/pkey/rsa_decrypt.c delete mode 100644 programs/pkey/rsa_encrypt.c delete mode 100644 programs/pkey/rsa_genkey.c delete mode 100644 programs/pkey/rsa_priv.txt delete mode 100644 programs/pkey/rsa_pub.txt delete mode 100644 programs/pkey/rsa_sign.c delete mode 100644 programs/pkey/rsa_sign_pss.c delete mode 100644 programs/pkey/rsa_verify.c delete mode 100644 programs/pkey/rsa_verify_pss.c delete mode 100644 programs/random/CMakeLists.txt delete mode 100644 programs/random/gen_entropy.c delete mode 100644 programs/random/gen_random_ctr_drbg.c delete mode 100644 programs/ssl/CMakeLists.txt delete mode 100644 programs/ssl/dtls_client.c delete mode 100644 programs/ssl/dtls_server.c delete mode 100644 programs/ssl/mini_client.c delete mode 100644 programs/ssl/ssl_client1.c delete mode 100644 programs/ssl/ssl_client2.c delete mode 100644 programs/ssl/ssl_context_info.c delete mode 100644 programs/ssl/ssl_fork_server.c delete mode 100644 programs/ssl/ssl_mail_client.c delete mode 100644 programs/ssl/ssl_pthread_server.c delete mode 100644 programs/ssl/ssl_server.c delete mode 100644 programs/ssl/ssl_server2.c delete mode 100644 programs/ssl/ssl_test_common_source.c delete mode 100644 programs/ssl/ssl_test_lib.c delete mode 100644 programs/ssl/ssl_test_lib.h delete mode 100644 programs/test/CMakeLists.txt delete mode 100644 programs/test/benchmark.c delete mode 100644 programs/test/cmake_package/.gitignore delete mode 100644 programs/test/cmake_package/CMakeLists.txt delete mode 100644 programs/test/cmake_package/cmake_package.c delete mode 100644 programs/test/cmake_package_install/.gitignore delete mode 100644 programs/test/cmake_package_install/CMakeLists.txt delete mode 100644 programs/test/cmake_package_install/cmake_package_install.c delete mode 100644 programs/test/cmake_subproject/.gitignore delete mode 100644 programs/test/cmake_subproject/CMakeLists.txt delete mode 100644 programs/test/cmake_subproject/cmake_subproject.c delete mode 100644 programs/test/dlopen.c delete mode 100755 programs/test/dlopen_demo.sh delete mode 100755 programs/test/generate_cpp_dummy_build.sh delete mode 100644 programs/test/metatest.c delete mode 100644 programs/test/query_compile_time_config.c delete mode 100644 programs/test/query_config.h delete mode 100644 programs/test/query_included_headers.c delete mode 100644 programs/test/selftest.c delete mode 100644 programs/test/udp_proxy.c delete mode 100755 programs/test/udp_proxy_wrapper.sh delete mode 100644 programs/test/zeroize.c delete mode 100644 programs/util/CMakeLists.txt delete mode 100644 programs/util/pem2der.c delete mode 100644 programs/util/strerror.c delete mode 100644 programs/wince_main.c delete mode 100644 programs/x509/CMakeLists.txt delete mode 100644 programs/x509/cert_app.c delete mode 100644 programs/x509/cert_req.c delete mode 100644 programs/x509/cert_write.c delete mode 100644 programs/x509/crl_app.c delete mode 100644 programs/x509/load_roots.c delete mode 100644 programs/x509/req_app.c delete mode 100755 scripts/abi_check.py delete mode 100644 scripts/basic.requirements.txt delete mode 100755 scripts/bump_version.sh rename {tests/scripts => scripts}/check-doxy-blocks.pl (100%) rename {tests/scripts => scripts}/check-python-files.sh (100%) delete mode 100644 scripts/ci.requirements.txt delete mode 100755 scripts/code_size_compare.py delete mode 100644 scripts/common.make delete mode 100755 scripts/config.py delete mode 100644 scripts/data_files/error.fmt delete mode 100644 scripts/data_files/query_config.fmt delete mode 100644 scripts/data_files/version_features.fmt delete mode 100644 scripts/data_files/vs2017-app-template.vcxproj delete mode 100644 scripts/data_files/vs2017-main-template.vcxproj delete mode 100644 scripts/data_files/vs2017-sln-template.sln rename {tests/scripts => scripts}/doxygen.sh (100%) delete mode 100644 scripts/driver.requirements.txt delete mode 100755 scripts/ecc-heap.sh delete mode 100755 scripts/ecp_comb_table.py delete mode 100755 scripts/footprint.sh delete mode 100644 scripts/framework_scripts_path.py delete mode 100755 scripts/generate_errors.pl delete mode 100755 scripts/generate_features.pl delete mode 100755 scripts/generate_query_config.pl delete mode 100755 scripts/generate_visualc_files.pl delete mode 100755 scripts/lcov.sh delete mode 100644 scripts/maintainer.requirements.txt delete mode 100644 scripts/make_generated_files.bat delete mode 100755 scripts/massif_max.pl delete mode 100755 scripts/memory.sh delete mode 100755 scripts/min_requirements.py delete mode 100755 scripts/prepare_release.sh delete mode 100644 scripts/project_name.txt rename {tests/scripts => scripts}/recursion.pl (100%) delete mode 100644 scripts/sbom.cdx.json delete mode 100755 scripts/tmp_ignore_makefiles.sh delete mode 100644 tests/.gitignore delete mode 100644 tests/.jenkins/Jenkinsfile delete mode 100644 tests/CMakeLists.txt delete mode 100644 tests/Descriptions.txt delete mode 100644 tests/Makefile delete mode 100755 tests/compat-in-docker.sh delete mode 100755 tests/compat.sh delete mode 100644 tests/configs/tls13-only.h delete mode 100644 tests/configs/user-config-for-test.h delete mode 100644 tests/configs/user-config-malloc-0-null.h delete mode 100644 tests/configs/user-config-zeroize-memset.h delete mode 100755 tests/context-info.sh delete mode 100644 tests/git-scripts/README.md delete mode 100755 tests/git-scripts/pre-push.sh delete mode 100644 tests/include/alt-dummy/platform_alt.h delete mode 100644 tests/include/alt-dummy/threading_alt.h delete mode 100644 tests/include/alt-dummy/timing_alt.h delete mode 100644 tests/include/test/certs.h delete mode 100644 tests/include/test/ssl_helpers.h delete mode 100755 tests/make-in-docker.sh delete mode 100644 tests/opt-testcases/sample.sh delete mode 100644 tests/opt-testcases/tls13-kex-modes.sh delete mode 100644 tests/opt-testcases/tls13-misc.sh delete mode 100644 tests/psa-client-server/README.md delete mode 100644 tests/psa-client-server/psasim/.gitignore delete mode 100644 tests/psa-client-server/psasim/Makefile delete mode 100644 tests/psa-client-server/psasim/README.md delete mode 100644 tests/psa-client-server/psasim/include/client.h delete mode 100644 tests/psa-client-server/psasim/include/common.h delete mode 100644 tests/psa-client-server/psasim/include/error_ext.h delete mode 100644 tests/psa-client-server/psasim/include/init.h delete mode 100644 tests/psa-client-server/psasim/include/lifecycle.h delete mode 100644 tests/psa-client-server/psasim/include/service.h delete mode 100644 tests/psa-client-server/psasim/include/util.h delete mode 100644 tests/psa-client-server/psasim/src/aut_main.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash_compute.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hkdf.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_key_agreement.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_mac.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_random.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_sign_verify.c delete mode 100644 tests/psa-client-server/psasim/src/client.c delete mode 100644 tests/psa-client-server/psasim/src/manifest.json delete mode 100644 tests/psa-client-server/psasim/src/psa_ff_client.c delete mode 100644 tests/psa-client-server/psasim/src/psa_ff_server.c delete mode 100644 tests/psa-client-server/psasim/src/psa_functions_codes.h delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_client.c delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_server.c delete mode 100755 tests/psa-client-server/psasim/src/psa_sim_generate.pl delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.c delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.h delete mode 100755 tests/psa-client-server/psasim/src/psa_sim_serialise.pl delete mode 100644 tests/psa-client-server/psasim/src/server.c delete mode 100755 tests/psa-client-server/psasim/test/kill_servers.sh delete mode 100755 tests/psa-client-server/psasim/test/run_test.sh delete mode 100755 tests/psa-client-server/psasim/test/start_server.sh delete mode 100755 tests/psa-client-server/psasim/tools/psa_autogen.py delete mode 100755 tests/scripts/all.sh delete mode 100755 tests/scripts/analyze_outcomes.py delete mode 100755 tests/scripts/audit-validity-dates.py delete mode 100755 tests/scripts/basic-build-test.sh delete mode 100755 tests/scripts/check-generated-files.sh delete mode 100755 tests/scripts/check_names.py delete mode 100644 tests/scripts/components-basic-checks.sh delete mode 100644 tests/scripts/components-build-system.sh delete mode 100644 tests/scripts/components-compiler.sh delete mode 100644 tests/scripts/components-compliance.sh delete mode 100644 tests/scripts/components-configuration-crypto.sh delete mode 100644 tests/scripts/components-configuration-platform.sh delete mode 100644 tests/scripts/components-configuration-tls.sh delete mode 100644 tests/scripts/components-configuration-x509.sh delete mode 100644 tests/scripts/components-configuration.sh delete mode 100644 tests/scripts/components-platform.sh delete mode 100644 tests/scripts/components-psasim.sh delete mode 100644 tests/scripts/components-sanitizers.sh delete mode 100755 tests/scripts/depends.py delete mode 100755 tests/scripts/gen_ctr_drbg.pl delete mode 100755 tests/scripts/gen_gcm_decrypt.pl delete mode 100755 tests/scripts/gen_gcm_encrypt.pl delete mode 100755 tests/scripts/gen_pkcs1_v21_sign_verify.pl delete mode 100755 tests/scripts/generate-afl-tests.sh delete mode 100755 tests/scripts/generate_server9_bad_saltlen.py delete mode 100755 tests/scripts/list-identifiers.sh delete mode 100755 tests/scripts/list_internal_identifiers.py delete mode 100755 tests/scripts/mbedtls-all.sh delete mode 100755 tests/scripts/pkgconfig.sh delete mode 100755 tests/scripts/psa_collect_statuses.py delete mode 100755 tests/scripts/run-metatests.sh delete mode 100755 tests/scripts/run-test-suites.pl delete mode 100755 tests/scripts/run_demos.py delete mode 100644 tests/scripts/scripts_path.py delete mode 100755 tests/scripts/set_psa_test_dependencies.py delete mode 100755 tests/scripts/test_config_script.py delete mode 100755 tests/scripts/test_psa_compliance.py delete mode 100755 tests/scripts/test_psa_constant_names.py delete mode 100644 tests/scripts/test_zeroize.gdb delete mode 100644 tests/src/certs.c delete mode 100644 tests/src/test_helpers/ssl_helpers.c delete mode 100755 tests/ssl-opt.sh delete mode 100644 tests/suites/test_suite_config.function delete mode 100644 tests/suites/test_suite_config.tls_combinations.data delete mode 100644 tests/suites/test_suite_constant_time_hmac.data delete mode 100644 tests/suites/test_suite_constant_time_hmac.function delete mode 100644 tests/suites/test_suite_debug.data delete mode 100644 tests/suites/test_suite_debug.function delete mode 100644 tests/suites/test_suite_error.data delete mode 100644 tests/suites/test_suite_error.function delete mode 100644 tests/suites/test_suite_mps.data delete mode 100644 tests/suites/test_suite_mps.function delete mode 100644 tests/suites/test_suite_net.data delete mode 100644 tests/suites/test_suite_net.function delete mode 100644 tests/suites/test_suite_pkcs7.data delete mode 100644 tests/suites/test_suite_pkcs7.function delete mode 100644 tests/suites/test_suite_ssl.data delete mode 100644 tests/suites/test_suite_ssl.function delete mode 100644 tests/suites/test_suite_ssl_decrypt.function delete mode 100644 tests/suites/test_suite_ssl_decrypt.misc.data delete mode 100644 tests/suites/test_suite_test_helpers.data delete mode 100644 tests/suites/test_suite_test_helpers.function delete mode 100644 tests/suites/test_suite_timing.data delete mode 100644 tests/suites/test_suite_timing.function delete mode 100644 tests/suites/test_suite_version.data delete mode 100644 tests/suites/test_suite_version.function delete mode 100644 tests/suites/test_suite_x509parse.data delete mode 100644 tests/suites/test_suite_x509parse.function delete mode 100644 tests/suites/test_suite_x509write.data delete mode 100644 tests/suites/test_suite_x509write.function delete mode 160000 tf-psa-crypto delete mode 100644 visualc/VS2017/.gitignore diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index ceb59d7d0..000000000 --- a/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -# Classify all '.function' files as C for syntax highlighting purposes -*.function linguist-language=C diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index c2031125c..000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -name: Bug report -about: To report a bug, please fill this form. -title: '' -labels: '' -assignees: '' - ---- - -### Summary - - - -### System information - -Mbed TLS version (number or commit id): -Operating system and version: -Configuration (if not default, please attach `mbedtls_config.h`): -Compiler and options (if you used a pre-built binary, please indicate how you obtained it): -Additional environment information: - -### Expected behavior - - - -### Actual behavior - - - -### Steps to reproduce - - - -### Additional information - diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index c1beccd86..000000000 --- a/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,8 +0,0 @@ -blank_issues_enabled: false -contact_links: - - name: Mbed TLS security team - url: mailto:mbed-tls-security@lists.trustedfirmware.org - about: Report a security vulnerability. - - name: Mbed TLS mailing list - url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org - about: Mbed TLS community support and general discussion. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 3b515137b..000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Enhancement request -about: To request an enhancement, please fill this form. -title: '' -labels: '' -assignees: '' - ---- - -### Suggested enhancement - - - -### Justification - -Mbed TLS needs this because - diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 155f114bf..000000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,31 +0,0 @@ -## Description - -Please write a few sentences describing the overall goals of the pull request's commits. - - - -## PR checklist - -Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line. -If the provided content is part of the present PR remove the # symbol. - -- [ ] **changelog** provided | not required because: -- [ ] **development PR** provided # | not required because: -- [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required -- [ ] **3.6 PR** provided # | not required because: -- [ ] **2.28 PR** provided # | not required because: -- **tests** provided | not required because: - - - -## Notes for the submitter - -Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the -checklist for PR contributors. - -Help make review efficient: -* Multiple simple commits - - please structure your PR into a series of small commits, each of which does one thing -* Avoid force-push - - please do not force-push to update your PR - just add new commit(s) -* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process. diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 2917cfbef..000000000 --- a/.gitignore +++ /dev/null @@ -1,76 +0,0 @@ -# Random seed file created by test scripts and sample programs -seedfile -# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework -00000000ffffff52.psa_its -# Log files created by all.sh to reduce the logs in case a component runs -# successfully -quiet-make.* - -# CMake build artifacts: -CMakeCache.txt -CMakeFiles -CTestTestfile.cmake -cmake_install.cmake -Testing -# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: -*.dir/ -# MSVC files generated by CMake: -/*.sln -/*.vcxproj -/*.filters - -# Test coverage build artifacts: -Coverage -*.gcno -*.gcda -coverage-summary.txt - -# generated by scripts/memory.sh -massif-* - -# Eclipse project files -.cproject -.project -/.settings - -# Unix-like build artifacts: -*.o -*.s - -# MSVC build artifacts: -*.exe -*.pdb -*.ilk -*.lib - -# Python build artifacts: -*.pyc - -# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: -*.dir/ - -# Microsoft CMake extension for Visual Studio Code generates a build directory by default -/build/ - -# Generated documentation: -/apidoc - -# PSA Crypto compliance test repo, cloned by test_psa_compliance.py -/psa-arch-tests - -# Editor navigation files: -/GPATH -/GRTAGS -/GSYMS -/GTAGS -/TAGS -/cscope*.out -/tags - -# clangd compilation database -compile_commands.json -# clangd index files -/.cache/clangd/index/ - -# VScode folder to store local debug files and configurations -.vscode diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 4612b3d0c..000000000 --- a/.gitmodules +++ /dev/null @@ -1,6 +0,0 @@ -[submodule "framework"] - path = framework - url = https://github.com/Mbed-TLS/mbedtls-framework -[submodule "tf-psa-crypto"] - path = tf-psa-crypto - url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git diff --git a/.globalrc b/.globalrc deleted file mode 100644 index 01b2ea5a3..000000000 --- a/.globalrc +++ /dev/null @@ -1,3 +0,0 @@ -default:\ - :langmap=c\:.c.h.function:\ - diff --git a/.mypy.ini b/.mypy.ini deleted file mode 100644 index f727cc20e..000000000 --- a/.mypy.ini +++ /dev/null @@ -1,4 +0,0 @@ -[mypy] -mypy_path = framework/scripts:scripts -namespace_packages = True -warn_unused_configs = True diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index f9c97d55e..000000000 --- a/.pylintrc +++ /dev/null @@ -1,80 +0,0 @@ -[MASTER] -init-hook='import sys; sys.path.append("scripts"); sys.path.append("framework/scripts")' -min-similarity-lines=10 - -[BASIC] -# We're ok with short funtion argument names. -# [invalid-name] -argument-rgx=[a-z_][a-z0-9_]*$ - -# Allow filter and map. -# [bad-builtin] -bad-functions=input - -# We prefer docstrings, but we don't require them on all functions. -# Require them only on long functions (for some value of long). -# [missing-docstring] -docstring-min-length=10 - -# No upper limit on method names. Pylint <2.1.0 has an upper limit of 30. -# [invalid-name] -method-rgx=[a-z_][a-z0-9_]{2,}$ - -# Allow module names containing a dash (but no underscore or uppercase letter). -# They are whole programs, not meant to be included by another module. -# [invalid-name] -module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$ - -# Some functions don't need docstrings. -# [missing-docstring] -no-docstring-rgx=(run_)?main$ - -# We're ok with short local or global variable names. -# [invalid-name] -variable-rgx=[a-z_][a-z0-9_]*$ - -[DESIGN] -# Allow more than the default 7 attributes. -# [too-many-instance-attributes] -max-attributes=15 - -[FORMAT] -# Allow longer modules than the default recommended maximum. -# [too-many-lines] -max-module-lines=2000 - -[MESSAGES CONTROL] -# * locally-disabled, locally-enabled: If we disable or enable a message -# locally, it's by design. There's no need to clutter the Pylint output -# with this information. -# * logging-format-interpolation: Pylint warns about things like -# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``. -# This is of minor utility (mainly a performance gain when there are -# many messages that use formatting and are below the log level). -# Some versions of Pylint (including 1.8, which is the version on -# Ubuntu 18.04) only recognize old-style format strings using '%', -# and complain about something like ``log.info('{}', foo)`` with -# logging-too-many-args (Pylint supports new-style formatting if -# declared globally with logging_format_style under [LOGGING] but -# this requires Pylint >=2.2). -# * no-else-return: Allow the perfectly reasonable idiom -# if condition1: -# return value1 -# else: -# return value2 -# * unnecessary-pass: If we take the trouble of adding a line with "pass", -# it's because we think the code is clearer that way. -disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass - -[REPORTS] -# Don't diplay statistics. Just the facts. -reports=no - -[VARIABLES] -# Allow unused variables if their name starts with an underscore. -# [unused-argument] -dummy-variables-rgx=_.* - -[SIMILARITIES] -# Ignore imports when computing similarities. -ignore-imports=yes diff --git a/.readthedocs.yaml b/.readthedocs.yaml deleted file mode 100644 index bc0701e9c..000000000 --- a/.readthedocs.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# .readthedocs.yaml -# Read the Docs configuration file -# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details - -# Required -version: 2 - -# Include all submodules in the build -submodules: - include: all - recursive: true - -# Set the version of Python and other tools you might need -build: - os: ubuntu-20.04 - tools: - python: "3.9" - jobs: - pre_build: - - ./scripts/apidoc_full.sh - - breathe-apidoc -o docs/api apidoc/xml - post_build: - - | - # Work around Readthedocs bug: Command parsing fails if the 'if' statement is on the first line - if [ "$READTHEDOCS_VERSION" = "development" ]; then - "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml - fi - -# Build documentation in the docs/ directory with Sphinx -sphinx: - builder: dirhtml - configuration: docs/conf.py - -# Optionally declare the Python requirements required to build your docs -python: - install: - - requirements: docs/requirements.txt diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3b4132e05..000000000 --- a/.travis.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Declare python as our language. This way we get our chosen Python version, -# and pip is available. Gcc and clang are available anyway. -dist: jammy -os: linux -language: python -python: 3.10 - -cache: ccache - -branches: - only: - coverity_scan - -install: - - $PYTHON scripts/min_requirements.py - -env: - global: - - SEED=1 - - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo=" -addons: - coverity_scan: - project: - name: "ARMmbed/mbedtls" - notification_email: support-mbedtls@arm.com - build_command_prepend: - build_command: make - branch_pattern: coverity_scan diff --git a/.uncrustify.cfg b/.uncrustify.cfg deleted file mode 100644 index 8dc9db049..000000000 --- a/.uncrustify.cfg +++ /dev/null @@ -1,240 +0,0 @@ -# Configuration options for Uncrustify specifying the Mbed TLS code style. -# -# Note: The code style represented by this file has not yet been introduced -# to Mbed TLS. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - - -# Wrap lines at 100 characters -code_width = 100 - -# Allow splitting long for statements between the condition statements -ls_for_split_full = true - -# Allow splitting function calls between arguments -ls_func_split_full = true - -input_tab_size = 4 - -# Spaces-only indentation -indent_with_tabs = 0 - -indent_columns = 4 - -# Indent 'case' 1 level from 'switch' -indent_switch_case = indent_columns - -# Line-up strings broken by '\' -indent_align_string = true - -# Braces on the same line (Egyptian-style braces) -nl_enum_brace = remove -nl_union_brace = remove -nl_struct_brace = remove -nl_do_brace = remove -nl_if_brace = remove -nl_for_brace = remove -nl_else_brace = remove -nl_while_brace = remove -nl_switch_brace = remove - -# Braces on same line as keywords that follow them - 'else' and the 'while' in 'do {} while ()'; -nl_brace_else = remove -nl_brace_while = remove -# Space before else on the same line -sp_brace_else = add -# If else is on the same line as '{', force exactly 1 space between them -sp_else_brace = force - -# Functions are the exception and have braces on the next line -nl_fcall_brace = add -nl_fdef_brace = add - -# Force exactly one space between ')' and '{' in statements -sp_sparen_brace = force - -# At least 1 space around assignment -sp_assign = add - -# Remove spaces around the preprocessor '##' token-concatenate -sp_pp_concat = ignore - -# At least 1 space around '||' and '&&' -sp_bool = add - -# But no space after the '!' operator -sp_not = remove - -# No space after the bitwise-not '~' operator -sp_inv = remove - -# No space after the addressof '&' operator -sp_addr = remove - -# No space around the member '.' and '->' operators -sp_member = remove - -# No space after the dereference '*' operator -sp_deref = remove - -# No space after a unary negation '-' -sp_sign = remove - -# No space between the '++'/'--' operator and its operand -sp_incdec = remove - -# At least 1 space around comparison operators -sp_compare = add - -# Remove spaces inside all kinds of parentheses: - -# Remove spaces inside parentheses -sp_inside_paren = remove - -# No spaces inside statement parentheses -sp_inside_sparen = remove - -# No spaces inside cast parentheses '( char )x' -> '(char)x' -sp_inside_paren_cast = remove - -# No spaces inside function parentheses -sp_inside_fparen = remove -# (The case where the function has no parameters/arguments) -sp_inside_fparens = remove - -# No spaces inside the first parentheses in a function type -sp_inside_tparen = remove - -# (Uncrustify >= 0.74.0) No spaces inside parens in for statements -sp_inside_for = remove - -# Remove spaces between nested parentheses '( (' -> '((' -sp_paren_paren = remove -# (Uncrustify >= 0.74.0) -sp_sparen_paren = remove - -# Remove spaces between ')' and adjacent '(' -sp_cparen_oparen = remove - -# (Uncrustify >= 0.73.0) space between 'do' and '{' -sp_do_brace_open = force - -# (Uncrustify >= 0.73.0) space between '}' and 'while' -sp_brace_close_while = force - -# At least 1 space before a '*' pointer star -sp_before_ptr_star = add - -# Remove spaces between pointer stars -sp_between_ptr_star = remove - -# No space after a pointer star -sp_after_ptr_star = remove - -# But allow a space in the case of e.g. char * const x; -sp_after_ptr_star_qualifier = ignore - -# Remove space after star in a function return type -sp_after_ptr_star_func = remove - -# At least 1 space after a type in variable definition etc -sp_after_type = add - -# Force exactly 1 space between a statement keyword (e.g. 'if') and an opening parenthesis -sp_before_sparen = force - -# Remove a space before a ';' -sp_before_semi = remove -# (Uncrustify >= 0.73.0) Remove space before a semi in a non-empty for -sp_before_semi_for = remove -# (Uncrustify >= 0.73.0) Remove space in empty first statement of a for -sp_before_semi_for_empty = remove -# (Uncrustify >= 0.74.0) Remove space in empty middle statement of a for -sp_between_semi_for_empty = remove - -# Add a space after a ';' (unless a comment follows) -sp_after_semi = add -# (Uncrustify >= 0.73.0) Add a space after a semi in non-empty for statements -sp_after_semi_for = add -# (Uncrustify >= 0.73.0) No space after final semi in empty for statements -sp_after_semi_for_empty = remove - -# Remove spaces on the inside of square brackets '[]' -sp_inside_square = remove - -# Must have at least 1 space after a comma -sp_after_comma = add - -# Must not have a space before a comma -sp_before_comma = remove - -# No space before the ':' in a case statement -sp_before_case_colon = remove - -# Must have space after a cast - '(char)x' -> '(char) x' -sp_after_cast = add - -# No space between 'sizeof' and '(' -sp_sizeof_paren = remove - -# At least 1 space inside '{ }' -sp_inside_braces = add - -# At least 1 space inside '{ }' in an enum -sp_inside_braces_enum = add - -# At least 1 space inside '{ }' in a struct -sp_inside_braces_struct = add - -# At least 1 space between a function return type and the function name -sp_type_func = add - -# No space between a function name and its arguments/parameters -sp_func_proto_paren = remove -sp_func_def_paren = remove -sp_func_call_paren = remove - -# No space between '__attribute__' and '(' -sp_attribute_paren = remove - -# No space between 'defined' and '(' in preprocessor conditions -sp_defined_paren = remove - -# At least 1 space between a macro's name and its definition -sp_macro = add -sp_macro_func = add - -# Force exactly 1 space between a '}' and the name of a typedef if on the same line -sp_brace_typedef = force - -# At least 1 space before a '\' line continuation -sp_before_nl_cont = add - -# At least 1 space around '?' and ':' in ternary statements -sp_cond_colon = add -sp_cond_question = add - -# Space between #else/#endif and comment afterwards -sp_endif_cmt = add - -# Remove newlines at the start of a file -nl_start_of_file = remove - -# At least 1 newline at the end of a file -nl_end_of_file = add -nl_end_of_file_min = 1 - -# Add braces in single-line statements -mod_full_brace_do = add -mod_full_brace_for = add -mod_full_brace_if = add -mod_full_brace_while = add - -# Remove parentheses from return statements -mod_paren_on_return = remove - -# Disable removal of leading spaces in a multi-line comment if the first and -# last lines are the same length -cmt_multi_check_last = false diff --git a/3rdparty/.gitignore b/3rdparty/.gitignore deleted file mode 100644 index 5fc607b9e..000000000 --- a/3rdparty/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/Makefile diff --git a/BRANCHES.md b/BRANCHES.md deleted file mode 100644 index bcceda883..000000000 --- a/BRANCHES.md +++ /dev/null @@ -1,115 +0,0 @@ -# Maintained branches - -At any point in time, we have a number of maintained branches, currently consisting of: - -- The [`main`](https://github.com/Mbed-TLS/mbedtls/tree/main) branch: - this always contains the latest release, including all publicly available - security fixes. -- The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch: - this is where the next major version of Mbed TLS (version 4.0) is being - prepared. It has API changes that make it incompatible with Mbed TLS 3.x, - as well as all the new features and bug fixes and security fixes. -- One or more long-time support (LTS) branches: these only get bug fixes and - security fixes. Currently, the supported LTS branches are: -- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28). -- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). - -We retain a number of historical branches, whose names are prefixed by `archive/`, -such as [`archive/mbedtls-2.7`](https://github.com/Mbed-TLS/mbedtls/tree/archive/mbedtls-2.7). -These branches will not receive any changes or updates. - -We use [Semantic Versioning](https://semver.org/). In particular, we maintain -API compatibility in the `main` branch across minor version changes (e.g. -the API of 3.(x+1) is backward compatible with 3.x). We only break API -compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain -ABI compatibility within LTS branches; see the next section for details. - -We will make regular LTS releases on an 18-month cycle, each of which will have -a 3 year support lifetime. On this basis, 3.6 LTS (released March 2024) will be -supported until March 2027. The next LTS release will be a 4.x release, which is -planned for September 2025. - -## Backwards Compatibility for application code - -We maintain API compatibility in released versions of Mbed TLS. If you have -code that's working and secure with Mbed TLS x.y.z and does not rely on -undocumented features, then you should be able to re-compile it without -modification with any later release x.y'.z' with the same major version -number, and your code will still build, be secure, and work. - -Note that this guarantee only applies if you either use the default -compile-time configuration (`mbedtls/mbedtls_config.h`) or the same modified -compile-time configuration. Changing compile-time configuration options can -result in an incompatible API or ABI, although features will generally not -affect unrelated features (for example, enabling or disabling a -cryptographic algorithm does not break code that does not use that -algorithm). - -Note that new releases of Mbed TLS may extend the API. Here are some -examples of changes that are common in minor releases of Mbed TLS, and are -not considered API compatibility breaks: - -* Adding or reordering fields in a structure or union. -* Removing a field from a structure, unless the field is documented as public. -* Adding items to an enum. -* Returning an error code that was not previously documented for a function - when a new error condition arises. -* Changing which error code is returned in a case where multiple error - conditions apply. -* Changing the behavior of a function from failing to succeeding, when the - change is a reasonable extension of the current behavior, i.e. the - addition of a new feature. - -There are rare exceptions where we break API compatibility: code that was -relying on something that became insecure in the meantime (for example, -crypto that was found to be weak) may need to be changed. In case security -comes in conflict with backwards compatibility, we will put security first, -but always attempt to provide a compatibility option. - -## Backward compatibility for the key store - -We maintain backward compatibility with previous versions of the -PSA Crypto persistent storage since Mbed TLS 2.25.0, provided that the -storage backend (PSA ITS implementation) is configured in a compatible way. -We intend to maintain this backward compatibility throughout a major version -of Mbed TLS (for example, all Mbed TLS 3.y versions will be able to read -keys written under any Mbed TLS 3.x with x <= y). - -Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x -LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y) -may require the use of an upgrade tool. - -Note that this guarantee does not currently fully extend to drivers, which -are an experimental feature. We intend to maintain compatibility with the -basic use of drivers from Mbed TLS 2.28.0 onwards, even if driver APIs -change. However, for more experimental parts of the driver interface, such -as the use of driver state, we do not yet guarantee backward compatibility. - -## Long-time support branches - -For the LTS branches, additionally we try very hard to also maintain ABI -compatibility (same definition as API except with re-linking instead of -re-compiling) and to avoid any increase in code size or RAM usage, or in the -minimum version of tools needed to build the code. The only exception, as -before, is in case those goals would conflict with fixing a security issue, we -will put security first but provide a compatibility option. (So far we never -had to break ABI compatibility in an LTS branch, but we occasionally had to -increase code size for a security fix.) - -For contributors, see the [Backwards Compatibility section of -CONTRIBUTING](CONTRIBUTING.md#backwards-compatibility). - -## Current Branches - -The following branches are currently maintained: - -- [main](https://github.com/Mbed-TLS/mbedtls/tree/main) -- [`development`](https://github.com/Mbed-TLS/mbedtls/) -- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) - maintained until March 2027, see - . -- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) - maintained until the end of 2024, see - . - -Users are urged to always use the latest version of a maintained branch. diff --git a/BUGS.md b/BUGS.md deleted file mode 100644 index a65c606de..000000000 --- a/BUGS.md +++ /dev/null @@ -1,20 +0,0 @@ -## Known issues - -Known issues in Mbed TLS are [tracked on GitHub](https://github.com/Mbed-TLS/mbedtls/issues). - -## Reporting a bug - -If you think you've found a bug in Mbed TLS, please follow these steps: - -1. Make sure you're using the latest version of a - [maintained branch](BRANCHES.md): `main`, `development`, - or a long-time support branch. -2. Check [GitHub](https://github.com/Mbed-TLS/mbedtls/issues) to see if - your issue has already been reported. If not, … -3. If the issue is a security risk (for example: buffer overflow, - data leak), please report it confidentially as described in - [`SECURITY.md`](SECURITY.md). If not, … -4. Please [create an issue on on GitHub](https://github.com/Mbed-TLS/mbedtls/issues). - -Please do not use GitHub for support questions. If you want to know -how to do something with Mbed TLS, please see [`SUPPORT.md`](SUPPORT.md) for available documentation and support channels. diff --git a/CMakeLists.txt b/CMakeLists.txt deleted file mode 100644 index 9f23c3b2f..000000000 --- a/CMakeLists.txt +++ /dev/null @@ -1,566 +0,0 @@ -# -# CMake build system design considerations: -# -# - Include directories: -# + Do not define include directories globally using the include_directories -# command but rather at the target level using the -# target_include_directories command. That way, it is easier to guarantee -# that targets are built using the proper list of include directories. -# + Use the PUBLIC and PRIVATE keywords to specify the scope of include -# directories. That way, a target linking to a library (using the -# target_link_libraries command) inherits from the library PUBLIC include -# directories and not from the PRIVATE ones. -# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling -# CMake in order to avoid target name clashes, via the use of -# MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the -# mbedtls, mbedx509, tfpsacrypto and mbedtls-apidoc targets. -# - -# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here -# until our infrastructure catches up. -cmake_minimum_required(VERSION 3.5.1) - -include(CMakePackageConfigHelpers) - -# Include convenience functions for printing properties and variables, like -# cmake_print_properties(), cmake_print_variables(). -include(CMakePrintHelpers) - -# https://cmake.org/cmake/help/latest/policy/CMP0011.html -# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD -# policy setting is deprecated, and will be removed in future versions. -cmake_policy(SET CMP0011 NEW) -# https://cmake.org/cmake/help/latest/policy/CMP0012.html -# Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2 -# (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required -# for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting -# is deprecated and will be removed in future versions. -cmake_policy(SET CMP0012 NEW) - -if(TEST_CPP) - project("Mbed TLS" - LANGUAGES C CXX - VERSION 4.0.0 - ) -else() - project("Mbed TLS" - LANGUAGES C - VERSION 4.0.0 - ) -endif() - -include(GNUInstallDirs) - -# Determine if Mbed TLS is being built as a subproject using add_subdirectory() -if(NOT DEFINED MBEDTLS_AS_SUBPROJECT) - set(MBEDTLS_AS_SUBPROJECT ON) - if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR) - set(MBEDTLS_AS_SUBPROJECT OFF) - endif() -endif() - -# Set the project and framework root directory. -set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}) -set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/framework) - -option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON) - -option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) -if(CMAKE_HOST_WIN32) - # N.B. The comment on the next line is significant! If you change it, - # edit the sed command in prepare_release.sh that modifies - # CMakeLists.txt. - option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development -else() - option(GEN_FILES "Generate the auto-generated files as needed" ON) -endif() - -option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT}) - -if (CMAKE_C_SIMULATE_ID) - set(COMPILER_ID ${CMAKE_C_SIMULATE_ID}) -else() - set(COMPILER_ID ${CMAKE_C_COMPILER_ID}) -endif(CMAKE_C_SIMULATE_ID) - -string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}") -string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}") -string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}") -string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}") - -# the test suites currently have compile errors with MSVC -if(CMAKE_COMPILER_IS_MSVC) - option(ENABLE_TESTING "Build Mbed TLS tests." OFF) -else() - option(ENABLE_TESTING "Build Mbed TLS tests." ON) -endif() - -option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON) -option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF) -option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF) -option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF) - -# Warning string - created as a list for compatibility with CMake 2.8 -set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") -set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") -set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") - -set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" - "${CTR_DRBG_128_BIT_KEY_WARN_L1}" - "${CTR_DRBG_128_BIT_KEY_WARN_L2}" - "${CTR_DRBG_128_BIT_KEY_WARN_L3}" - "${WARNING_BORDER}") - -# Python 3 is only needed here to check for configuration warnings. -if(NOT CMAKE_VERSION VERSION_LESS 3.15.0) - set(Python3_FIND_STRATEGY LOCATION) - find_package(Python3 COMPONENTS Interpreter) - if(Python3_Interpreter_FOUND) - set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE}) - endif() -else() - find_package(PythonInterp 3) - if(PYTHONINTERP_FOUND) - set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE}) - endif() -endif() -if(MBEDTLS_PYTHON_EXECUTABLE) - - # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - RESULT_VARIABLE result) - if(${result} EQUAL 0) - message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) - endif() - -endif() - -# We now potentially need to link all executables against PThreads, if available -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - -# If this is the root project add longer list of available CMAKE_BUILD_TYPE values -if(NOT MBEDTLS_AS_SUBPROJECT) - set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg" - FORCE) -endif() - -# Make MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE into PATHs -set(MBEDTLS_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS config file (overrides default).") -set(MBEDTLS_USER_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS user config file (appended to default).") - -# Create a symbolic link from ${base_name} in the binary directory -# to the corresponding path in the source directory. -# Note: Copies the file(s) on Windows. -function(link_to_source base_name) - set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") - set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") - - # Linking to non-existent file is not desirable. At best you will have a - # dangling link, but when building in tree, this can create a symbolic link - # to itself. - if (EXISTS ${target} AND NOT EXISTS ${link}) - if (CMAKE_HOST_UNIX) - execute_process(COMMAND ln -s ${target} ${link} - RESULT_VARIABLE result - ERROR_VARIABLE output) - - if (NOT ${result} EQUAL 0) - message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") - endif() - else() - if (IS_DIRECTORY ${target}) - file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*") - foreach(file IN LISTS files) - configure_file("${target}/${file}" "${link}/${file}" COPYONLY) - endforeach(file) - else() - configure_file(${target} ${link} COPYONLY) - endif() - endif() - endif() -endfunction(link_to_source) - -# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b") -function(get_name_without_last_ext dest_var full_name) - # Split into a list on '.' (but a cmake list is just a ';'-separated string) - string(REPLACE "." ";" ext_parts "${full_name}") - # Remove the last item if there are more than one - list(LENGTH ext_parts ext_parts_len) - if (${ext_parts_len} GREATER "1") - math(EXPR ext_parts_last_item "${ext_parts_len} - 1") - list(REMOVE_AT ext_parts ${ext_parts_last_item}) - endif() - # Convert back to a string by replacing separators with '.' - string(REPLACE ";" "." no_ext_name "${ext_parts}") - # Copy into the desired variable - set(${dest_var} ${no_ext_name} PARENT_SCOPE) -endfunction(get_name_without_last_ext) - -include(CheckCCompilerFlag) - -set(CMAKE_C_EXTENSIONS OFF) -set(CMAKE_C_STANDARD 99) - -function(set_base_compile_options target) - if(CMAKE_COMPILER_IS_GNU) - set_gnu_base_compile_options(${target}) - elseif(CMAKE_COMPILER_IS_CLANG) - set_clang_base_compile_options(${target}) - elseif(CMAKE_COMPILER_IS_IAR) - set_iar_base_compile_options(${target}) - elseif(CMAKE_COMPILER_IS_MSVC) - set_msvc_base_compile_options(${target}) - endif() -endfunction(set_base_compile_options) - -function(set_gnu_base_compile_options target) - # some warnings we want are not available with old GCC versions - # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION - execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion - OUTPUT_VARIABLE GCC_VERSION) - target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes) - if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) - target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral) - endif() - if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) - target_compile_options(${target} PRIVATE -Wvla) - endif() - if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5) - target_compile_options(${target} PRIVATE -Wlogical-op) - endif() - if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - target_compile_options(${target} PRIVATE -Wshadow) - endif() - if (GCC_VERSION VERSION_GREATER 5.0) - CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) - if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) - target_compile_options(${target} PRIVATE -Wformat-signedness) - endif() - endif() - if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) - target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation) - endif() - target_compile_options(${target} PRIVATE $<$:-O2>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") - # Old GCC versions hit a performance problem with test_suite_pkwrite - # "Private keey write check EC" tests when building with Asan+UBSan - # and -O3: those tests take more than 100x time than normal, with - # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on - # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64. - # GCC 7.5 and above on Ubuntu 18.04 appear fine. - # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0. - # It doesn't slow down much even with modern compiler versions. - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>) - if (GCC_VERSION VERSION_LESS 7.0) - target_compile_options(${target} PRIVATE $<$:-O2>) - else() - target_compile_options(${target} PRIVATE $<$:-O3>) - endif() - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-Os>) - target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_gnu_base_compile_options) - -function(set_clang_base_compile_options target) - target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral) - target_compile_options(${target} PRIVATE $<$:-O2>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=memory>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory") - target_compile_options(${target} PRIVATE $<$:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-Os>) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_clang_base_compile_options) - -function(set_iar_base_compile_options target) - target_compile_options(${target} PRIVATE --warn_about_c_style_casts) - target_compile_options(${target} PRIVATE $<$:-Ohz>) - target_compile_options(${target} PRIVATE $<$:--debug -On>) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE --warnings_are_errors) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_iar_base_compile_options) - -function(set_msvc_base_compile_options target) - # Strictest warnings, UTF-8 source and execution charset - target_compile_options(${target} PRIVATE /W3 /utf-8) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE /WX) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_msvc_base_compile_options) - -function(set_config_files_compile_definitions target) - # Pass-through MBEDTLS_CONFIG_FILE, MBEDTLS_USER_CONFIG_FILE, - # TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE - if(MBEDTLS_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") - endif() - if(MBEDTLS_USER_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") - endif() - if(TF_PSA_CRYPTO_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC TF_PSA_CRYPTO_CONFIG_FILE="${TF_PSA_CRYPTO_CONFIG_FILE}") - endif() - if(TF_PSA_CRYPTO_USER_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC TF_PSA_CRYPTO_USER_CONFIG_FILE="${TF_PSA_CRYPTO_USER_CONFIG_FILE}") - endif() -endfunction(set_config_files_compile_definitions) - -if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) - set(CMAKE_CXX_STANDARD 11) - set(CMAKE_CXX_STANDARD_REQUIRED ON) - set(CMAKE_CXX_EXTENSIONS OFF) - if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pedantic") - endif() -endif() - -if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt") - if (EXISTS "${MBEDTLS_DIR}/.git") - message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents.") - else () - message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub.") - endif() -endif() -add_subdirectory(framework) - -add_subdirectory(include) - -set(TF_PSA_CRYPTO_TARGET_PREFIX ${MBEDTLS_TARGET_PREFIX} CACHE STRING "") -set(TF_PSA_CRYPTO_FATAL_WARNINGS ${MBEDTLS_FATAL_WARNINGS} CACHE BOOL "") -set(USE_STATIC_TF_PSA_CRYPTO_LIBRARY ${USE_STATIC_MBEDTLS_LIBRARY} CACHE BOOL "") -set(USE_SHARED_TF_PSA_CRYPTO_LIBRARY ${USE_SHARED_MBEDTLS_LIBRARY} CACHE BOOL "") -add_subdirectory(tf-psa-crypto) - -set(tfpsacrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto") -if (USE_STATIC_MBEDTLS_LIBRARY) - set(tfpsacrypto_static_target ${tfpsacrypto_target}) -endif() -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - string(APPEND tfpsacrypto_static_target "_static") -endif() - -set(tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto - ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin - ${TF_PSA_CRYPTO_TARGET_PREFIX}everest - ${TF_PSA_CRYPTO_TARGET_PREFIX}p256m) - -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - list(APPEND tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static - ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin_static) -endif() - -foreach(target IN LISTS tf_psa_crypto_library_targets) - if(NOT TARGET ${target}) - message(FATAL_ERROR "TF-PSA-Crypto target ${target} does not exist.") - endif() -endforeach(target) - -add_subdirectory(library) - -add_subdirectory(pkgconfig) - -# -# The C files in framework/tests/src directory contain test code shared among test suites -# and programs. This shared test code is compiled and linked to test suites and -# programs objects as a set of compiled objects. The compiled objects are NOT -# built into a library that the test suite and program objects would link -# against as they link against the tfpsacrypto, mbedx509 and mbedtls libraries. -# The reason is that such library is expected to have mutual dependencies with -# the aforementioned libraries and that there is as of today no portable way of -# handling such dependencies (only toolchain specific solutions). -# -# Thus the below definition of the `mbedtls_test` CMake library of objects -# target. This library of objects is used by tests and programs CMake files -# to define the test executables. -# -if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/*.c - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/drivers/*.c) - add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) - set_base_compile_options(mbedtls_test) - if(GEN_FILES) - add_custom_command( - OUTPUT - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py" - "--output" - "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h" - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py - ) - add_custom_target(mbedtls_test_keys_header - DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h) - add_dependencies(mbedtls_test mbedtls_test_keys_header) - endif() - target_include_directories(mbedtls_test - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - PRIVATE tests/include - PRIVATE include - PRIVATE tf-psa-crypto/include - PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include - PRIVATE library - PRIVATE tf-psa-crypto/core - PRIVATE tf-psa-crypto/drivers/builtin/src) - # Request C11, needed for memory poisoning tests - set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11) - set_config_files_compile_definitions(mbedtls_test) - - file(GLOB MBEDTLS_TEST_HELPER_FILES - tests/src/*.c tests/src/test_helpers/*.c) - add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES}) - set_base_compile_options(mbedtls_test_helpers) - if(GEN_FILES) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py - ) - add_custom_target(mbedtls_test_certs_header - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h) - add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header) - endif() - target_include_directories(mbedtls_test_helpers - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - PRIVATE tests/include - PRIVATE include - PRIVATE tf-psa-crypto/include - PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE library - PRIVATE tf-psa-crypto/core - PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include) - - set_config_files_compile_definitions(mbedtls_test_helpers) -endif() - -if(ENABLE_PROGRAMS) - set(ssl_opt_target "${MBEDTLS_TARGET_PREFIX}ssl-opt") - add_custom_target(${ssl_opt_target}) - - add_subdirectory(programs) -endif() - -ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}mbedtls-apidoc - COMMAND doxygen mbedtls.doxyfile - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen) - -if(ENABLE_TESTING) - enable_testing() - - add_subdirectory(tests) - - # additional convenience targets for Unix only - if(UNIX AND (NOT MBEDTLS_AS_SUBPROJECT)) - # For coverage testing: - # 1. Build with: - # cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make - # 2. Run the relevant tests for the part of the code you're interested in. - # For the reference coverage measurement, see - # tests/scripts/basic-build-test.sh - # 3. Run scripts/lcov.sh to generate an HTML report. - ADD_CUSTOM_TARGET(lcov - COMMAND scripts/lcov.sh - ) - - ADD_CUSTOM_TARGET(memcheck - COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl - COMMAND ctest -O memcheck.log -D ExperimentalMemCheck - COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null - COMMAND rm -f memcheck.log - COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl - ) - endif() - - # Make scripts needed for testing available in an out-of-source build. - if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - link_to_source(scripts) - # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to - # keep things simple with the sed commands in the memcheck target. - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl - ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY) - endif() -endif() - -if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) - configure_package_config_file( - "cmake/MbedTLSConfig.cmake.in" - "cmake/MbedTLSConfig.cmake" - INSTALL_DESTINATION "cmake") - - write_basic_package_version_file( - "cmake/MbedTLSConfigVersion.cmake" - COMPATIBILITY SameMajorVersion - VERSION 4.0.0) - - install( - FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" - "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake" - DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS") - - export( - EXPORT MbedTLSTargets - NAMESPACE MbedTLS:: - FILE "cmake/MbedTLSTargets.cmake") - - install( - EXPORT MbedTLSTargets - NAMESPACE MbedTLS:: - DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS" - FILE "MbedTLSTargets.cmake") - - if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15) - # Do not export the package by default - cmake_policy(SET CMP0090 NEW) - - # Make this package visible to the system - export(PACKAGE MbedTLS) - endif() -endif() diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 3b424f110..000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,97 +0,0 @@ -Contributing -============ -We gratefully accept bug reports and contributions from the community. All PRs are reviewed by the project team / community, and may need some modifications to -be accepted. - -Quick Checklist for PR contributors ------------------------------------ -More details on all of these points may be found in the sections below. - -- [Sign-off](#license-and-copyright): all commits must be signed off. -- [Tests](#tests): please ensure the PR includes adequate tests. -- [Changelog](#documentation): if needed, please provide a changelog entry. -- [Backports](#long-term-support-branches): provide a backport if needed (it's fine to wait until the main PR is accepted). - -Coding Standards ----------------- -- Contributions should include tests, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections. Please check that your contribution passes basic tests before submission, and check the CI results after making a pull request. -- The code should be written in a clean and readable style, and must follow [our coding standards](https://mbed-tls.readthedocs.io/en/latest/kb/development/mbedtls-coding-standards/). -- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. -- The code should be secure, and will be reviewed from a security point of view as well. - -Making a Contribution ---------------------- -1. [Check for open issues](https://github.com/Mbed-TLS/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug. -1. Fork the [Mbed TLS repository on GitHub](https://github.com/Mbed-TLS/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/Mbed-TLS/mbedtls/tree/development) as a basis. -1. Write a test which shows that the bug was fixed or that the feature works as expected. -1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. See our [review process guidelines](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/). -1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. - -Backwards Compatibility ------------------------ - -The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches, as described in [BRANCHES.md](BRANCHES.md). - -To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change. If there is an API change, the contribution, if accepted, will be merged only when there is a major release. - -No changes are permitted to the definition of functions in the public interface which will change the API. Instead the interface can only be changed by its extension. Where changes to an existing interface are necessary, functions in the public interface which need to be changed are marked as 'deprecated'. If there is a strong reason to replace an existing function with one that has a slightly different interface (different prototype, or different documented behavior), create a new function with a new name with the desired interface. Keep the old function, but mark it as deprecated. - -Periodically, the library will remove deprecated functions from the library which will be a breaking change in the API, but such changes will be made only in a planned, structured way that gives sufficient notice to users of the library. - -Long Term Support Branches --------------------------- -Mbed TLS maintains several LTS (Long Term Support) branches, which are maintained continuously for a given period. The LTS branches are provided to allow users of the library to have a maintained, stable version of the library which contains only security fixes and fixes for other defects, without encountering additional features or API extensions which may introduce issues or change the code size or RAM usage, which can be significant considerations on some platforms. To allow users to take advantage of the LTS branches, these branches maintain backwards compatibility for both the public API and ABI. - -When backporting to these branches please observe the following rules: - -1. Any change to the library which changes the API or ABI cannot be backported. -1. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted. -1. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts. - -It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/Mbed-TLS/mbedtls/tree/development) by contributors. - -The list of maintained branches can be found in the [Current Branches section -of BRANCHES.md](BRANCHES.md#current-branches). - -Tests ------ -As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist. - -Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_ssl.c`). These files are generated from a `function file` (e.g. `suites/test_suite_ssl.function`) and a `data file` (e.g. `suites/test_suite_ssl.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. - -[A Knowledge Base article describing how to add additional tests is available on the Mbed TLS website](https://mbed-tls.readthedocs.io/en/latest/kb/development/test_suites/). - -A test script `tests/scripts/basic-build-test.sh` is available to show test coverage of the library. New code contributions should provide a similar level of code coverage to that which already exists for the library. - -Sample applications, if needed, should be modified as well. - -Continuous Integration Tests ----------------------------- -Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. - -It is advised to enable the [githooks scripts](https://github.com/Mbed-TLS/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible. - -Documentation -------------- -Mbed TLS is well documented, but if you think documentation is needed, speak out! - -1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. -1. Complex parts in the code should include comments. -1. If needed, a Readme file is advised. -1. If a [Knowledge Base (KB)](https://mbed-tls.readthedocs.io/en/latest/kb/) article should be added, write this as a comment in the PR description. -1. A [ChangeLog](https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution. - -License and Copyright ---------------------- - -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under. - -Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. - -All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later". - -The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors". - -When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and is submitted under both the Apache-2.0 AND GPL-2.0-or-later licenses. - -This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line. diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 1c48958e3..000000000 --- a/ChangeLog +++ /dev/null @@ -1,6109 +0,0 @@ -Mbed TLS ChangeLog (Sorted per branch, date) - -= Mbed TLS 3.6.0 branch released 2024-03-28 - -API changes - * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and - mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data - feature may not be TLS 1.3 specific in the future. Fixes #6909. - -Default behavior changes - * psa_import_key() now only accepts RSA keys in the PSA standard formats. - The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, - PEM) accepted by the pkparse module has been removed. Applications that - need these formats can call mbedtls_pk_parse_{public,}key() followed by - mbedtls_pk_import_into_psa(). - -Requirement changes - * Drop support for Visual Studio 2013 and 2015, and Arm Compiler 5. - -New deprecations - * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to - MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still - be used, but are deprecated. - * In the PSA API, domain parameters are no longer used for anything. - They are deprecated and will be removed in a future version of the - library. - * mbedtls_ecp_write_key() is deprecated in favor of - mbedtls_ecp_write_key_ext(). - -Removals - * In the PSA API, the experimental way to encode the public exponent of - an RSA key as a domain parameter is no longer supported. Use - psa_generate_key_ext() instead. - * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the - same behavior mbedtls_pk_get_psa_attributes() and - mbedtls_pk_import_into_psa() can be used to import a PK key into PSA, - while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque - PK context. - -Features - * Added an example program showing how to hash with the PSA API. - * Support Armv8-A Crypto Extension acceleration for SHA-256 - when compiling for Thumb (T32) or 32-bit Arm (A32). - * AES-NI is now supported in Windows builds with clang and clang-cl. - Resolves #8372. - * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit - the decryption direction of block ciphers (AES, ARIA, Camellia). - This affects both the low-level modules and the high-level APIs - (the cipher and PSA interfaces). This option is incompatible with modes - that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES. - * Support use of Armv8-A Cryptographic Extensions for hardware acclerated - AES when compiling for Thumb (T32) or 32-bit Arm (A32). - * If a cipher or AEAD mechanism has a PSA driver, you can now build the - library without the corresponding built-in implementation. Generally - speaking that requires both the key type and algorithm to be accelerated - or they'll both be built in. However, for CCM and GCM the built-in - implementation is able to take advantage of a driver that only - accelerates the key type (that is, the block cipher primitive). See - docs/driver-only-builds.md for full details and current limitations. - * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is - disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to - MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. - * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code - size by disabling it in more circumstances. In particular, the CCM and - GCM modules no longer depend on MBEDTLS_CIPHER_C. Also, - MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all - unauthenticated (non-AEAD) ciphers are disabled, or if they're all - fully provided by drivers. See docs/driver-only-builds.md for full - details and current limitations; in particular, NIST_KW and PKCS5/PKCS12 - decryption still unconditionally depend on MBEDTLS_CIPHER_C. - * Add support for record size limit extension as defined by RFC 8449 - and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. - Application data sent and received will be fragmented according to - Record size limits negotiated during handshake. - * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when - hardware accelerated AES is not present (around 13-23% on 64-bit Arm). - * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() - to convert between Mbed TLS and PSA curve identifiers. - * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling - gaps made by making its fields private: mbedtls_ecp_set_public_key(), - mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), - mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. - * Add functions mbedtls_md_psa_alg_from_type() and - mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and - psa_algorithm_t. - * Add partial platform support for z/OS. - * Improve performance for gcc (versions older than 9.3.0) and IAR. - * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to - convert ECDSA signatures between raw and DER (ASN.1) formats. - * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. - * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus - in bits, i.e. the key size for an RSA key. - * Add pc files for pkg-config, e.g.: - pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) - * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access - `mbedtls_ssl_session.ticket_creation_time`. - * The new functions mbedtls_pk_get_psa_attributes() and - mbedtls_pk_import_into_psa() provide a uniform way to create a PSA - key from a PK key. - * The benchmark program now reports times for both ephemeral and static - ECDH in all ECDH configurations. - * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM - operations when hardware accelerated AES is not present. Improves - performance by around 30% on 64-bit Intel; 125% on Armv7-M. - * The new function psa_generate_key_ext() allows generating an RSA - key pair with a custom public exponent. - * The new function mbedtls_ecp_write_key_ext() is similar to - mbedtls_ecp_write_key(), but can be used without separately calculating - the output length. - * Add new accessor to expose the private group id member of - `mbedtls_ecdh_context` structure. - * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of - `mbedtls_x509_crt` structure. This requires setting - the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's - ext_types field. - * mbedtls_psa_get_random() is always available as soon as - MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is - called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be - used as random number generator function (f_rng) and context (p_rng) in - legacy functions. - * The new functions mbedtls_pk_copy_from_psa() and - mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context - with the same content as a PSA key. - * Add new accessors to expose the private session-id, - session-id length, and ciphersuite-id members of - `mbedtls_ssl_session` structure. - Add new accessor to expose the ciphersuite-id of - `mbedtls_ssl_ciphersuite_t` structure.Design ref: #8529 - * Mbed TLS now supports the writing and reading of TLS 1.3 early data (see - docs/tls13-early-data.md). The support enablement is controlled at build - time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by - the mbedtls_ssl_conf_early_data() API (by default disabled in both cases). - * Add protection for multithreaded access to the PSA keystore and protection - for multithreaded access to the the PSA global state, including - concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and - MBEDTLS_THREADING_PTHREAD are defined. See - docs/architecture/psa-thread-safety/psa-thread-safety.md for more details. - Resolves issues #3263 and #7945. - -Security - * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 - ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A - malicious client could cause information disclosure or a denial of service. - Fixes CVE-2024-30166. - * Passing buffers that are stored in untrusted memory as arguments - to PSA functions is now secure by default. - The PSA core now protects against modification of inputs or exposure - of intermediate outputs during operations. This is currently implemented - by copying buffers. - This feature increases code size and memory usage. If buffers passed to - PSA functions are owned exclusively by the PSA core for the duration of - the function call (i.e. no buffer parameters are in shared memory), - copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. - Note that setting this option will cause input-output buffer overlap to - be only partially supported (#3266). - Fixes CVE-2024-28960. - * Restore the maximum TLS version to be negotiated to the configured one - when an SSL context is reset with the mbedtls_ssl_session_reset() API. - An attacker was able to prevent an Mbed TLS server from establishing any - TLS 1.3 connection potentially resulting in a Denial of Service or forced - version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. - Fixes CVE-2024-28755. - * When negotiating TLS version on server side, do not fall back to the - TLS 1.2 implementation of the protocol if it is disabled. - - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 - client could put the TLS 1.3-only server in an infinite loop processing - a TLS 1.2 ClientHello, resulting in a denial of service. Reported by - Matthias Mucha and Thomas Blattmann, SICK AG. - - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client - was able to successfully establish a TLS 1.2 connection with the server. - Reported by alluettiv on GitHub. - Fixes CVE-2024-28836. - -Bugfix - * Fix the build with CMake when Everest or P256-m is enabled through - a user configuration file or the compiler command line. Fixes #8165. - * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is - disabled. - * Fix possible NULL dereference issue in X509 cert_req program if an entry - in the san parameter is not separated by a colon. - * Fix possible NULL dereference issue in X509 cert_write program if an entry - in the san parameter is not separated by a colon. - * Fix an inconsistency between implementations and usages of `__cpuid`, - which mainly causes failures when building Windows target using - mingw or clang. Fixes #8334 & #8332. - * Fix build failure in conda-forge. Fixes #8422. - * Fix parsing of CSRs with critical extensions. - * Switch to milliseconds as the unit for ticket creation and reception time - instead of seconds. That avoids rounding errors when computing the age of - tickets compared to peer using a millisecond clock (observed with GnuTLS). - Fixes #6623. - * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2 - is disabled at runtime. Fixes #8593. - * Remove accidental introduction of RSA signature algorithms - in TLS Suite B Profile. Fixes #8221. - * Fix unsupported PSA asymmetric encryption and decryption - (psa_asymmetric_[en|de]crypt) with opaque keys. - Resolves #8461. - * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512 - acceleration detection when the libc headers do not define the - corresponding constant. Reported by valord577. - * Correct initial capacities for key derivation algorithms:TLS12_PRF, - TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC - * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a - multiple of 8. Fixes #868. - * Avoid segmentation fault caused by releasing not initialized - entropy resource in gen_key example. Fixes #8809. - * mbedtls_pem_read_buffer() now performs a check on the padding data of - decrypted keys and it rejects invalid ones. - * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and - mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in - the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the - RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify - functions performed a PKCS#1 v1.5 signature instead and the - encrypt/decrypt functions returned an error. Fixes #8824. - * Fix missing bitflags in SSL session serialization headers. Their absence - allowed SSL sessions saved in one configuration to be loaded in a - different, incompatible configuration. - * In TLS 1.3 clients, fix an interoperability problem due to the client - generating a new random after a HelloRetryRequest. Fixes #8669. - * Fix the restoration of the ALPN when loading serialized connection with - the mbedtls_ssl_context_load() API. - * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using - an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type. - * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the - primary algorithm of the wrapped PSA key. - * Fully support arbitrary overlap between inputs and outputs of PSA - functions. Note that overlap is still only partially supported when - MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266). - -Changes - * Use heap memory to allocate DER encoded public/private key. - This reduces stack usage significantly for writing a public/private - key to a PEM string. - * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and - they are now treated separately. This means that they should be - individually enabled in order to enable respective support; also the - corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case - acceleration is required. - * Moved declaration of functions mbedtls_ecc_group_to_psa and - mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h - * mbedtls_pk_sign_ext() is now always available, not just when - PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. - * Extended PSA Crypto configurations options for FFDH by making it possible - to select only some of the parameters / groups, with the macros - PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro - for each size you want to support. Also, if you have an FFDH accelerator, - you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal - support for these domain parameters. - * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules, - saving code size when those are not otherwise enabled. - * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations, - have changed their speed/memory compromise as part of a proactive security - improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly - preserves the current speed, at the expense of increasing memory - consumption. - * Rename directory containing Visual Studio files from visualc/VS2013 to - visualc/VS2017. - * The TLS 1.3 protocol is now enabled in the default configuration. - -= Mbed TLS 3.5.2 branch released 2024-01-26 - -Security - * Fix a timing side channel in private key RSA operations. This side channel - could be sufficient for an attacker to recover the plaintext. A local - attacker or a remote attacker who is close to the victim on the network - might have precise enough timing measurements to exploit this. It requires - the attacker to send a large number of messages for decryption. For - details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported - by Hubert Kario, Red Hat. - * Fix a failure to validate input when writing x509 extensions lengths which - could result in an integer overflow, causing a zero-length buffer to be - allocated to hold the extension. The extension would then be copied into - the buffer, causing a heap buffer overflow. - -= Mbed TLS 3.5.1 branch released 2023-11-06 - -Changes - * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later - license. Users may choose which license they take the code under. - -Bugfix - * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules - in CMake. - -= Mbed TLS 3.5.0 branch released 2023-10-05 - -API changes - * Mbed TLS 3.4 introduced support for omitting the built-in implementation - of ECDSA and/or EC J-PAKE when those are provided by a driver. However, - there was a flaw in the logic checking if the built-in implementation, in - that it failed to check if all the relevant curves were supported by the - accelerator. As a result, it was possible to declare no curves as - accelerated and still have the built-in implementation compiled out. - Starting with this release, it is necessary to declare which curves are - accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be - considered not accelerated, and the built-in implementation of the curves - and any algorithm possible using them will be included in the build. - * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()` - function, needed for TLS 1.3 ticket lifetimes. Alternative implementations - can be created using an ALT interface. - -Requirement changes - * Officially require Python 3.8 now that earlier versions are out of support. - * Minimum required Windows version is now Windows Vista, or - Windows Server 2008. - -New deprecations - * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA, - are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC, - IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about - the capabilities of the PSA side for either key. - * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of - MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests: - maximum size of any supported block cipher) or the new name - MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics: - maximum size of a block cipher supported by the CMAC module). - * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now - deprecated in favor of mbedtls_pkcs5_pbes2_ext() and - mbedtls_pkcs12_pbe_ext() as they offer more security by checking - for overflow of the output buffer and reporting the actual length - of the output. - -Features - * All modules that use hashes or HMAC can now take advantage of PSA Crypto - drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has - been called. Previously (in 3.3), this was restricted to a few modules, - and only in builds where MBEDTLS_MD_C was disabled; in particular the - entropy module was not covered which meant an external RNG had to be - provided - these limitations are lifted in this version. A new set of - feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used - to check for availability of hash algorithms, regardless of whether - they're provided by a built-in implementation, a driver or both. See - docs/driver-only-builds.md. - * When a PSA driver for ECDH is present, it is now possible to disable - MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2 - key exchanges based on ECDH(E) to work, this requires - MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in - TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet, - as PSA does not have an API for restartable ECDH yet. - * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by - a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C - if not required by another module) and still get support for ECC keys and - algorithms in PSA, with some limitations. See docs/driver-only-builds.txt - for details. - * Add parsing of directoryName subtype for subjectAltName extension in - x509 certificates. - * Add support for server-side TLS version negotiation. If both TLS 1.2 and - TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or - TLS 1.3 depending on the capabilities and preferences of TLS clients. - Fixes #6867. - * X.509 hostname verification now supports IPAddress Subject Alternate Names. - * Add support for reading and writing X25519 and X448 - public and private keys in RFC 8410 format using the existing PK APIs. - * When parsing X.509 certificates, support the extensions - SignatureKeyIdentifier and AuthorityKeyIdentifier. - * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc) - if no PAKE algorithms are requested - * Add support for the FFDH algorithm and DH key types in PSA, with - parameters from RFC 7919. This includes a built-in implementation based - on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative - implementations of FFDH through the driver entry points. - * It is now possible to generate certificates with SubjectAltNames. - Currently supported subtypes: DnsName, UniformResourceIdentifier, - IP address, OtherName, and DirectoryName, as defined in RFC 5280. - See mbedtls_x509write_crt_set_subject_alternative_name for - more information. - * X.509 hostname verification now partially supports URI Subject Alternate - Names. Only exact matching, without any normalization procedures - described in 7.4 of RFC5280, will result in a positive URI verification. - * Add function mbedtls_oid_from_numeric_string() to parse an OID from a - string to a DER-encoded mbedtls_asn1_buf. - * Add SHA-3 family hash functions. - * Add support to restrict AES to 128-bit keys in order to save code size. - A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be - used to enable this feature. - * AES performance improvements. Uplift varies by platform, - toolchain, optimisation flags and mode. - Aarch64, gcc -Os and CCM, GCM and XTS benefit the most. - On Aarch64, uplift is typically around 20 - 110%. - When compiling with gcc -Os on Aarch64, AES-XTS improves - by 4.5x. - * Add support for PBKDF2-HMAC through the PSA API. - * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA - or DH) were introduced in order to have finer accuracy in defining the - PSA capabilities for each key. These capabilities, named yyy above, can be - any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE. - - DERIVE is only available for ECC keys, not for RSA or DH ones. - - implementations are free to enable more than what it was strictly - requested. For example BASIC internally enables IMPORT and EXPORT - (useful for testing purposes), but this might change in the future. - * Add support for FFDH key exchange in TLS 1.3. - This is automatically enabled as soon as PSA_WANT_ALG_FFDH - and the ephemeral or psk-ephemeral key exchange mode are enabled. - By default, all groups are offered; the list of groups can be - configured using the existing API function mbedtls_ssl_conf_groups(). - * Improve mbedtls_x509_time performance and reduce memory use. - * Reduce syscalls to time() during certificate verification. - * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by - setting the CMake variable of the same name at configuration time. - * Add getter (mbedtls_ssl_cache_get_timeout()) to access - `mbedtls_ssl_cache_context.timeout`. - * Add getter (mbedtls_ssl_get_hostname()) to access - `mbedtls_ssl_context.hostname`. - * Add getter (mbedtls_ssl_conf_get_endpoint()) to access - `mbedtls_ssl_config.endpoint`. - * Support for "opaque" (PSA-held) ECC keys in the PK module has been - extended: it is now possible to use mbedtls_pk_write_key_der(), - mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and - mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes - allow it). - * The documentation of mbedtls_ecp_group now describes the optimized - representation of A for some curves. Fixes #8045. - * Add a possibility to generate CSR's with RCF822 and directoryName subtype - of subjectAltName extension in x509 certificates. - * Add support for PBKDF2-CMAC through the PSA API. - * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When - using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option - disables the plain C implementation and the run-time detection for the - CPU feature, which reduces code size and avoids the vulnerability of the - plain C implementation. - * Accept arbitrary AttributeType and AttributeValue in certificate - Distinguished Names using RFC 4514 syntax. - * Applications using ECC over secp256r1 through the PSA API can use a - new implementation with a much smaller footprint, but some minor - usage restrictions. See the documentation of the new configuration - option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details. - -Security - * Fix a case where potentially sensitive information held in memory would not - be completely zeroized during TLS 1.2 handshake, in both server and client - configurations. - * In configurations with ARIA or Camellia but not AES, the value of - MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might - suggest. This did not affect any library code, because this macro was - only used in relation with CMAC which does not support these ciphers. - This may affect application code that uses this macro. - * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should - review the size of the output buffer passed to this function, and note - that the output after decryption may include CBC padding. Consider moving - to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() - which checks for overflow of the output buffer and reports the actual - length of the output. - * Improve padding calculations in CBC decryption, NIST key unwrapping and - RSA OAEP decryption. With the previous implementation, some compilers - (notably recent versions of Clang and IAR) could produce non-constant - time code, which could allow a padding oracle attack if the attacker - has access to precise timing measurements. - * Updates to constant-time C code so that compilers are less likely to use - conditional instructions, which can have an observable difference in - timing. (Clang has been seen to do this.) Also introduce assembly - implementations for 32- and 64-bit Arm and for x86 and x86-64, which are - guaranteed not to use conditional instructions. - * Fix definition of MBEDTLS_MD_MAX_BLOCK_SIZE, which was too - small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was - undefined. Mbed TLS itself was unaffected by this, but user code - which used MBEDTLS_MD_MAX_BLOCK_SIZE could be affected. The only - release containing this bug was Mbed TLS 3.4.0. - * Fix a buffer overread when parsing short TLS application data records in - null-cipher cipher suites. Credit to OSS-Fuzz. - * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing. - In TLS 1.3, all configurations are affected except PSK-only ones, and - both clients and servers are affected. - In TLS 1.2, the affected configurations are those with - MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled, - and only servers are affected, not clients. - Credit to OSS-Fuzz. - -Bugfix - * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and - PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger - than all built-in ones and RSA is disabled. - Resolves #6622. - * Add missing md.h includes to some of the external programs from - the programs directory. Without this, even though the configuration - was sufficient for a particular program to work, it would only print - a message that one of the required defines is missing. - * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function - in the ecdsa.h header file. There was a build warning when the - configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined. - Resolves #7407. - * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not - MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498. - * Fix missing PSA initialization in sample programs when - MBEDTLS_USE_PSA_CRYPTO is enabled. - * Fix the J-PAKE driver interface for user and peer to accept any values - (previously accepted values were limited to "client" or "server"). - * Fix clang and armclang compilation error when targeting certain Arm - M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, - SecurCore SC000). Fixes #1077. - * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when - built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a - way to detect the crypto extensions required. A warning is still issued. - * Fixed an issue that caused compile errors when using CMake and the IAR - toolchain. - * Fix very high stack usage in SSL debug code. Reported by Maximilian - Gerhardt in #7804. - * Fix a compilation failure in the constant_time module when - building for arm64_32 (e.g., for watchos). Reported by Paulo - Coutinho in #7787. - * Fix crypt_and_hash decryption fail when used with a stream cipher - mode of operation due to the input not being multiple of block size. - Resolves #7417. - * Fix a bug in which mbedtls_x509_string_to_names() would return success - when given a invalid name string if it did not contain '=' or ','. - * Fix compilation warnings in aes.c, which prevented the - example TF-M configuration in configs/ from building cleanly: - tfm_mbedcrypto_config_profile_medium.h with - crypto_config_profile_medium.h. - * In TLS 1.3, fix handshake failure when a client in its ClientHello - proposes an handshake based on PSK only key exchange mode or at least - one of the key exchange modes using ephemeral keys to a server that - supports only the PSK key exchange mode. - * Fix CCM* with no tag being not supported in a build with CCM as the only - symmetric encryption algorithm and the PSA configuration enabled. - * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516. - * Fix a compilation error on some platforms when including mbedtls/ssl.h - with all TLS support disabled. Fixes #6628. - * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when - using ECC key. The certificate was rejected by some crypto frameworks. - Fixes #2924. - * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc() - is called with zero length and padlock is not enabled. - * Fix compile failure due to empty enum in cipher_wrap.c, when building - with a very minimal configuration. Fixes #7625. - * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA - signature can silently return an incorrect result in low memory conditions. - * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when - MBEDTLS_PSA_CRYPTO_CONFIG is disabled. - * Fix IAR compiler warnings. - * Fix an issue when parsing an otherName subject alternative name into a - mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete - information about the otherName SAN and contained uninitialized memory. - * Fix the detection of HardwareModuleName otherName SANs. These were being - detected by comparing the wrong field and the check was erroneously - inverted. - * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG - enabled, where some low-level modules required by requested PSA crypto - features were not getting automatically enabled. Fixes #7420. - * Fix undefined symbols in some builds using TLS 1.3 with a custom - configuration file. - * Fix log level for the got supported group message. Fixes #6765 - * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx - error code on failure. Before, they returned 1 to indicate failure in - some cases involving a missing entry or a full cache. - * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys. - * Fix the build with CMake when Everest or P256-m is enabled through - a user configuration file or the compiler command line. Fixes #8165. - -Changes - * Enable Arm / Thumb bignum assembly for most Arm platforms when - compiling with gcc, clang or armclang and -O0. - * Enforce minimum RSA key size when generating a key - to avoid accidental misuse. - * Use heap memory to allocate DER encoded RSA private key. - This reduces stack usage significantly for RSA signature - operations when MBEDTLS_PSA_CRYPTO_C is defined. - * Update Windows code to use BCryptGenRandom and wcslen, and - ensure that conversions between size_t, ULONG, and int are - always done safely. Original contribution by Kevin Kane #635, #730 - followed by Simon Butcher #1453. - * Users integrating their own PSA drivers should be aware that - the file library/psa_crypto_driver_wrappers.c has been renamed - to psa_crypto_driver_wrappers_no_static.c. - * When using CBC with the cipher module, the requirement to call - mbedtls_cipher_set_padding_mode() is now enforced. Previously, omitting - this call accidentally applied a default padding mode chosen at compile - time. - -= Mbed TLS 3.4.1 branch released 2023-08-04 - -Bugfix - * Fix builds on Windows with clang - -Changes - * Update test data to avoid failures of unit tests after 2023-08-07. - -= Mbed TLS 3.4.0 branch released 2023-03-28 - -Default behavior changes - * The default priority order of TLS 1.3 cipher suites has been modified to - follow the same rules as the TLS 1.2 cipher suites (see - ssl_ciphersuites.c). The preferred cipher suite is now - TLS_CHACHA20_POLY1305_SHA256. - -New deprecations - * mbedtls_x509write_crt_set_serial() is now being deprecated in favor of - mbedtls_x509write_crt_set_serial_raw(). The goal here is to remove any - direct dependency of X509 on BIGNUM_C. - * PSA to mbedtls error translation is now unified in psa_util.h, - deprecating mbedtls_md_error_from_psa. Each file that performs error - translation should define its own version of PSA_TO_MBEDTLS_ERR, - optionally providing file-specific error pairs. Please see psa_util.h for - more details. - -Features - * Added partial support for parsing the PKCS #7 Cryptographic Message - Syntax, as defined in RFC 2315. Currently, support is limited to the - following: - - Only the signed-data content type, version 1 is supported. - - Only DER encoding is supported. - - Only a single digest algorithm per message is supported. - - Certificates must be in X.509 format. A message must have either 0 - or 1 certificates. - - There is no support for certificate revocation lists. - - The authenticated and unauthenticated attribute fields of SignerInfo - must be empty. - Many thanks to Daniel Axtens, Nayna Jain, and Nick Child from IBM for - contributing this feature, and to Demi-Marie Obenour for contributing - various improvements, tests and bug fixes. - * General performance improvements by accessing multiple bytes at a time. - Fixes #1666. - * Improvements to use of unaligned and byte-swapped memory, reducing code - size and improving performance (depending on compiler and target - architecture). - * Add support for reading points in compressed format - (MBEDTLS_ECP_PF_COMPRESSED) with mbedtls_ecp_point_read_binary() - (and callers) for Short Weierstrass curves with prime p where p = 3 mod 4 - (all mbedtls MBEDTLS_ECP_DP_SECP* and MBEDTLS_ECP_DP_BP* curves - except MBEDTLS_ECP_DP_SECP224R1 and MBEDTLS_ECP_DP_SECP224K1) - * SHA224_C/SHA384_C are now independent from SHA384_C/SHA512_C respectively. - This helps in saving code size when some of the above hashes are not - required. - * Add parsing of V3 extensions (key usage, Netscape cert-type, - Subject Alternative Names) in x509 Certificate Sign Requests. - * Use HOSTCC (if it is set) when compiling C code during generation of the - configuration-independent files. This allows them to be generated when - CC is set for cross compilation. - * Add parsing of uniformResourceIdentifier subtype for subjectAltName - extension in x509 certificates. - * Add an interruptible version of sign and verify hash to the PSA interface, - backed by internal library support for ECDSA signing and verification. - * Add parsing of rfc822Name subtype for subjectAltName - extension in x509 certificates. - * The configuration macros MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and - MBEDTLS_PSA_CRYPTO_STRUCT_FILE specify alternative locations for - the headers "psa/crypto_platform.h" and "psa/crypto_struct.h". - * When a PSA driver for ECDSA is present, it is now possible to disable - MBEDTLS_ECDSA_C in the build in order to save code size. For PK, X.509 - and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled. - Restartable/interruptible ECDSA operations in PK, X.509 and TLS are not - supported in those builds yet, as driver support for interruptible ECDSA - operations is not present yet. - * Add a driver dispatch layer for EC J-PAKE, enabling alternative - implementations of EC J-PAKE through the driver entry points. - * Add new API mbedtls_ssl_cache_remove for cache entry removal by - its session id. - * Add support to include the SubjectAltName extension to a CSR. - * Add support for AES with the Armv8-A Cryptographic Extension on - 64-bit Arm. A new configuration option, MBEDTLS_AESCE_C, can - be used to enable this feature. Run-time detection is supported - under Linux only. - * When a PSA driver for EC J-PAKE is present, it is now possible to disable - MBEDTLS_ECJPAKE_C in the build in order to save code size. For the - corresponding TLS 1.2 key exchange to work, MBEDTLS_USE_PSA_CRYPTO needs - to be enabled. - * Add functions mbedtls_rsa_get_padding_mode() and mbedtls_rsa_get_md_alg() - to read non-public fields for padding mode and hash id from - an mbedtls_rsa_context, as requested in #6917. - * AES-NI is now supported with Visual Studio. - * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM - is disabled, when compiling with GCC or Clang or a compatible compiler - for a target CPU that supports the requisite instructions (for example - gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like - compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.) - * It is now possible to use a PSA-held (opaque) password with the TLS 1.2 - ECJPAKE key exchange, using the new API function - mbedtls_ssl_set_hs_ecjpake_password_opaque(). - -Security - * Use platform-provided secure zeroization function where possible, such as - explicit_bzero(). - * Zeroize SSL cache entries when they are freed. - * Fix a potential heap buffer overread in TLS 1.3 client-side when - MBEDTLS_DEBUG_C is enabled. This may result in an application crash. - * Add support for AES with the Armv8-A Cryptographic Extension on 64-bit - Arm, so that these systems are no longer vulnerable to timing side-channel - attacks. This is configured by MBEDTLS_AESCE_C, which is on by default. - Reported by Demi Marie Obenour. - * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on - builds that couldn't compile the GCC-style assembly implementation - (most notably builds with Visual Studio), leaving them vulnerable to - timing side-channel attacks. There is now an intrinsics-based AES-NI - implementation as a fallback for when the assembly one cannot be used. - -Bugfix - * Fix possible integer overflow in mbedtls_timing_hardclock(), which - could cause a crash in programs/test/benchmark. - * Fix IAR compiler warnings. Fixes #6924. - * Fix a bug in the build where directory names containing spaces were - causing generate_errors.pl to error out resulting in a build failure. - Fixes issue #6879. - * In TLS 1.3, when using a ticket for session resumption, tweak its age - calculation on the client side. It prevents a server with more accurate - ticket timestamps (typically timestamps in milliseconds) compared to the - Mbed TLS ticket timestamps (in seconds) to compute a ticket age smaller - than the age computed and transmitted by the client and thus potentially - reject the ticket. Fix #6623. - * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are - defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174. - * List PSA_WANT_ALG_CCM_STAR_NO_TAG in psa/crypto_config.h so that it can - be toggled with config.py. - * The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be - used on a shared secret from a key agreement since its input must be - an ECC public key. Reject this properly. - * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers - whose binary representation is longer than 20 bytes. This was already - forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being - enforced also at code level. - * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by - Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by - Aaron Ucko under Valgrind. - * Fix behavior of certain sample programs which could, when run with no - arguments, access uninitialized memory in some cases. Fixes #6700 (which - was found by TrustInSoft Analyzer during REDOCS'22) and #1120. - * Fix parsing of X.509 SubjectAlternativeName extension. Previously, - malformed alternative name components were not caught during initial - certificate parsing, but only on subsequent calls to - mbedtls_x509_parse_subject_alt_name(). Fixes #2838. - * Make the fields of mbedtls_pk_rsassa_pss_options public. This makes it - possible to verify RSA PSS signatures with the pk module, which was - inadvertently broken since Mbed TLS 3.0. - * Fix bug in conversion from OID to string in - mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed - correctly. - * Reject OIDs with overlong-encoded subidentifiers when converting - them to a string. - * Reject OIDs with subidentifier values exceeding UINT_MAX. Such - subidentifiers can be valid, but Mbed TLS cannot currently handle them. - * Reject OIDs that have unterminated subidentifiers, or (equivalently) - have the most-significant bit set in their last byte. - * Silence warnings from clang -Wdocumentation about empty \retval - descriptions, which started appearing with Clang 15. Fixes #6960. - * Fix the handling of renegotiation attempts in TLS 1.3. They are now - systematically rejected. - * Fix an unused-variable warning in TLS 1.3-only builds if - MBEDTLS_SSL_RENEGOTIATION was enabled. Fixes #6200. - * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if - len argument is 0 and buffer is NULL. - * Allow setting user and peer identifiers for EC J-PAKE operation - instead of role in PAKE PSA Crypto API as described in the specification. - This is a partial fix that allows only "client" and "server" identifiers. - * Fix a compilation error when PSA Crypto is built with support for - TLS12_PRF but not TLS12_PSK_TO_MS. Reported by joerchan in #7125. - * In the TLS 1.3 server, select the preferred client cipher suite, not the - least preferred. The selection error was introduced in Mbed TLS 3.3.0. - * Fix TLS 1.3 session resumption when the established pre-shared key is - 384 bits long. That is the length of pre-shared keys created under a - session where the cipher suite is TLS_AES_256_GCM_SHA384. - * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - enabled, which required specifying compiler flags enabling SHA3 Crypto - Extensions, where some compilers would emit EOR3 instructions in other - modules, which would then fail if run on a CPU without the SHA3 - extensions. Fixes #5758. - -Changes - * Install the .cmake files into CMAKE_INSTALL_LIBDIR/cmake/MbedTLS, - typically /usr/lib/cmake/MbedTLS. - * Mixed-endian systems are explicitly not supported any more. - * When MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ECDSA_DETERMINISTIC are both - defined, mbedtls_pk_sign() now use deterministic ECDSA for ECDSA - signatures. This aligns the behaviour with MBEDTLS_USE_PSA_CRYPTO to - the behaviour without it, where deterministic ECDSA was already used. - * Visual Studio: Rename the directory containing Visual Studio files from - visualc/VS2010 to visualc/VS2013 as we do not support building with versions - older than 2013. Update the solution file to specify VS2013 as a minimum. - * programs/x509/cert_write: - - now it accepts the serial number in 2 different formats: decimal and - hex. They cannot be used simultaneously - - "serial" is used for the decimal format and it's limted in size to - unsigned long long int - - "serial_hex" is used for the hex format; max length here is - MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN*2 - * The C code follows a new coding style. This is transparent for users but - affects contributors and maintainers of local patches. For more - information, see - https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/ - * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. - As tested in issue 6790, the correlation between this define and - RSA decryption performance has changed lately due to security fixes. - To fix the performance degradation when using default values the - window was reduced from 6 to 2, a value that gives the best or close - to best results when tested on Cortex-M4 and Intel i7. - * When enabling MBEDTLS_SHA256_USE_A64_CRYPTO_* or - MBEDTLS_SHA512_USE_A64_CRYPTO_*, it is no longer necessary to specify - compiler target flags on the command line; the library now sets target - options within the appropriate modules. - -= Mbed TLS 3.3.0 branch released 2022-12-14 - -Default behavior changes - * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05 - of the IETF draft, and was marked experimental and disabled by default. - It is now no longer experimental, and implements the final version from - RFC 9146, which is not interoperable with the draft-05 version. - If you need to communicate with peers that use earlier versions of - Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - to 1, but then you won't be able to communicate with peers that use the - standard (non-draft) version. - If you need to interoperate with both classes of peers with the - same build of Mbed TLS, please let us know about your situation on the - mailing list or GitHub. - -Requirement changes - * When building with PSA drivers using generate_driver_wrappers.py, or - when building the library from the development branch rather than - from a release, the Python module jsonschema is now necessary, in - addition to jinja2. The official list of required Python modules is - maintained in scripts/basic.requirements.txt and may change again - in the future. - -New deprecations - * Deprecate mbedtls_asn1_free_named_data(). - Use mbedtls_asn1_free_named_data_list() - or mbedtls_asn1_free_named_data_list_shallow(). - -Features - * Support rsa_pss_rsae_* signature algorithms in TLS 1.2. - * make: enable building unversioned shared library, with e.g.: - "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib" - resulting in library names like "libmbedtls.so" rather than - "libmbedcrypto.so.11". - * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API. - Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm - are supported in this implementation. - * Some modules can now use PSA drivers for hashes, including with no - built-in implementation present, but only in some configurations. - - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use - hashes from PSA when (and only when) MBEDTLS_MD_C is disabled. - - PEM parsing of encrypted files now uses MD-5 from PSA when (and only - when) MBEDTLS_MD5_C is disabled. - See the documentation of the corresponding macros in mbedtls_config.h for - details. - Note that some modules are not able to use hashes from PSA yet, including - the entropy module. As a consequence, for now the only way to build with - all hashes only provided by drivers (no built-in hash) is to use - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now - properly negotiate/accept hashes based on their availability in PSA. - As a consequence, they now work in configurations where the built-in - implementations of (some) hashes are excluded and those hashes are only - provided by PSA drivers. (See previous entry for limitation on RSA-PSS - though: that module only use hashes from PSA when MBEDTLS_MD_C is off). - * Add support for opaque keys as the private keys associated to certificates - for authentication in TLS 1.3. - * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme. - Signature verification is production-ready, but generation is for testing - purposes only. This currently only supports one parameter set - (LMS_SHA256_M32_H10), meaning that each private key can be used to sign - 1024 messages. As such, it is not intended for use in TLS, but instead - for verification of assets transmitted over an insecure channel, - particularly firmware images. - * Add the LM-OTS post-quantum-safe one-time signature scheme, which is - required for LMS. This can be used independently, but each key can only - be used to sign one message so is impractical for most circumstances. - * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys. - The pre-shared keys can be provisioned externally or via the ticket - mechanism (session resumption). - The ticket mechanism is supported when the configuration option - MBEDTLS_SSL_SESSION_TICKETS is enabled. - New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED - control the support for the three possible TLS 1.3 key exchange modes. - * cert_write: support for setting extended key usage attributes. A - corresponding new public API call has been added in the library, - mbedtls_x509write_crt_set_ext_key_usage(). - * cert_write: support for writing certificate files in either PEM - or DER format. - * The PSA driver wrapper generator generate_driver_wrappers.py now - supports a subset of the driver description language, including - the following entry points: import_key, export_key, export_public_key, - get_builtin_key, copy_key. - * The new functions mbedtls_asn1_free_named_data_list() and - mbedtls_asn1_free_named_data_list_shallow() simplify the management - of memory in named data lists in X.509 structures. - * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API. - Additional PSA key slots will be allocated in the process of such key - exchange for builds that enable MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED and - MBEDTLS_USE_PSA_CRYPTO. - * Add support for DTLS Connection ID as defined by RFC 9146, controlled by - MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with - mbedtls_ssl_set_cid(). - * Add a driver dispatch layer for raw key agreement, enabling alternative - implementations of raw key agreement through the key_agreement driver - entry point. This entry point is specified in the proposed PSA driver - interface, but had not yet been implemented. - * Add an ad-hoc key derivation function handling EC J-PAKE to PMS - calculation that can be used to derive the session secret in TLS 1.2, - as described in draft-cragie-tls-ecjpake-01. This can be achieved by - using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm. - -Security - * Fix potential heap buffer overread and overwrite in DTLS if - MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and - MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. - * Fix an issue where an adversary with access to precise enough information - about memory accesses (typically, an untrusted operating system attacking - a secure enclave) could recover an RSA private key after observing the - victim performing a single private-key operation if the window size used - for the exponentiation was 3 or smaller. Found and reported by Zili KOU, - Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks - and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation - and Test in Europe 2023. - -Bugfix - * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147. - * Fix an issue with in-tree CMake builds in releases with GEN_FILES - turned off: if a shipped file was missing from the working directory, - it could be turned into a symbolic link to itself. - * Fix a long-standing build failure when building x86 PIC code with old - gcc (4.x). The code will be slower, but will compile. We do however - recommend upgrading to a more recent compiler instead. Fixes #1910. - * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined. - Contributed by Kazuyuki Kimura to fix #2020. - * Use double quotes to include private header file psa_crypto_cipher.h. - Fixes 'file not found with include' error - when building with Xcode. - * Fix handling of broken symlinks when loading certificates using - mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a - broken link is encountered, skip the broken link and continue parsing - other certificate files. Contributed by Eduardo Silva in #2602. - * Fix an interoperability failure between an Mbed TLS client with both - TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports - rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS - advertised support for PSS in both TLS 1.2 and 1.3, but only - actually supported PSS in TLS 1.3. - * Fix a compilation error when using CMake with an IAR toolchain. - Fixes #5964. - * Fix a build error due to a missing prototype warning when - MBEDTLS_DEPRECATED_REMOVED is enabled. - * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When - MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an - uninitialized context. - * Fix a build issue on Windows using CMake where the source and build - directories could not be on different drives. Fixes #5751. - * Fix bugs and missing dependencies when building and testing - configurations with only one encryption type enabled in TLS 1.2. - * Provide the missing definition of mbedtls_setbuf() in some configurations - with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. - * Fix compilation errors when trying to build with - PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). - * Fix memory leak in ssl_parse_certificate_request() caused by - mbedtls_x509_get_name() not freeing allocated objects in case of error. - Change mbedtls_x509_get_name() to clean up allocated objects on error. - * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not - MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. - * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not - MBEDTLS_PK_PARSE_C. Fixes #6409. - * Fix ECDSA verification, where it was not always validating the - public key. This bug meant that it was possible to verify a - signature with an invalid public key, in some cases. Reported by - Guido Vranken using Cryptofuzz in #4420. - * Fix a possible null pointer dereference if a memory allocation fails - in TLS PRF code. Reported by Michael Madsen in #6516. - * Fix TLS 1.3 session resumption. Fixes #6488. - * Add a configuration check to exclude optional client authentication - in TLS 1.3 (where it is forbidden). - * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable - bytes when parsing certificates containing a binary RFC 4108 - HardwareModuleName as a Subject Alternative Name extension. Hardware - serial numbers are now rendered in hex format. Fixes #6262. - * Fix bug in error reporting in dh_genprime.c where upon failure, - the error code returned by mbedtls_mpi_write_file() is overwritten - and therefore not printed. - * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) - with A > 0 created an unintended representation of the value 0 which was - not processed correctly by some bignum operations. Fix this. This had no - consequence on cryptography code, but might affect applications that call - bignum directly and use negative numbers. - * Fix a bug whereby the list of signature algorithms sent as part of - the TLS 1.2 server certificate request would get corrupted, meaning the - first algorithm would not get sent and an entry consisting of two random - bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian. - * Fix undefined behavior (typically harmless in practice) of - mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() - when both operands are 0 and the left operand is represented with 0 limbs. - * Fix undefined behavior (typically harmless in practice) when some bignum - functions receive the most negative value of mbedtls_mpi_sint. Credit - to OSS-Fuzz. Fixes #6597. - * Fix undefined behavior (typically harmless in practice) in PSA ECB - encryption and decryption. - * Move some SSL-specific code out of libmbedcrypto where it had been placed - accidentally. - * Fix a build error when compiling the bignum module for some Arm platforms. - Fixes #6089, #6124, #6217. - -Changes - * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config. - * Calling AEAD tag-specific functions for non-AEAD algorithms (which - should not be done - they are documented for use only by AES-GCM and - ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - instead of success (0). - -= Mbed TLS 3.2.1 branch released 2022-07-12 - -Bugfix - * Re-add missing generated file library/psa_crypto_driver_wrappers.c - -= Mbed TLS 3.2.0 branch released 2022-07-11 - -Default behavior changes - * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 - for IV lengths other than 12. The library was silently overwriting this - length with 12, but did not inform the caller about it. Fixes #4301. - -Requirement changes - * The library will no longer compile out of the box on a platform without - setbuf(). If your platform does not have setbuf(), you can configure an - alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or - MBEDTLS_PLATFORM_SETBUF_MACRO. - -New deprecations - * Deprecate mbedtls_ssl_conf_max_version() and - mbedtls_ssl_conf_min_version() in favor of - mbedtls_ssl_conf_max_tls_version() and - mbedtls_ssl_conf_min_tls_version(). - * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or - psa_cipher_xxx() directly instead. - * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated. - This was intended as an experimental feature, but had not been explicitly - documented as such. Use opaque drivers with the interface enabled by - MBEDTLS_PSA_CRYPTO_DRIVERS instead. - * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic - mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and - TLS 1.3 handshake should now be configured with - mbedtls_ssl_conf_sig_algs(). - -Features - * Add accessor to obtain ciphersuite id from ssl context. - * Add accessors to get members from ciphersuite info. - * Add mbedtls_ssl_ticket_rotate() for external ticket rotation. - * Add accessor to get the raw buffer pointer from a PEM context. - * The structures mbedtls_ssl_config and mbedtls_ssl_context now store - a piece of user data which is reserved for the application. The user - data can be either a pointer or an integer. - * Add an accessor function to get the configuration associated with - an SSL context. - * Add a function to access the protocol version from an SSL context in a - form that's easy to compare. Fixes #5407. - * Add function mbedtls_md_info_from_ctx() to recall the message digest - information that was used to set up a message digest context. - * Add ALPN support in TLS 1.3 clients. - * Add server certificate selection callback near end of Client Hello. - Register callback with mbedtls_ssl_conf_cert_cb(). - * Provide mechanism to reset handshake cert list by calling - mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param. - * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within - cert callback (mbedtls_ssl_conf_cert_cb()) during handshake. - * The X.509 module now uses PSA hash acceleration if present. - * Add support for psa crypto key derivation for elliptic curve - keys. Fixes #3260. - * Add function mbedtls_timing_get_final_delay() to access the private - final delay field in an mbedtls_timing_delay_context, as requested in - #5183. - * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when - PSA Crypto is enabled. - * Add function mbedtls_ecp_export() to export ECP key pair parameters. - Fixes #4838. - * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL - Handshake has completed or not, and thus whether to continue calling - mbedtls_ssl_handshake_step(), requested in #4383. - * Add the function mbedtls_ssl_get_own_cid() to access our own connection id - within mbedtls_ssl_context, as requested in #5184. - * Introduce mbedtls_ssl_hs_cb_t typedef for use with - mbedtls_ssl_conf_cert_cb() and perhaps future callbacks - during TLS handshake. - * Add functions mbedtls_ssl_conf_max_tls_version() and - mbedtls_ssl_conf_min_tls_version() that use a single value to specify - the protocol version. - * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support - mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET - holding the other secret. - * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto - feature requirements in the file named by the new macro - MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. - Furthermore you may name an additional file to include after the main - file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. - * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types - field within mbedtls_x509_crt context, as requested in #5585. - * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API. - * Add support for the ARMv8 SHA-2 acceleration instructions when building - for Aarch64. - * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers. - * Add support for server HelloRetryRequest message. The TLS 1.3 client is - now capable of negotiating another shared secret if the one sent in its - first ClientHello was not suitable to the server. - * Add support for client-side TLS version negotiation. If both TLS 1.2 and - TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now - negotiates TLS 1.3 or TLS 1.2 with TLS servers. - * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS - 1.2 protocol support. - * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key - establishment only). See docs/architecture/tls13-support.md for a - description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and - MBEDTLS_SSL_SRV_C configuration options control this. - * Add accessors to configure DN hints for certificate request: - mbedtls_ssl_conf_dn_hints() and mbedtls_ssl_set_hs_dn_hints() - * The configuration option MBEDTLS_USE_PSA_CRYPTO, which previously - affected only a limited subset of crypto operations in TLS, X.509 and PK, - now causes most of them to be done using PSA Crypto; see - docs/use-psa-crypto.md for the list of exceptions. - * The function mbedtls_pk_setup_opaque() now supports RSA key pairs as well. - Opaque keys can now be used everywhere a private key is expected in the - TLS and X.509 modules. - * Opaque pre-shared keys for TLS, provisioned with - mbedtls_ssl_conf_psk_opaque() or mbedtls_ssl_set_hs_psk_opaque(), which - previously only worked for "pure" PSK key exchange, now can also be used - for the "mixed" PSK key exchanges as well: ECDHE-PSK, DHE-PSK, RSA-PSK. - * cmake now detects if it is being built as a sub-project, and in that case - disables the target export/installation and package configuration. - * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259. - * Add example programs cipher_aead_demo.c, md_hmac_demo.c, aead_demo.c - and hmac_demo.c, which use PSA and the md/cipher interfaces side - by side in order to illustrate how the operation is performed in PSA. - Addresses #5208. - -Security - * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage - module before freeing them. These buffers contain secret key material, and - could thus potentially leak the key through freed heap. - * Fix potential memory leak inside mbedtls_ssl_cache_set() with - an invalid session id length. - * Add the platform function mbedtls_setbuf() to allow buffering to be - disabled on stdio files, to stop secrets loaded from said files being - potentially left in memory after file operations. Reported by - Glenn Strauss. - * Fix a potential heap buffer overread in TLS 1.2 server-side when - MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with - mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite - is selected. This may result in an application crash or potentially an - information leak. - * Fix a buffer overread in DTLS ClientHello parsing in servers with - MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client - or a man-in-the-middle could cause a DTLS server to read up to 255 bytes - after the end of the SSL input buffer. The buffer overread only happens - when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on - the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), - and possibly up to 571 bytes with a custom cookie check function. - Reported by the Cybeats PSI Team. - * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated - client or server could cause an MbedTLS server or client to overread up - to 64 kBytes of data and potentially overread the input buffer by that - amount minus the size of the input buffer. As overread data undergoes - various checks, the likelihood of reaching the boundary of the input - buffer is rather small but increases as its size - MBEDTLS_SSL_IN_CONTENT_LEN decreases. - * Fix check of certificate key usage in TLS 1.3. The usage of the public key - provided by a client or server certificate for authentication was not - checked properly when validating the certificate. This could cause a - client or server to be able to authenticate itself through a certificate - to an Mbed TLS TLS 1.3 server or client while it does not own a proper - certificate to do so. - -Bugfix - * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general - pattern for PSA_WANT_xxx symbols. Previously you had to specify - PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG. - * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. - * Fixed swap of client and server random bytes when exporting them alongside - TLS 1.3 handshake and application traffic secret. - * Fix several bugs (warnings, compiler and linker errors, test failures) - in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. - * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was - enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the - client would fail to check that the curve selected by the server for - ECDHE was indeed one that was offered. As a result, the client would - accept any curve that it supported, even if that curve was not allowed - according to its configuration. Fixes #5291. - * The TLS 1.3 implementation is now compatible with the - MBEDTLS_USE_PSA_CRYPTO configuration option. - * Fix unit tests that used 0 as the file UID. This failed on some - implementations of PSA ITS. Fixes #3838. - * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406. - * Fix API violation in mbedtls_md_process() test by adding a call to - mbedtls_md_starts(). Fixes #2227. - * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests - to catch bad uses of time.h. - * Fix a race condition in out-of-source builds with CMake when generated data - files are already present. Fixes #5374. - * Fix the library search path when building a shared library with CMake - on Windows. - * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() - potentially leading to corrupted alert messages being sent in case - the function needs to be re-called after initially returning - MBEDTLS_SSL_WANT_WRITE. Fixes #1916. - * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not - MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null - pointer dereference. Fix this. Fixes #3998. - The fix was released, but not announced, in Mbed TLS 3.1.0. - * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous - documentation stated that the `allowed_pks` field applies to signatures - only, but in fact it does apply to the public key type of the end entity - certificate, too. Fixes #1992. - * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is - not NULL and val_len is zero. - * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211. - * Fix compilation error when using C++ Builder on Windows. Reported by - Miroslav Mastny in #4015. - * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when - applicable. Fixes #5735. - * Fix a bug in the x25519 example program where the removal of - MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and - #3191. - * Fix a TLS 1.3 handshake failure when the peer Finished message has not - been received yet when we first try to fetch it. - * Encode X.509 dates before 1/1/2000 as UTCTime rather than - GeneralizedTime. Fixes #5465. - * Add mbedtls_x509_dn_get_next function to return the next relative DN in - an X509 name, to allow walking the name list. Fixes #5431. - * Fix order value of curve x448. - * Fix string representation of DNs when outputting values containing commas - and other special characters, conforming to RFC 1779. Fixes #769. - * Silence a warning from GCC 12 in the selftest program. Fixes #5974. - * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other - dependencies explicit in the documentation. Fixes #5610. - * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. - * Fix a TLS 1.3 handshake failure when the first attempt to send the client - Finished message on the network cannot be satisfied. Fixes #5499. - * Fix resource leaks in mbedtls_pk_parse_public_key() in low - memory conditions. - * Fix server connection identifier setting for outgoing encrypted records - on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with - connection identifier, the Mbed TLS client now properly sends the server - connection identifier in encrypted record headers. Fix #5872. - * Fix a null pointer dereference when performing some operations on zero - represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing - by 2, and mbedtls_mpi_write_string() in base 2). - * Fix record sizes larger than 16384 being sometimes accepted despite being - non-compliant. This could not lead to a buffer overflow. In particular, - application data size was already checked correctly. - * Fix MBEDTLS_SVC_KEY_ID_GET_KEY_ID() and MBEDTLS_SVC_KEY_ID_GET_OWNER_ID() - which have been broken, resulting in compilation errors, since Mbed TLS - 3.0. - * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into - account not just the type of the key (RSA vs EC) but also what it can - actually do. Resolves #5831. - * Fix CMake windows host detection, especially when cross compiling. - * Fix an error in make where the absence of a generated file caused - make to break on a clean checkout. Fixes #5340. - * Work around an MSVC ARM64 compiler bug causing incorrect behaviour - in mbedtls_mpi_exp_mod(). Reported by Tautvydas Žilys in #5467. - * Removed the prompt to exit from all windows build programs, which was causing - issues in CI/CD environments. - -Changes - * The file library/psa_crypto_driver_wrappers.c is now generated - from a template. In the future, the generation will support - driver descriptions. For the time being, to customize this file, - see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md - * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot - AEAD functions is not an AEAD algorithm. This aligns them with the - multipart functions, and the PSA Crypto API 1.1 specification. - * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a - temporary variable on the heap. Suggested by Sergey Kanatov in #5304. - * Assume source files are in UTF-8 when using MSVC with CMake. - * Fix runtime library install location when building with CMake and MinGW. - DLLs are now installed in the bin directory instead of lib. - * cmake: Use GnuInstallDirs to customize install directories - Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR - variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if - LIB_INSTALL_DIR is set. - * Add a CMake option that enables static linking of the runtime library - in Microsoft Visual C++ compiler. Contributed by Microplankton. - * In CMake builds, add aliases for libraries so that the normal MbedTLS::* - targets work when MbedTLS is built as a subdirectory. This allows the - use of FetchContent, as requested in #5688. - -= mbed TLS 3.1.0 branch released 2021-12-17 - -API changes - * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. - Alternative GCM implementations are expected to verify - the length of the provided output buffers and to return the - MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. - * You can configure groups for a TLS key exchange with the new function - mbedtls_ssl_conf_groups(). It extends mbedtls_ssl_conf_curves(). - * Declare a number of structure fields as public: the fields of - mbedtls_ecp_curve_info, the fields describing the result of ASN.1 and - X.509 parsing, and finally the field fd of mbedtls_net_context on - POSIX/Unix-like platforms. - -Requirement changes - * Sign-magnitude and one's complement representations for signed integers are - not supported. Two's complement is the only supported representation. - -New deprecations - * Deprecate mbedtls_ssl_conf_curves() in favor of the more generic - mbedtls_ssl_conf_groups(). - -Removals - * Remove the partial support for running unit tests via Greentea on Mbed OS, - which had been unmaintained since 2018. - -Features - * Enable support for Curve448 via the PSA API. Contributed by - Archana Madhavan in #4626. Fixes #3399 and #4249. - * The identifier of the CID TLS extension can be configured by defining - MBEDTLS_TLS_EXT_CID at compile time. - * Implement the PSA multipart AEAD interface, currently supporting - ChaChaPoly and GCM. - * Warn if errors from certain functions are ignored. This is currently - supported on GCC-like compilers and on MSVC and can be configured through - the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled - (where supported) for critical functions where ignoring the return - value is almost always a bug. Enable the new configuration option - MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This - is currently implemented in the AES, DES and md modules, and will be - extended to other modules in the future. - * Add missing PSA macros declared by PSA Crypto API 1.0.0: - PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. - * Add support for CCM*-no-tag cipher to the PSA. - Currently only 13-byte long IV's are supported. - For decryption a minimum of 16-byte long input is expected. - These restrictions may be subject to change. - * Add new API mbedtls_ct_memcmp for constant time buffer comparison. - * Add functions to get the IV and block size from cipher_info structs. - * Add functions to check if a cipher supports variable IV or key size. - * Add the internal implementation of and support for CCM to the PSA multipart - AEAD interface. - * Mbed TLS provides a minimum viable implementation of the TLS 1.3 - protocol. See docs/architecture/tls13-support.md for the definition of - the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3 - configuration option controls the enablement of the support. The APIs - mbedtls_ssl_conf_min_version() and mbedtls_ssl_conf_max_version() allow - to select the 1.3 version of the protocol to establish a TLS connection. - * Add PSA API definition for ARIA. - -Security - * Zeroize several intermediate variables used to calculate the expected - value when verifying a MAC or AEAD tag. This hardens the library in - case the value leaks through a memory disclosure vulnerability. For - example, a memory disclosure vulnerability could have allowed a - man-in-the-middle to inject fake ciphertext into a DTLS connection. - * In psa_aead_generate_nonce(), do not read back from the output buffer. - This fixes a potential policy bypass or decryption oracle vulnerability - if the output buffer is in memory that is shared with an untrusted - application. - * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back - from the output buffer. This fixes a potential policy bypass or decryption - oracle vulnerability if the output buffer is in memory that is shared with - an untrusted application. - * Fix a double-free that happened after mbedtls_ssl_set_session() or - mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED - (out of memory). After that, calling mbedtls_ssl_session_free() - and mbedtls_ssl_free() would cause an internal session buffer to - be free()'d twice. - -Bugfix - * Stop using reserved identifiers as local variables. Fixes #4630. - * The GNU makefiles invoke python3 in preference to python except on Windows. - The check was accidentally not performed when cross-compiling for Windows - on Linux. Fix this. Fixes #4774. - * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or - PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. - * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. - * Don't use the obsolete header path sys/fcntl.h in unit tests. - These header files cause compilation errors in musl. - Fixes #4969. - * Fix missing constraints on x86_64 and aarch64 assembly code - for bignum multiplication that broke some bignum operations with - (at least) Clang 12. - Fixes #4116, #4786, #4917, #4962. - * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. - * Failures of alternative implementations of AES or DES single-block - functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, - MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. - This does not concern the implementation provided with Mbed TLS, - where this function cannot fail, or full-module replacements with - MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. - * Some failures of HMAC operations were ignored. These failures could only - happen with an alternative implementation of the underlying hash module. - * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. - * Fix compile-time or run-time errors in PSA - AEAD functions when ChachaPoly is disabled. Fixes #5065. - * Remove PSA'a AEAD finish/verify output buffer limitation for GCM. - The requirement of minimum 15 bytes for output buffer in - psa_aead_finish() and psa_aead_verify() does not apply to the built-in - implementation of GCM. - * Move GCM's update output buffer length verification from PSA AEAD to - the built-in implementation of the GCM. - The requirement for output buffer size to be equal or greater then - input buffer size is valid only for the built-in implementation of GCM. - Alternative GCM implementations can process whole blocks only. - * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor - MBEDTLS_ERROR_STRERROR_DUMMY is enabled. - * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. - This algorithm now accepts only the same salt length for verification - that it produces when signing, as documented. Use the new algorithm - PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. - * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved - for algorithm values that fully encode the hashing step, as per the PSA - Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and - PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers - all algorithms that can be used with psa_{sign,verify}_hash(), including - these two. - * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries - not to list other shared libraries they need. - * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv - exceeds 2^32. Fixes #4884. - * Fix an uninitialized variable warning in test_suite_ssl.function with GCC - version 11. - * Fix the build when no SHA2 module is included. Fixes #4930. - * Fix the build when only the bignum module is included. Fixes #4929. - * Fix a potential invalid pointer dereference and infinite loop bugs in - pkcs12 functions when the password is empty. Fix the documentation to - better describe the inputs to these functions and their possible values. - Fixes #5136. - * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC - operations psa_mac_compute() and psa_mac_sign_setup(). - * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC - operations psa_mac_verify() and psa_mac_verify_setup(). - -Changes - * Explicitly mark the fields mbedtls_ssl_session.exported and - mbedtls_ssl_config.respect_cli_pref as private. This was an - oversight during the run-up to the release of Mbed TLS 3.0. - The fields were never intended to be public. - * Implement multi-part CCM API. - The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(), - mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish() - were introduced in mbedTLS 3.0 release, however their implementation was - postponed until now. - Implemented functions support chunked data input for both CCM and CCM* - algorithms. - * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the - code size by about 80B on an M0 build. This option only gated an ability - to set a callback, but was deemed unnecessary as it was yet another define - to remember when writing tests, or test configurations. Fixes #4653. - * Improve the performance of base64 constant-flow code. The result is still - slower than the original non-constant-flow implementation, but much faster - than the previous constant-flow implementation. Fixes #4814. - * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations. - For CCM* encryption/decryption without authentication, input - length will be ignored. - * Indicate in the error returned if the nonce length used with - ChaCha20-Poly1305 is invalid, and not just unsupported. - * The mbedcrypto library includes a new source code module constant_time.c, - containing various functions meant to resist timing side channel attacks. - This module does not have a separate configuration option, and functions - from this module will be included in the build as required. Currently - most of the interface of this module is private and may change at any - time. - * The generated configuration-independent files are now automatically - generated by the CMake build system on Unix-like systems. This is not - yet supported when cross-compiling. - -= Mbed TLS 3.0.0 branch released 2021-07-07 - -API changes - * Remove HAVEGE module. - The design of HAVEGE makes it unsuitable for microcontrollers. Platforms - with a more complex CPU usually have an operating system interface that - provides better randomness. Instead of HAVEGE, declare OS or hardware RNG - interfaces with mbedtls_entropy_add_source() and/or use an entropy seed - file created securely during device provisioning. See - https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-entropy-sources-to-entropy-pool/ for - more information. - * Add missing const attributes to API functions. - * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the - header compat-1.3.h and the script rename.pl. - * Remove certs module from the API. - Transfer keys and certificates embedded in the library to the test - component. This contributes to minimizing library API and discourages - users from using unsafe keys in production. - * Move alt helpers and definitions. - Various helpers and definitions available for use in alt implementations - have been moved out of the include/ directory and into the library/ - directory. The files concerned are ecp_internal.h and rsa_internal.h - which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h - respectively. - * Move internal headers. - Header files that were only meant for the library's internal use and - were not meant to be used in application code have been moved out of - the include/ directory. The headers concerned are bn_mul.h, aesni.h, - padlock.h, entropy_poll.h and *_internal.h. - * Drop support for parsing SSLv2 ClientHello - (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO). - * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3). - * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT). - * Drop support for RC4 TLS ciphersuites. - * Drop support for single-DES ciphersuites. - * Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL. - * Update AEAD output size macros to bring them in line with the PSA Crypto - API version 1.0 spec. This version of the spec parameterizes them on the - key type used, as well as the key bit-size in the case of - PSA_AEAD_TAG_LENGTH. - * Add configuration option MBEDTLS_X509_REMOVE_INFO which - removes the mbedtls_x509_*_info(), mbedtls_debug_print_crt() - as well as other functions and constants only used by - those functions. This reduces the code footprint by - several kB. - * Remove SSL error codes `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` - and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` which are never - returned from the public SSL API. - * Remove `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` and return - `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead. - * The output parameter of mbedtls_sha512_finish, mbedtls_sha512, - mbedtls_sha256_finish and mbedtls_sha256 now has a pointer type - rather than array type. This removes spurious warnings in some compilers - when outputting a SHA-384 or SHA-224 hash into a buffer of exactly - the hash size. - * Remove the MBEDTLS_TEST_NULL_ENTROPY config option. Fixes #4388. - * The interface of the GCM module has changed to remove restrictions on - how the input to multipart operations is broken down. mbedtls_gcm_finish() - now takes extra output parameters for the last partial output block. - mbedtls_gcm_update() now takes extra parameters for the output length. - The software implementation always produces the full output at each - call to mbedtls_gcm_update(), but alternative implementations activated - by MBEDTLS_GCM_ALT may delay partial blocks to the next call to - mbedtls_gcm_update() or mbedtls_gcm_finish(). Furthermore, applications - no longer pass the associated data to mbedtls_gcm_starts(), but to the - new function mbedtls_gcm_update_ad(). - These changes are backward compatible for users of the cipher API. - * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C. - This separates config option enabling the SHA384 algorithm from option - enabling the SHA512 algorithm. Fixes #4034. - * Introduce MBEDTLS_SHA224_C. - This separates config option enabling the SHA224 algorithm from option - enabling SHA256. - * The getter and setter API of the SSL session cache (used for - session-ID based session resumption) has changed to that of - a key-value store with keys being session IDs and values - being opaque instances of `mbedtls_ssl_session`. - * Remove the mode parameter from RSA operation functions. Signature and - decryption functions now always use the private key and verification and - encryption use the public key. Verification functions also no longer have - RNG parameters. - * Modify semantics of `mbedtls_ssl_conf_[opaque_]psk()`: - In Mbed TLS 2.X, the API prescribes that later calls overwrite - the effect of earlier calls. In Mbed TLS 3.0, calling - `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail, - leaving the PSK that was configured first intact. - Support for more than one PSK may be added in 3.X. - * The function mbedtls_x509write_csr_set_extension() has an extra parameter - which allows to mark an extension as critical. Fixes #4055. - * For multi-part AEAD operations with the cipher module, calling - mbedtls_cipher_finish() is now mandatory. Previously the documentation - was unclear on this point, and this function happened to never do - anything with the currently implemented AEADs, so in practice it was - possible to skip calling it, which is no longer supported. - * The option MBEDTLS_ECP_FIXED_POINT_OPTIM use pre-computed comb tables - instead of computing tables in runtime. Thus, this option now increase - code size, and it does not increase RAM usage in runtime anymore. - * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and - mbedtls_ssl_get_output_max_frag_len(), and add a new API - mbedtls_ssl_get_max_in_record_payload(), complementing the existing - mbedtls_ssl_get_max_out_record_payload(). - Uses of mbedtls_ssl_get_input_max_frag_len() and - mbedtls_ssl_get_input_max_frag_len() should be replaced by - mbedtls_ssl_get_max_in_record_payload() and - mbedtls_ssl_get_max_out_record_payload(), respectively. - * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA - key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding() - after initializing the context. mbedtls_rsa_set_padding() now returns an - error if its parameters are invalid. - * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime - configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398. - * Instead of accessing the len field of a DHM context, which is no longer - supported, use the new function mbedtls_dhm_get_len() . - * In modules that implement cryptographic hash functions, many functions - mbedtls_xxx() now return int instead of void, and the corresponding - function mbedtls_xxx_ret() which was identical except for returning int - has been removed. This also concerns mbedtls_xxx_drbg_update(). See the - migration guide for more information. Fixes #4212. - * For all functions that take a random number generator (RNG) as a - parameter, this parameter is now mandatory (that is, NULL is not an - acceptable value). Functions which previously accepted NULL and now - reject it are: the X.509 CRT and CSR writing functions; the PK and RSA - sign and decrypt function; mbedtls_rsa_private(); the functions - in DHM and ECDH that compute the shared secret; the scalar multiplication - functions in ECP. - * The following functions now require an RNG parameter: - mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), - mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile(). - * mbedtls_ssl_conf_export_keys_ext_cb() and - mbedtls_ssl_conf_export_keys_cb() have been removed and - replaced by a new API mbedtls_ssl_set_export_keys_cb(). - Raw keys and IVs are no longer passed to the callback. - Further, callbacks now receive an additional parameter - indicating the type of secret that's being exported, - paving the way for the larger number of secrets - in TLS 1.3. Finally, the key export callback and - context are now connection-specific. - * Signature functions in the RSA and PK modules now require the hash - length parameter to be the size of the hash input. For RSA signatures - other than raw PKCS#1 v1.5, this must match the output size of the - specified hash algorithm. - * The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), - mbedtls_ecdsa_write_signature() and - mbedtls_ecdsa_write_signature_restartable() now take an extra parameter - indicating the size of the output buffer for the signature. - * Implement one-shot cipher functions, psa_cipher_encrypt and - psa_cipher_decrypt, according to the PSA Crypto API 1.0.0 - specification. - * Direct access to fields of structures declared in public headers is no - longer supported except for fields that are documented public. Use accessor - functions instead. For more information, see the migration guide entry - "Most structure fields are now private". - * mbedtls_ssl_get_session_pointer() has been removed, and - mbedtls_ssl_{set,get}_session() may now only be called once for any given - SSL context. - -Default behavior changes - * Enable by default the functionalities which have no reason to be disabled. - They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and - Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036. - * Some default policies for X.509 certificate verification and TLS have - changed: curves and hashes weaker than 255 bits are no longer accepted - by default. The default order in TLS now favors faster curves over larger - curves. - -Requirement changes - * The library now uses the %zu format specifier with the printf() family of - functions, so requires a toolchain that supports it. This change does not - affect the maintained LTS branches, so when contributing changes please - bear this in mind and do not add them to backported code. - * If you build the development version of Mbed TLS, rather than an official - release, some configuration-independent files are now generated at build - time rather than checked into source control. This includes some library - source files as well as the Visual Studio solution. Perl, Python 3 and a - C compiler for the host platform are required. See “Generated source files - in the development branch” in README.md for more information. - * Refresh the minimum supported versions of tools to build the - library. CMake versions older than 3.10.2 and Python older - than 3.6 are no longer supported. - -Removals - * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - compile-time option, which was off by default. Users should not trust - certificates signed with SHA-1 due to the known attacks against SHA-1. - If needed, SHA-1 certificates can still be verified by using a custom - verification profile. - * Removed deprecated things in psa/crypto_compat.h. Fixes #4284 - * Removed deprecated functions from hashing modules. Fixes #4280. - * Remove PKCS#11 library wrapper. PKCS#11 has limited functionality, - lacks automated tests and has scarce documentation. Also, PSA Crypto - provides a more flexible private key management. - More details on PCKS#11 wrapper removal can be found in the mailing list - https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html - * Remove deprecated error codes. Fix #4283 - * Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option. Fixes #4416. - * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - compile-time option. This option has been inactive for a long time. - Please use the `lifetime` parameter of `mbedtls_ssl_ticket_setup()` - instead. - * Remove the following deprecated functions and constants of hex-encoded - primes based on RFC 5114 and RFC 3526 from library code and tests: - mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(), - mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(), - mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(), - mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(), - mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(), - MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G, - MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G, - MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G, - MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G. - Remove the deprecated file: include/mbedtls/net.h. Fixes #4282. - * Remove MBEDTLS_SSL_MAX_CONTENT_LEN configuration option, since - MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN replace - it. Fixes #4362. - * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its - previous action. Fixes #4361. - * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for - CBC record splitting, fallback SCSV, and the ability to configure - ciphersuites per version, which are no longer relevant. This removes the - configuration options MBEDTLS_SSL_PROTO_TLS1, - MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and - MBEDTLS_SSL_FALLBACK_SCSV as well as the functions - mbedtls_ssl_conf_cbc_record_splitting(), - mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(), - and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286. - * The RSA module no longer supports private-key operations with the public - key and vice versa. - * Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403. - * Remove all the 3DES ciphersuites: - MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA. Remove the - MBEDTLS_REMOVE_3DES_CIPHERSUITES option which is no longer relevant. - Fixes #4367. - * Remove the MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option and let the code - behave as if it was always disabled. Fixes #4386. - * Remove MBEDTLS_ECDH_LEGACY_CONTEXT config option since this was purely for - backward compatibility which is no longer supported. Addresses #4404. - * Remove the following macros: MBEDTLS_CHECK_PARAMS, - MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED, - MBEDTLS_PARAM_FAILED_ALT. Fixes #4313. - * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h - option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for - migration path. Fixes #4378. - * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and - MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code - behave as if they were always enabled. Fixes #4405. - * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is - now determined automatically based on supported curves. - * Remove the following functions: mbedtls_timing_self_test(), - mbedtls_hardclock_poll(), mbedtls_timing_hardclock() and - mbedtls_set_alarm(). Fixes #4083. - * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as - it no longer had any effect. - * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the - corresponding modules and all their APIs and related configuration - options. Fixes #4084. - * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove - MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by - using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC. - See issue #4341 for more details. - * Remove the compile-time option - MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE. - -Features - * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a - signature with a specific salt length. This function allows to validate - test cases provided in the NIST's CAVP test suite. Contributed by Cédric - Meuter in PR #3183. - * Added support for built-in driver keys through the PSA opaque crypto - driver interface. Refer to the documentation of - MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information. - * Implement psa_sign_message() and psa_verify_message(). - * The multi-part GCM interface (mbedtls_gcm_update() or - mbedtls_cipher_update()) no longer requires the size of partial inputs to - be a multiple of 16. - * The multi-part GCM interface now supports chunked associated data through - multiple calls to mbedtls_gcm_update_ad(). - * The new function mbedtls_mpi_random() generates a random value in a - given range uniformly. - * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing - modules had undocumented constraints on their context types. These - constraints have been relaxed. - See docs/architecture/alternative-implementations.md for the remaining - constraints. - * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() - query the size of the modulus in a Diffie-Hellman context. - * The new function mbedtls_dhm_get_value() copy a field out of a - Diffie-Hellman context. - * Use the new function mbedtls_ecjpake_set_point_format() to select the - point format for ECJPAKE instead of accessing the point_format field - directly, which is no longer supported. - * Implement psa_mac_compute() and psa_mac_verify() as defined in the - PSA Cryptograpy API 1.0.0 specification. - -Security - * Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM) - private keys and of blinding values for DHM and elliptic curves (ECP) - computations. Reported by FlorianF89 in #4245. - * Fix a potential side channel vulnerability in ECDSA ephemeral key generation. - An adversary who is capable of very precise timing measurements could - learn partial information about the leading bits of the nonce used for the - signature, allowing the recovery of the private key after observing a - large number of signature operations. This completes a partial fix in - Mbed TLS 2.20.0. - * Fix an issue where an adversary with access to precise enough information - about memory accesses (typically, an untrusted operating system attacking - a secure enclave) could recover an RSA private key after observing the - victim performing a single private-key operation. Found and reported by - Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. - * Fix an issue where an adversary with access to precise enough timing - information (typically, a co-located process) could recover a Curve25519 - or Curve448 static ECDH key after inputting a chosen public key and - observing the victim performing the corresponding private-key operation. - Found and reported by Leila Batina, Lukas Chmielewski, Björn Haase, Niels - Samwel and Peter Schwabe. - -Bugfix - * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may - lead to the seed file corruption in case if the path to the seed file is - equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor - Krasnoshchok in #3616. - * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather - than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key - to create is not valid, bringing them in line with version 1.0.0 of the - specification. Fix #4271. - * Add printf function attributes to mbedtls_debug_print_msg to ensure we - get printf format specifier warnings. - * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE - rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them - in line with version 1.0.0 of the specification. Fix #4162. - * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits - zero. Fixes #1792 - * Fix some cases in the bignum module where the library constructed an - unintended representation of the value 0 which was not processed - correctly by some bignum operations. This could happen when - mbedtls_mpi_read_string() was called on "-0", or when - mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of - the arguments being negative and the other being 0. Fixes #4643. - * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is - defined. Fixes #4217. - * Fix an incorrect error code when parsing a PKCS#8 private key. - * In a TLS client, enforce the Diffie-Hellman minimum parameter size - set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the - minimum size was rounded down to the nearest multiple of 8. - * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are - defined to specific values. If the code is used in a context - where these are already defined, this can result in a compilation - error. Instead, assume that if they are defined, the values will - be adequate to build Mbed TLS. - * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built - nonetheless, resulting in undefined reference errors when building a - shared library. Reported by Guillermo Garcia M. in #4411. - * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available - when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384 - was disabled. Fix the dependency. Fixes #4472. - * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499. - * Fix test suite code on platforms where int32_t is not int, such as - Arm Cortex-M. Fixes #4530. - * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced - directive in a header and a missing initialization in the self-test. - * Fix a missing initialization in the Camellia self-test, affecting - MBEDTLS_CAMELLIA_ALT implementations. - * Restore the ability to configure PSA via Mbed TLS options to support RSA - key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME - is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key(). - Fixes #4512. - * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites - (when the encrypt-then-MAC extension is not in use) with some ALT - implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing - the affected side to wrongly reject valid messages. Fixes #4118. - * Remove outdated check-config.h check that prevented implementing the - timing module on Mbed OS. Fixes #4633. - * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive - about missing inputs. - * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with - MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465. - * Fix a resource leak in a test suite with an alternative AES - implementation. Fixes #4176. - * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This - could notably be triggered by setting the TLS debug level to 3 or above - and using a Montgomery curve for the key exchange. Reported by lhuang04 - in #4578. Fixes #4608. - * psa_verify_hash() was relying on implementation-specific behavior of - mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT - implementations. This reliance is now removed. Fixes #3990. - * Disallow inputs of length different from the corresponding hash when - signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates - that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.) - * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with - A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug - could not be triggered by code that constructed A with one of the - mbedtls_mpi_read_xxx functions (including in particular TLS code) since - those always built an mpi object with at least one limb. - Credit to OSS-Fuzz. Fixes #4641. - * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no - effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect - applications that call mbedtls_mpi_gcd() directly. Fixes #4642. - * The PSA API no longer allows the creation or destruction of keys with a - read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY - can now only be used as intended, for keys that cannot be modified through - normal use of the API. - * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included - in all the right places. Include it from crypto_platform.h, which is - the natural place. Fixes #4649. - * Fix which alert is sent in some cases to conform to the - applicable RFC: on an invalid Finished message value, an - invalid max_fragment_length extension, or an - unsupported extension used by the server. - * Correct (change from 12 to 13 bytes) the value of the macro describing the - maximum nonce length returned by psa_aead_generate_nonce(). - -Changes - * Fix the setting of the read timeout in the DTLS sample programs. - * Add extra printf compiler warning flags to builds. - * Fix memsan build false positive in x509_crt.c with clang 11 - * Alternative implementations of CMAC may now opt to not support 3DES as a - CMAC block cipher, and still pass the CMAC self test. - * Remove the AES sample application programs/aes/aescrypt2 which shows - bad cryptographic practice. Fix #1906. - * Remove configs/config-psa-crypto.h, which no longer had any intended - differences from the default configuration, but had accidentally diverged. - * When building the test suites with GNU make, invoke python3 or python, not - python2, which is no longer supported upstream. - * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on. - When that flag is on, standard GNU C printf format specifiers - should be used. - * Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and - MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335. - * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage - during ECC operations at a negligible performance cost. - * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and - mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs - when their input has length 0. Note that this is an implementation detail - and can change at any time, so this change should be transparent, but it - may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string() - now writing an empty string where it previously wrote one or more - zero digits when operating from values constructed with an mpi_read - function and some mpi operations. - * Add CMake package config generation for CMake projects consuming Mbed TLS. - * config.h has been split into build_info.h and mbedtls_config.h - build_info.h is intended to be included from C code directly, while - mbedtls_config.h is intended to be edited by end users wishing to - change the build configuration, and should generally only be included from - build_info.h. - * The handling of MBEDTLS_CONFIG_FILE has been moved into build_info.h. - * A config file version symbol, MBEDTLS_CONFIG_VERSION was introduced. - Defining it to a particular value will ensure that Mbed TLS interprets - the config file in a way that's compatible with the config file format - used by the Mbed TLS release whose MBEDTLS_VERSION_NUMBER has the same - value. - The only value supported by Mbed TLS 3.0.0 is 0x03000000. - * Various changes to which alert and/or error code may be returned - * during the TLS handshake. - * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when - PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag - when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension - is also applied when loading a key from storage. - -= mbed TLS 2.26.0 branch released 2021-03-08 - -API changes - * Renamed the PSA Crypto API output buffer size macros to bring them in line - with version 1.0.0 of the specification. - * The API glue function mbedtls_ecc_group_of_psa() now takes the curve size - in bits rather than bytes, with an additional flag to indicate if the - size may have been rounded up to a whole number of bytes. - * Renamed the PSA Crypto API AEAD tag length macros to bring them in line - with version 1.0.0 of the specification. - -Default behavior changes - * In mbedtls_rsa_context objects, the ver field was formerly documented - as always 0. It is now reserved for internal purposes and may take - different values. - -New deprecations - * PSA_KEY_EXPORT_MAX_SIZE, PSA_HASH_SIZE, PSA_MAC_FINAL_SIZE, - PSA_BLOCK_CIPHER_BLOCK_SIZE, PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE and - PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN have been renamed, and the old names - deprecated. - * PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and PSA_ALG_AEAD_WITH_TAG_LENGTH - have been renamed, and the old names deprecated. - -Features - * The PSA crypto subsystem can now use HMAC_DRBG instead of CTR_DRBG. - CTR_DRBG is used by default if it is available, but you can override - this choice by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE at compile time. - Fix #3354. - * Automatic fallback to a software implementation of ECP when - MBEDTLS_ECP_xxx_ALT accelerator hooks are in use can now be turned off - through setting the new configuration flag MBEDTLS_ECP_NO_FALLBACK. - * The PSA crypto subsystem can now be configured to use less static RAM by - tweaking the setting for the maximum amount of keys simultaneously in RAM. - MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that - can exist simultaneously. It has a sensible default if not overridden. - * Partial implementation of the PSA crypto driver interface: Mbed TLS can - now use an external random generator instead of the library's own - entropy collection and DRBG code. Enable MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - and see the documentation of mbedtls_psa_external_get_random() for details. - * Applications using both mbedtls_xxx and psa_xxx functions (for example, - applications using TLS and MBEDTLS_USE_PSA_CRYPTO) can now use the PSA - random generator with mbedtls_xxx functions. See the documentation of - mbedtls_psa_get_random() for details. - * In the PSA API, the policy for a MAC or AEAD algorithm can specify a - minimum MAC or tag length thanks to the new wildcards - PSA_ALG_AT_LEAST_THIS_LENGTH_MAC and - PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG. - -Security - * Fix a security reduction in CTR_DRBG when the initial seeding obtained a - nonce from entropy. Applications were affected if they called - mbedtls_ctr_drbg_set_nonce_len(), if they called - mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key - length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256. - In such cases, a random nonce was necessary to achieve the advertised - security strength, but the code incorrectly used a constant instead of - entropy from the nonce. - Found by John Stroebel in #3819 and fixed in #3973. - * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating - |A| - |B| where |B| is larger than |A| and has more limbs (so the - function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only - applications calling mbedtls_mpi_sub_abs() directly are affected: - all calls inside the library were safe since this function is - only called with |A| >= |B|. Reported by Guido Vranken in #4042. - * Fix an errorneous estimation for an internal buffer in - mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd - value the function might fail to write a private RSA keys of the largest - supported size. - Found by Daniel Otte, reported in #4093 and fixed in #4094. - * Fix a stack buffer overflow with mbedtls_net_poll() and - mbedtls_net_recv_timeout() when given a file descriptor that is - beyond FD_SETSIZE. Reported by FigBug in #4169. - * Guard against strong local side channel attack against base64 tables by - making access aceess to them use constant flow code. - -Bugfix - * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c - * Fix memory leak that occured when calling psa_close_key() on a - wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined. - * Fix an incorrect error code if an RSA private operation glitched. - * Fix a memory leak in an error case in psa_generate_derived_key_internal(). - * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C - is enabled, on platforms where initializing a mutex allocates resources. - This was a regression introduced in the previous release. Reported in - #4017, #4045 and #4071. - * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free() - twice is safe. This happens for RSA when some Mbed TLS library functions - fail. Such a double-free was not safe when MBEDTLS_THREADING_C was - enabled on platforms where freeing a mutex twice is not safe. - * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key() - when MBEDTLS_THREADING_C is enabled on platforms where initializing - a mutex allocates resources. - * Fixes a bug where, if the library was configured to include support for - both the old SE interface and the new PSA driver interface, external keys were - not loaded from storage. This was fixed by #3996. - * This change makes 'mbedtls_x509write_crt_set_basic_constraints' - consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST - include this extension in all CA certificates that contain public keys - used to validate digital signatures on certificates and MUST mark the - extension as critical in such certificates." Previous to this change, - the extension was always marked as non-critical. This was fixed by - #3698. - -Changes - * A new library C file psa_crypto_client.c has been created to contain - the PSA code needed by a PSA crypto client when the PSA crypto - implementation is not included into the library. - * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module - now uses the getrandom syscall instead of reading from /dev/urandom. - -= mbed TLS 2.25.0 branch released 2020-12-11 - -API changes - * The numerical values of the PSA Crypto API macros have been updated to - conform to version 1.0.0 of the specification. - * PSA_ALG_STREAM_CIPHER replaces PSA_ALG_CHACHA20 and PSA_ALG_ARC4. - The underlying stream cipher is determined by the key type - (PSA_KEY_TYPE_CHACHA20 or PSA_KEY_TYPE_ARC4). - * The functions mbedtls_cipher_auth_encrypt() and - mbedtls_cipher_auth_decrypt() no longer accept NIST_KW contexts, - as they have no way to check if the output buffer is large enough. - Please use mbedtls_cipher_auth_encrypt_ext() and - mbedtls_cipher_auth_decrypt_ext() instead. Credit to OSS-Fuzz and - Cryptofuzz. Fixes #3665. - -Requirement changes - * Update the minimum required CMake version to 2.8.12. This silences a - warning on CMake 3.19.0. #3801 - -New deprecations - * PSA_ALG_CHACHA20 and PSA_ALG_ARC4 have been deprecated. - Use PSA_ALG_STREAM_CIPHER instead. - * The functions mbedtls_cipher_auth_encrypt() and - mbedtls_cipher_auth_decrypt() are deprecated in favour of the new - functions mbedtls_cipher_auth_encrypt_ext() and - mbedtls_cipher_auth_decrypt_ext(). Please note that with AEAD ciphers, - these new functions always append the tag to the ciphertext, and include - the tag in the ciphertext length. - -Features - * Partial implementation of the new PSA Crypto accelerator APIs. (Symmetric - ciphers, asymmetric signing/verification and key generation, validate_key - entry point, and export_public_key interface.) - * Add support for ECB to the PSA cipher API. - * In PSA, allow using a key declared with a base key agreement algorithm - in combined key agreement and derivation operations, as long as the key - agreement algorithm in use matches the algorithm the key was declared with. - This is currently non-standard behaviour, but expected to make it into a - future revision of the PSA Crypto standard. - * Add MBEDTLS_TARGET_PREFIX CMake variable, which is prefixed to the mbedtls, - mbedcrypto, mbedx509 and apidoc CMake target names. This can be used by - external CMake projects that include this one to avoid CMake target name - clashes. The default value of this variable is "", so default target names - are unchanged. - * Add support for DTLS-SRTP as defined in RFC 5764. Contributed by Johan - Pascal, improved by Ron Eldor. - * In the PSA API, it is no longer necessary to open persistent keys: - operations now accept the key identifier. The type psa_key_handle_t is now - identical to psa_key_id_t instead of being platform-defined. This bridges - the last major gap to compliance with the PSA Cryptography specification - version 1.0.0. Opening persistent keys is still supported for backward - compatibility, but will be deprecated and later removed in future - releases. - * PSA_AEAD_NONCE_LENGTH, PSA_AEAD_NONCE_MAX_SIZE, PSA_CIPHER_IV_LENGTH and - PSA_CIPHER_IV_MAX_SIZE macros have been added as defined in version - 1.0.0 of the PSA Crypto API specification. - -Security - * The functions mbedtls_cipher_auth_encrypt() and - mbedtls_cipher_auth_decrypt() would write past the minimum documented - size of the output buffer when used with NIST_KW. As a result, code using - those functions as documented with NIST_KW could have a buffer overwrite - of up to 15 bytes, with consequences ranging up to arbitrary code - execution depending on the location of the output buffer. - * Limit the size of calculations performed by mbedtls_mpi_exp_mod to - MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when - generating Diffie-Hellman key pairs. Credit to OSS-Fuzz. - * A failure of the random generator was ignored in mbedtls_mpi_fill_random(), - which is how most uses of randomization in asymmetric cryptography - (including key generation, intermediate value randomization and blinding) - are implemented. This could cause failures or the silent use of non-random - values. A random generator can fail if it needs reseeding and cannot not - obtain entropy, or due to an internal failure (which, for Mbed TLS's own - CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration). - * Fix a compliance issue whereby we were not checking the tag on the - algorithm parameters (only the size) when comparing the signature in the - description part of the cert to the real signature. This meant that a - NULL algorithm parameters entry would look identical to an array of REAL - (size zero) to the library and thus the certificate would be considered - valid. However, if the parameters do not match in *any* way then the - certificate should be considered invalid, and indeed OpenSSL marks these - certs as invalid when mbedtls did not. - Many thanks to guidovranken who found this issue via differential fuzzing - and reported it in #3629. - * Zeroising of local buffers and variables which are used for calculations - in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(), - mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process() - functions to erase sensitive data from memory. Reported by - Johan Malmgren and Johan Uppman Bruce from Sectra. - -Bugfix - * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey() - when the input has trailing garbage. Fixes #2512. - * Fix build failure in configurations where MBEDTLS_USE_PSA_CRYPTO is - enabled but ECDSA is disabled. Contributed by jdurkop. Fixes #3294. - * Include the psa_constant_names generated source code in the source tree - instead of generating it at build time. Fixes #3524. - * Fix rsa_prepare_blinding() to retry when the blinding value is not - invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This - addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)). - Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin). - Fixes #3647. - * Use socklen_t on Android and other POSIX-compliant system - * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value. - Fix #3432. - * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input - sizes (instead of PSA_ERROR_BAD_STATE in some cases) to make the - psa_cipher_* functions compliant with the PSA Crypto API specification. - * mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names - "x25519" and "x448". These curves support ECDH but not ECDSA. If you need - only the curves that support ECDSA, filter the list with - mbedtls_ecdsa_can_do(). - * Fix psa_generate_key() returning an error when asked to generate - an ECC key pair on Curve25519 or secp244k1. - * Fix psa_key_derivation_output_key() to allow the output of a combined key - agreement and subsequent key derivation operation to be used as a key - inside of the PSA Crypto core. - * Fix handling of EOF against 0xff bytes and on platforms with unsigned - chars. Fixes a build failure on platforms where char is unsigned. Fixes - #3794. - * Fix an off-by-one error in the additional data length check for - CCM, which allowed encryption with a non-standard length field. - Fixes #3719. - * Correct the default IV size for mbedtls_cipher_info_t structures using - MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs. - * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is - defined. Fix contributed in #3571. - * Fix conditions for including string.h in error.c. Fixes #3866. - * psa_set_key_id() now also sets the lifetime to persistent for keys located - in a secure element. - * Attempting to create a volatile key with a non-zero key identifier now - fails. Previously the key identifier was just ignored when creating a - volatile key. - * Attempting to create or register a key with a key identifier in the vendor - range now fails. - * Fix build failures on GCC 11. Fixes #3782. - * Add missing arguments of debug message in mbedtls_ssl_decrypt_buf. - * Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative - (an error condition) and the second operand was aliased to the result. - * Fix a case in elliptic curve arithmetic where an out-of-memory condition - could go undetected, resulting in an incorrect result. - * In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed(). - Fixes #2927. - * In PEM writing functions, fill the trailing part of the buffer with null - bytes. This guarantees that the corresponding parsing function can read - the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem - until this property was inadvertently broken in Mbed TLS 2.19.0. - Fixes #3682. - * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT - option on. In this configuration key management methods that are required - for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail. - Fixes #3818. Reported by John Stroebel. - -Changes - * Reduce stack usage significantly during sliding window exponentiation. - Reported in #3591 and fix contributed in #3592 by Daniel Otte. - * The PSA persistent storage format is updated to always store the key bits - attribute. No automatic upgrade path is provided. Previously stored keys - must be erased, or manually upgraded based on the key storage format - specification (docs/architecture/mbed-crypto-storage-specification.md). - Fixes #3740. - * Remove the zeroization of a pointer variable in AES rounds. It was valid - but spurious and misleading since it looked like a mistaken attempt to - zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA - Leti, France. - -= mbed TLS 2.24.0 branch released 2020-09-01 - -API changes - * In the PSA API, rename the types of elliptic curve and Diffie-Hellman - group families to psa_ecc_family_t and psa_dh_family_t, in line with the - PSA Crypto API specification version 1.0.0. - Rename associated macros as well: - PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx - PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx - PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY - PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY - -Default behavior changes - * Stop storing persistent information about externally stored keys created - through PSA Crypto with a volatile lifetime. Reported in #3288 and - contributed by Steven Cooreman in #3382. - -Features - * The new function mbedtls_ecp_write_key() exports private ECC keys back to - a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key(). - * Support building on e2k (Elbrus) architecture: correctly enable - -Wformat-signedness, and fix the code that causes signed-one-bit-field - and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) - . - -Security - * Fix a vulnerability in the verification of X.509 certificates when - matching the expected common name (the cn argument of - mbedtls_x509_crt_verify()) with the actual certificate name: when the - subjecAltName extension is present, the expected name was compared to any - name in that extension regardless of its type. This means that an - attacker could for example impersonate a 4-bytes or 16-byte domain by - getting a certificate for the corresponding IPv4 or IPv6 (this would - require the attacker to control that IP address, though). Similar attacks - using other subjectAltName name types might be possible. Found and - reported by kFYatek in #3498. - * When checking X.509 CRLs, a certificate was only considered as revoked if - its revocationDate was in the past according to the local clock if - available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, - certificates were never considered as revoked. On builds with - MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for - example, an untrusted OS attacking a secure enclave) could prevent - revocation of certificates via CRLs. Fixed by no longer checking the - revocationDate field, in accordance with RFC 5280. Reported by - yuemonangong in #3340. Reported independently and fixed by - Raoul Strackx and Jethro Beekman in #3433. - * In (D)TLS record decryption, when using a CBC ciphersuites without the - Encrypt-then-Mac extension, use constant code flow memory access patterns - to extract and check the MAC. This is an improvement to the existing - countermeasure against Lucky 13 attacks. The previous countermeasure was - effective against network-based attackers, but less so against local - attackers. The new countermeasure defends against local attackers, even - if they have access to fine-grained measurements. In particular, this - fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, - Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler - (University of Florida) and Dave Tian (Purdue University). - * Fix side channel in RSA private key operations and static (finite-field) - Diffie-Hellman. An adversary with precise enough timing and memory access - information (typically an untrusted operating system attacking a secure - enclave) could bypass an existing counter-measure (base blinding) and - potentially fully recover the private key. - * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). - Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine - for pinpointing the problematic code. - * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused - application data from memory. Reported in #689 by - Johan Uppman Bruce of Sectra. - -Bugfix - * Library files installed after a CMake build no longer have execute - permission. - * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol - redefinition if the function is inlined. - Reported in #3451 and fix contributed in #3452 by okhowang. - * Fix the endianness of Curve25519 keys imported/exported through the PSA - APIs. psa_import_key and psa_export_key will now correctly expect/output - Montgomery keys in little-endian as defined by RFC7748. Contributed by - Steven Cooreman in #3425. - * Fix build errors when the only enabled elliptic curves are Montgomery - curves. Raised by signpainter in #941 and by Taiki-San in #1412. This - also fixes missing declarations reported by Steven Cooreman in #1147. - * Fix self-test failure when the only enabled short Weierstrass elliptic - curve is secp192k1. Fixes #2017. - * PSA key import will now correctly import a Curve25519/Curve448 public key - instead of erroring out. Contributed by Steven Cooreman in #3492. - * Use arc4random_buf on NetBSD instead of rand implementation with cyclical - lower bits. Fix contributed in #3540. - * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory - conditions. Reported and fix suggested by Guido Vranken in #3486. - * Fix bug in redirection of unit test outputs on platforms where stdout is - defined as a macro. First reported in #2311 and fix contributed in #3528. - -Changes - * Only pass -Wformat-signedness to versions of GCC that support it. Reported - in #3478 and fix contributed in #3479 by okhowang. - * Reduce the stack consumption of mbedtls_x509write_csr_der() which - previously could lead to stack overflow on constrained devices. - Contributed by Doru Gucea and Simon Leet in #3464. - * Undefine the ASSERT macro before defining it locally, in case it is defined - in a platform header. Contributed by Abdelatif Guettouche in #3557. - * Update copyright notices to use Linux Foundation guidance. As a result, - the copyright of contributors other than Arm is now acknowledged, and the - years of publishing are no longer tracked in the source files. This also - eliminates the need for the lines declaring the files to be part of - MbedTLS. Fixes #3457. - * Add the command line parameter key_pwd to the ssl_client2 and ssl_server2 - example applications which allows to provide a password for the key file - specified through the existing key_file argument. This allows the use of - these applications with password-protected key files. Analogously but for - ssl_server2 only, add the command line parameter key_pwd2 which allows to - set a password for the key file provided through the existing key_file2 - argument. - -= mbed TLS 2.23.0 branch released 2020-07-01 - -Default behavior changes - * In the experimental PSA secure element interface, change the encoding of - key lifetimes to encode a persistence level and the location. Although C - prototypes do not effectively change, code calling - psa_register_se_driver() must be modified to pass the driver's location - instead of the keys' lifetime. If the library is upgraded on an existing - device, keys created with the old lifetime value will not be readable or - removable through Mbed TLS after the upgrade. - -Features - * New functions in the error module return constant strings for - high- and low-level error codes, complementing mbedtls_strerror() - which constructs a string for any error code, including compound - ones, but requires a writable buffer. Contributed by Gaurav Aggarwal - in #3176. - * The new utility programs/ssl/ssl_context_info prints a human-readable - dump of an SSL context saved with mbedtls_ssl_context_save(). - * Add support for midipix, a POSIX layer for Microsoft Windows. - * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - Contributed by Nicola Di Lieto in #3243 as - a solution to #3241. - * Pass the "certificate policies" extension to the callback supplied to - mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported - policies (#3419). - * Added support to entropy_poll for the kern.arandom syscall supported on - some BSD systems. Contributed by Nia Alarie in #3423. - * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 - -Security - * Fix a side channel vulnerability in modular exponentiation that could - reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, - Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute - of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul - Strackx (Fortanix) in #3394. - * Fix side channel in mbedtls_ecp_check_pub_priv() and - mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a - private key that didn't include the uncompressed public key), as well as - mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL - f_rng argument. An attacker with access to precise enough timing and - memory access information (typically an untrusted operating system - attacking a secure enclave) could fully recover the ECC private key. - Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. - * Fix issue in Lucky 13 counter-measure that could make it ineffective when - hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT - macros). This would cause the original Lucky 13 attack to be possible in - those configurations, allowing an active network attacker to recover - plaintext after repeated timing measurements under some conditions. - Reported and fix suggested by Luc Perneel in #3246. - -Bugfix - * Fix the Visual Studio Release x64 build configuration for mbedtls itself. - Completes a previous fix in Mbed TLS 2.19 that only fixed the build for - the example programs. Reported in #1430 and fix contributed by irwir. - * Fix undefined behavior in X.509 certificate parsing if the - pathLenConstraint basic constraint value is equal to INT_MAX. - The actual effect with almost every compiler is the intended - behavior, so this is unlikely to be exploitable anywhere. #3192 - * Fix issue with a detected HW accelerated record error not being exposed - due to shadowed variable. Contributed by Sander Visser in #3310. - * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a - NULL pointer argument. Contributed by Sander Visser in #3312. - * Fix potential linker errors on dual world platforms by inlining - mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately - from psa_crypto.c. Fixes #3300. - * Remove dead code in X.509 certificate parsing. Contributed by irwir in - #2855. - * Include asn1.h in error.c. Fixes #3328 reported by David Hu. - * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() - when PRNG function fails. Contributed by Jonas Lejeune in #3318. - * Remove unused macros from MSVC projects. Reported in #3297 and fix - submitted in #3333 by irwir. - * Add additional bounds checks in ssl_write_client_hello() preventing - output buffer overflow if the configuration declared a buffer that was - too small. - * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and - fix submitted in #3421 by Nia Alarie. - * Fix building library/net_sockets.c and the ssl_mail_client program on - NetBSD. Contributed by Nia Alarie in #3422. - * Fix false positive uninitialised variable reported by cpp-check. - Contributed by Sander Visser in #3311. - * Update iv and len context pointers manually when reallocating buffers - using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues - when receiving a connection with CID, when these fields were shifted - in ssl_parse_record_header(). - -Changes - * Fix warnings about signedness issues in format strings. The build is now - clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen - in #3153. - * Fix minor performance issue in operations on Curve25519 caused by using a - suboptimal modular reduction in one place. Found and fix contributed by - Aurelien Jarno in #3209. - * Combine identical cases in switch statements in md.c. Contributed - by irwir in #3208. - * Simplify a bounds check in ssl_write_certificate_request(). Contributed - by irwir in #3150. - * Unify the example programs termination to call mbedtls_exit() instead of - using a return command. This has been done to enable customization of the - behavior in bare metal environments. - * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". - Contributed by Koh M. Nakagawa in #3326. - * Use FindPython3 when cmake version >= 3.15.0 - * Abort the ClientHello writing function as soon as some extension doesn't - fit into the record buffer. Previously, such extensions were silently - dropped. As a consequence, the TLS handshake now fails when the output - buffer is not large enough to hold the ClientHello. - * The unit tests now rely on header files in framework/tests/include/test and source - files in framework/tests/src. When building with make or cmake, the files in - framework/tests/src are compiled and the resulting object linked into each test - executable. - * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on - `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel - coutermeasures. If side channels are not a concern, this dependency can - be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. - * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes - Martinho. #3147 - * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported - in #3182 and fix submitted by irwir. #3217 - * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 - -= mbed TLS 2.22.0 branch released 2020-04-14 - -New deprecations - * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the - SSL module for hardware acceleration of individual records. - * Deprecate mbedtls_ssl_get_max_frag_len() in favour of - mbedtls_ssl_get_output_max_frag_len() and - mbedtls_ssl_get_input_max_frag_len() to be more precise about which max - fragment length is desired. - -Security - * Fix issue in DTLS handling of new associations with the same parameters - (RFC 6347 section 4.2.8): an attacker able to send forged UDP packets to - the server could cause it to drop established associations with - legitimate clients, resulting in a Denial of Service. This could only - happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h - (which it is by default). - * Fix side channel in ECC code that allowed an adversary with access to - precise enough timing and memory access information (typically an - untrusted operating system attacking a secure enclave) to fully recover - an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya, - Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932 - * Fix a potentially remotely exploitable buffer overread in a - DTLS client when parsing the Hello Verify Request message. - -Features - * The new build option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH automatically - resizes the I/O buffers before and after handshakes, reducing the memory - consumption during application data transfer. - -Bugfix - * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and - MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. - * Remove a spurious check in ssl_parse_client_psk_identity that triggered - a warning with some compilers. Fix contributed by irwir in #2856. - * Fix a function name in a debug message. Contributed by Ercan Ozturk in - #3013. - -Changes - * Mbed Crypto is no longer a Git submodule. The crypto part of the library - is back directly in the present repository. - * Split mbedtls_ssl_get_max_frag_len() into - mbedtls_ssl_get_output_max_frag_len() and - mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input - buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - is defined), regardless of what MFL was configured for it. - -= mbed TLS 2.21.0 branch released 2020-02-20 - -New deprecations - * Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO that enables parsing - SSLv2 ClientHello messages. - * Deprecate MBEDTLS_SSL_PROTO_SSL3 that enables support for SSLv3. - * Deprecate for MBEDTLS_PKCS11_C, the wrapper around the pkcs11-helper - library which allows TLS authentication to use keys stored in a - PKCS#11 token such as a smartcard. - -Security - * Fix potential memory overread when performing an ECDSA signature - operation. The overread only happens with cryptographically low - probability (of the order of 2^-n where n is the bitsize of the curve) - unless the RNG is broken, and could result in information disclosure or - denial of service (application crash or extra resource consumption). - Found by Auke Zeilstra and Peter Schwabe, using static analysis. - * To avoid a side channel vulnerability when parsing an RSA private key, - read all the CRT parameters from the DER structure rather than - reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob - Brumley. Reported and fix contributed by Jack Lloyd. - ARMmbed/mbed-crypto#352 - -Features - * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512 - support without SHA-384. - -API changes - * Change the encoding of key types and curves in the PSA API. The new - values are aligned with the upcoming release of the PSA Crypto API - specification version 1.0.0. The main change which may break some - existing code is that elliptic curve key types no longer encode the - exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes - a curve family and the key size determines the exact curve (for example, - PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330 - -Bugfix - * Fix an unchecked call to mbedtls_md() in the x509write module. - * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by - Jack Lloyd in #2859. Fix submitted by jiblime in #2963. - * Fix some false-positive uninitialized variable warnings in X.509. Fix - contributed by apple-ihack-geek in #2663. - * Fix a possible error code mangling in psa_mac_verify_finish() when - a cryptographic accelerator fails. ARMmbed/mbed-crypto#345 - * Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some - RSA keys that would later be rejected by functions expecting private - keys. Found by Catena cyber using oss-fuzz (issue 20467). - * Fix a bug in mbedtls_pk_parse_key() that would cause it to - accept some RSA keys with invalid values by silently fixing those values. - -= mbed TLS 2.20.0 branch released 2020-01-15 - -Default behavior changes - * The initial seeding of a CTR_DRBG instance makes a second call to the - entropy function to obtain entropy for a nonce if the entropy size is less - than 3/2 times the key size. In case you want to disable the extra call to - grab entropy, you can call mbedtls_ctr_drbg_set_nonce_len() to force the - nonce length to 0. - -Security - * Enforce that mbedtls_entropy_func() gathers a total of - MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the - default configuration, on a platform with a single entropy source, the - entropy module formerly only grabbed 32 bytes, which is good enough for - security if the source is genuinely strong, but less than the expected 64 - bytes (size of the entropy accumulator). - * Zeroize local variables in mbedtls_internal_aes_encrypt() and - mbedtls_internal_aes_decrypt() before exiting the function. The value of - these variables can be used to recover the last round key. To follow best - practice and to limit the impact of buffer overread vulnerabilities (like - Heartbleed) we need to zeroize them before exiting the function. - Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai, - Grant Hernandez, and Kevin Butler (University of Florida) and - Dave Tian (Purdue University). - * Fix side channel vulnerability in ECDSA. Our bignum implementation is not - constant time/constant trace, so side channel attacks can retrieve the - blinded value, factor it (as it is smaller than RSA keys and not guaranteed - to have only large prime factors), and then, by brute force, recover the - key. Reported by Alejandro Cabrera Aldaya and Billy Brumley. - * Fix side channel vulnerability in ECDSA key generation. Obtaining precise - timings on the comparison in the key generation enabled the attacker to - learn leading bits of the ephemeral key used during ECDSA signatures and to - recover the private key. Reported by Jeremy Dubeuf. - * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught - failures could happen with alternative implementations of AES. Bug - reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, - Sectra. - -Features - * Key derivation inputs in the PSA API can now either come from a key object - or from a buffer regardless of the step type. - * The CTR_DRBG module can grab a nonce from the entropy source during the - initial seeding. The default nonce length is chosen based on the key size - to achieve the security strength defined by NIST SP 800-90A. You can - change it with mbedtls_ctr_drbg_set_nonce_len(). - * Add ENUMERATED tag support to the ASN.1 module. Contributed by - msopiha-linaro in ARMmbed/mbed-crypto#307. - -API changes - * In the PSA API, forbid zero-length keys. To pass a zero-length input to a - key derivation function, use a buffer instead (this is now always - possible). - * Rename psa_asymmetric_sign() to psa_sign_hash() and - psa_asymmetric_verify() to psa_verify_hash(). - -Bugfix - * Fix an incorrect size in a debugging message. Reported and fix - submitted by irwir. Fixes #2717. - * Fix an unused variable warning when compiling without DTLS. - Reported and fix submitted by irwir. Fixes #2800. - * Remove a useless assignment. Reported and fix submitted by irwir. - Fixes #2801. - * Fix a buffer overflow in the PSA HMAC code when using a long key with an - unsupported algorithm. Fixes ARMmbed/mbed-crypto#254. - * Fix mbedtls_asn1_get_int to support any number of leading zeros. Credit - to OSS-Fuzz for finding a bug in an intermediate version of the fix. - * Fix mbedtls_asn1_get_bitstring_null to correctly parse bitstrings of at - most 2 bytes. - * mbedtls_ctr_drbg_set_entropy_len() and - mbedtls_hmac_drbg_set_entropy_len() now work if you call them before - mbedtls_ctr_drbg_seed() or mbedtls_hmac_drbg_seed(). - -Changes - * Remove the technical possibility to define custom mbedtls_md_info - structures, which was exposed only in an internal header. - * psa_close_key(0) and psa_destroy_key(0) now succeed (doing nothing, as - before). - * Variables containing error codes are now initialized to an error code - rather than success, so that coding mistakes or memory corruption tends to - cause functions to return this error code rather than a success. There are - no known instances where this changes the behavior of the library: this is - merely a robustness improvement. ARMmbed/mbed-crypto#323 - * Remove a useless call to mbedtls_ecp_group_free(). Contributed by - Alexander Krizhanovsky in ARMmbed/mbed-crypto#210. - * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack - Lloyd and Fortanix Inc in ARMmbed/mbed-crypto#277. - * Small performance improvement of mbedtls_mpi_div_mpi(). Contributed by - Alexander Krizhanovsky in ARMmbed/mbed-crypto#308. - -= mbed TLS 2.19.1 branch released 2019-09-16 - -Features - * Declare include headers as PUBLIC to propagate to CMake project consumers - Contributed by Zachary J. Fields in PR #2949. - * Add nss_keylog to ssl_client2 and ssl_server2, enabling easier analysis of - TLS sessions with tools like Wireshark. - -API Changes - * Make client_random and server_random const in - mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged - from modifying the client/server hello. - -Bugfix - * Fix some false-positive uninitialized variable warnings in crypto. Fix - contributed by apple-ihack-geek in #2663. - -= mbed TLS 2.19.0 branch released 2019-09-06 - -Security - * Fix a missing error detection in ECJPAKE. This could have caused a - predictable shared secret if a hardware accelerator failed and the other - side of the key exchange had a similar bug. - * When writing a private EC key, use a constant size for the private - value, as specified in RFC 5915. Previously, the value was written - as an ASN.1 INTEGER, which caused the size of the key to leak - about 1 bit of information on average and could cause the value to be - 1 byte too large for the output buffer. - * The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to - implement blinding. Because of this for the same key and message the same - blinding value was generated. This reduced the effectiveness of the - countermeasure and leaked information about the private key through side - channels. Reported by Jack Lloyd. - -Features - * Add new API functions mbedtls_ssl_session_save() and - mbedtls_ssl_session_load() to allow serializing a session, for example to - store it in non-volatile storage, and later using it for TLS session - resumption. - * Add a new API function mbedtls_ssl_check_record() to allow checking that - an incoming record is valid, authentic and has not been seen before. This - feature can be used alongside Connection ID and SSL context serialisation. - The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING - option. - * New implementation of X25519 (ECDH using Curve25519) from Project Everest - (https://project-everest.github.io/). It can be enabled at compile time - with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED. This implementation is formally - verified and significantly faster, but is only supported on x86 platforms - (32-bit and 64-bit) using GCC, Clang or Visual Studio. Contributed by - Christoph Wintersteiger from Microsoft Research. - * Add mbedtls_net_close(), enabling the building of forking servers where - the parent process closes the client socket and continue accepting, and - the child process closes the listening socket and handles the client - socket. Contributed by Robert Larsen in #2803. - -API Changes - * Add DER-encoded test CRTs to library/certs.c, allowing - the example programs ssl_server2 and ssl_client2 to be run - if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254. - * The HAVEGE state type now uses uint32_t elements instead of int. - * The functions mbedtls_ecp_curve_list() and mbedtls_ecp_grp_id_list() now - list all curves for which at least one of ECDH or ECDSA is supported, not - just curves for which both are supported. Call mbedtls_ecdsa_can_do() or - mbedtls_ecdh_can_do() on each result to check whether each algorithm is - supported. - * The new function mbedtls_ecdsa_sign_det_ext() is similar to - mbedtls_ecdsa_sign_det() but allows passing an external RNG for the - purpose of blinding. - -New deprecations - * Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an - RNG function as an input. - * Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument - is now deprecated. - -Bugfix - * Fix missing bounds checks in X.509 parsing functions that could - lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437. - * Fix multiple X.509 functions previously returning ASN.1 low-level error - codes to always wrap these codes into X.509 high level error codes before - returning. Fixes #2431. - * Fix to allow building test suites with any warning that detects unused - functions. Fixes #1628. - * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. - * Remove redundant include file in timing.c. Fixes #2640 reported by irwir. - * Fix build failure when building with mingw on Windows by including - stdarg.h where needed. Fixes #2656. - * Fix Visual Studio Release x64 build configuration by inheriting - PlatformToolset from the project configuration. Fixes #1430 reported by - irwir. - * Enable Suite B with subset of ECP curves. Make sure the code compiles even - if some curves are not defined. Fixes #1591 reported by dbedev. - * Fix misuse of signed arithmetic in the HAVEGE module. #2598 - * Avoid use of statically sized stack buffers for certificate writing. - This previously limited the maximum size of DER encoded certificates - in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631. - * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716. - * Update test certificates that were about to expire. Reported by - Bernhard M. Wiedemann in #2357. - * Fix the build on ARMv5TE in ARM mode to not use assembly instructions - that are only available in Thumb mode. Fix contributed by Aurelien Jarno - in #2169. - * Fix propagation of restart contexts in restartable EC operations. - This could previously lead to segmentation faults in builds using an - address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. - * Fix memory leak in in mpi_miller_rabin(). Contributed by - Jens Wiklander in #2363 - * Improve code clarity in x509_crt module, removing false-positive - uninitialized variable warnings on some recent toolchains (GCC8, etc). - Discovered and fixed by Andy Gross (Linaro), #2392. - * Fix bug in endianness conversion in bignum module. This lead to - functionally incorrect code on bigendian systems which don't have - __BYTE_ORDER__ defined. Reported by Brendan Shanks. Fixes #2622. - -Changes - * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. - * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h - suggests). #2671 - * Make `make clean` clean all programs always. Fixes #1862. - * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh, - docker-env.sh) to simplify running test suites on a Linux host. Contributed - by Peter Kolbus (Garmin). - * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable - test runs without variability. Contributed by Philippe Antoine (Catena - cyber) in #2681. - * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi. - * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz. - Contributed by Philippe Antoine (Catena cyber). - * Remove the crypto part of the library from Mbed TLS. The crypto - code and tests are now only available via Mbed Crypto, which - Mbed TLS references as a Git submodule. - -= mbed TLS 2.18.1 branch released 2019-07-12 - -Bugfix - * Fix build failure when building with mingw on Windows by including - stdarg.h where needed. Fixes #2656. - -Changes - * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by - Ashley Duncan in #2609. - -= mbed TLS 2.18.0 branch released 2019-06-11 - -Features - * Add the Any Policy certificate policy oid, as defined in - rfc 5280 section 4.2.1.4. - * It is now possible to use NIST key wrap mode via the mbedtls_cipher API. - Contributed by Jack Lloyd and Fortanix Inc. - * Add the Wi-SUN Field Area Network (FAN) device extended key usage. - * Add the oid certificate policy x509 extension. - * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest. - Contributed by Jack Lloyd and Fortanix Inc. - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, - and the used tls-prf. - * Add public API for tls-prf function, according to requested enum. - * Add support for parsing otherName entries in the Subject Alternative Name - X.509 certificate extension, specifically type hardware module name, - as defined in RFC 4108 section 5. - * Add support for parsing certificate policies extension, as defined in - RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is - supported. - * List all SAN types in the subject_alt_names field of the certificate. - Resolves #459. - * Add support for draft-05 of the Connection ID extension, as specified - in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05. - The Connection ID extension allows to keep DTLS connections beyond the - lifetime of the underlying transport by adding a connection identifier - to the DTLS record header. This identifier can be used to associated an - incoming record with the correct connection data even after the peer has - changed its IP or port. The feature is enabled at compile-time by setting - MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time - through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid(). - - -API Changes - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, - and the used tls-prf. - * Add public API for tls-prf function, according to requested enum. - -Bugfix - * Fix private key DER output in the key_app_writer example. File contents - were shifted by one byte, creating an invalid ASN.1 tag. Fixed by - Christian Walther in #2239. - * Fix potential memory leak in X.509 self test. Found and fixed by - Junhwan Park, #2106. - * Reduce stack usage of hkdf tests. Fixes #2195. - * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when - used with negative inputs. Found by Guido Vranken in #2404. Credit to - OSS-Fuzz. - * Fix bugs in the AEAD test suite which would be exposed by ciphers which - either used both encrypt and decrypt key schedules, or which perform padding. - GCM and CCM were not affected. Fixed by Jack Lloyd. - * Fix incorrect default port number in ssl_mail_client example's usage. - Found and fixed by irwir. #2337 - * Add psa_util.h to test/cpp_dummy_build to fix build_default_make_gcc_and_cxx. - Fixed by Peter Kolbus (Garmin). #2579 - * Add missing parentheses around parameters in the definition of the - public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation - in case operators binding less strongly than subtraction were used - for the parameter. - * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl - sni entry parameter. Reported by inestlerode in #560. - * Set the next sequence of the subject_alt_name to NULL when deleting - sequence on failure. Found and fix suggested by Philippe Antoine. - Credit to OSS-Fuzz. - -Changes - * Server's RSA certificate in certs.c was SHA-1 signed. In the default - mbedTLS configuration only SHA-2 signed certificates are accepted. - This certificate is used in the demo server programs, which lead the - client programs to fail at the peer's certificate verification - due to an unacceptable hash signature. The certificate has been - updated to one that is SHA-256 signed. Fix contributed by - Illya Gerasymchuk. - * Return from various debugging routines immediately if the - provided SSL context is unset. - * Remove dead code from bignum.c in the default configuration. - Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309. - * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. - Contributed by Peter Kolbus (Garmin). - * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to - improve clarity. Fixes #2258. - -= mbed TLS 2.17.0 branch released 2019-03-19 - -Features - * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()` - which allows copy-less parsing of DER encoded X.509 CRTs, - at the cost of additional lifetime constraints on the input - buffer, but at the benefit of reduced RAM consumption. - * Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1 - named bitstring in DER as required by RFC 5280 Appendix B. - * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites - from the default list (enabled by default). See - https://sweet32.info/SWEET32_CCS16.pdf. - -API Changes - * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. - See the Features section for more information. - * Allow to opt in to the removal the API mbedtls_ssl_get_peer_cert() - for the benefit of saving RAM, by disabling the new compile-time - option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (enabled by default for - API stability). Disabling this option makes mbedtls_ssl_get_peer_cert() - always return NULL, and removes the peer_cert field from the - mbedtls_ssl_session structure which otherwise stores the peer's - certificate. - -Security - * Make mbedtls_ecdh_get_params return an error if the second key - belongs to a different group from the first. Before, if an application - passed keys that belonged to different group, the first key's data was - interpreted according to the second group, which could lead to either - an error or a meaningless output from mbedtls_ecdh_get_params. In the - latter case, this could expose at most 5 bits of the private key. - -Bugfix - * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined - when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242. - * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. - Raised as a comment in #1996. - * Reduce the stack consumption of mbedtls_mpi_fill_random() which could - previously lead to a stack overflow on constrained targets. - * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions - in the header files, which missed the precompilation check. #971 - * Fix returning the value 1 when mbedtls_ecdsa_genkey failed. - * Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326. - * Remove the mbedtls namespacing from the header file, to fix a "file not found" - build error. Fixed by Haijun Gu #2319. - * Fix signed-to-unsigned integer conversion warning - in X.509 module. Fixes #2212. - * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion. - Fixes #2190. - * Fix false failure in all.sh when backup files exist in include/mbedtls - (e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407. - * Ensure that unused bits are zero when writing ASN.1 bitstrings when using - mbedtls_asn1_write_bitstring(). - * Fix issue when writing the named bitstrings in KeyUsage and NsCertType - extensions in CSRs and CRTs that caused these bitstrings to not be encoded - correctly as trailing zeroes were not accounted for as unused bits in the - leading content octet. Fixes #1610. - -Changes - * Reduce RAM consumption during session renegotiation by not storing - the peer CRT chain and session ticket twice. - * Include configuration file in all header files that use configuration, - instead of relying on other header files that they include. - Inserted as an enhancement for #1371 - * Add support for alternative CSR headers, as used by Microsoft and defined - in RFC 7468. Found by Michael Ernst. Fixes #767. - * Correct many misspellings. Fixed by MisterDA #2371. - * Provide an abstraction of vsnprintf to allow alternative implementations - for platforms that don't provide it. Based on contributions by Joris Aerts - and Nathaniel Wesley Filardo. - * Fix clobber list in MIPS assembly for large integer multiplication. - Previously, this could lead to functionally incorrect assembly being - produced by some optimizing compilers, showing up as failures in - e.g. RSA or ECC signature operations. Reported in #1722, fix suggested - by Aurelien Jarno and submitted by Jeffrey Martin. - * Reduce the complexity of the timing tests. They were assuming more than the - underlying OS actually guarantees. - * Fix configuration queries in ssl-opt.h. #2030 - * Ensure that ssl-opt.h can be run in OS X. #2029 - * Re-enable certain interoperability tests in ssl-opt.sh which had previously - been disabled for lack of a sufficiently recent version of GnuTLS on the CI. - * Ciphersuites based on 3DES now have the lowest priority by default when - they are enabled. - -= mbed TLS 2.16.0 branch released 2018-12-21 - -Features - * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation - of parameters in the API. This allows detection of obvious misuses of the - API, such as passing NULL pointers. The API of existing functions hasn't - changed, but requirements on parameters have been made more explicit in - the documentation. See the corresponding API documentation for each - function to see for which parameter values it is defined. This feature is - disabled by default. See its API documentation in config.h for additional - steps you have to take when enabling it. - -API Changes - * The following functions in the random generator modules have been - deprecated and replaced as shown below. The new functions change - the return type from void to int to allow returning error codes when - using MBEDTLS__ALT for the underlying AES or message digest - primitive. Fixes #1798. - mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() - mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() - * Extend ECDH interface to enable alternative implementations. - * Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for - ARIA, CAMELLIA and Blowfish. These error codes will be replaced by - the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA. - * Additional parameter validation checks have been added for the following - modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH, - ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI. - Where modules have had parameter validation added, existing parameter - checks may have changed. Some modules, such as Chacha20 had existing - parameter validation whereas other modules had little. This has now been - changed so that the same level of validation is present in all modules, and - that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default - is off. That means that checks which were previously present by default - will no longer be. - -New deprecations - * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update - in favor of functions that can return an error code. - -Bugfix - * Fix for Clang, which was reporting a warning for the bignum.c inline - assembly for AMD64 targets creating string literals greater than those - permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482. - * Fix runtime error in `mbedtls_platform_entropy_poll()` when run - through qemu user emulation. Reported and fix suggested by randombit - in #1212. Fixes #1212. - * Fix an unsafe bounds check when restoring an SSL session from a ticket. - This could lead to a buffer overflow, but only in case ticket authentication - was broken. Reported and fix suggested by Guido Vranken in #659. - * Add explicit integer to enumeration type casts to example program - programs/pkey/gen_key which previously led to compilation failure - on some toolchains. Reported by phoenixmcallister. Fixes #2170. - * Fix double initialization of ECC hardware that made some accelerators - hang. - * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence - of check for certificate/key matching. Reported by Attila Molnar, #507. - - = mbed TLS 2.15.1 branch released 2018-11-30 - - Changes - * Update the Mbed Crypto submodule to version 0.1.0b2. - - = mbed TLS 2.15.0 branch released 2018-11-23 - - Features - * Add an experimental build option, USE_CRYPTO_SUBMODULE, to enable use of - Mbed Crypto as the source of the cryptography implementation. - * Add an experimental configuration option, MBEDTLS_PSA_CRYPTO_C, to enable - the PSA Crypto API from Mbed Crypto when additionally used with the - USE_CRYPTO_SUBMODULE build option. - - Changes - * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx() - from the cipher abstraction layer. Fixes #2198. - -= mbed TLS 2.14.1 branch released 2018-11-30 - -Security - * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 - decryption that could lead to a Bleichenbacher-style padding oracle - attack. In TLS, this affects servers that accept ciphersuites based on - RSA decryption (i.e. ciphersuites whose name contains RSA but not - (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham - (University of Adelaide), Daniel Genkin (University of Michigan), - Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom - (University of Adelaide, Data61). The attack is described in more detail - in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 - * In mbedtls_mpi_write_binary(), don't leak the exact size of the number - via branching and memory access patterns. An attacker who could submit - a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing - of the decryption and not its result could nonetheless decrypt RSA - plaintexts and forge RSA signatures. Other asymmetric algorithms may - have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, - Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. - * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG - modules. - -API Changes - * The new functions mbedtls_ctr_drbg_update_ret() and - mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update() - and mbedtls_hmac_drbg_update() respectively, but the new functions - report errors whereas the old functions return void. We recommend that - applications use the new functions. - -= mbed TLS 2.14.0 branch released 2018-11-19 - -Security - * Fix overly strict DN comparison when looking for CRLs belonging to a - particular CA. This previously led to ignoring CRLs when the CRL's issuer - name and the CA's subject name differed in their string encoding (e.g., - one using PrintableString and the other UTF8String) or in the choice of - upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue - #1784. - * Fix a flawed bounds check in server PSK hint parsing. In case the - incoming message buffer was placed within the first 64KiB of address - space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker - to trigger a memory access up to 64KiB beyond the incoming message buffer, - potentially leading to an application crash or information disclosure. - * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The - previous settings for the number of rounds made it practical for an - adversary to construct non-primes that would be erroneously accepted as - primes with high probability. This does not have an impact on the - security of TLS, but can matter in other contexts with numbers chosen - potentially by an adversary that should be prime and can be validated. - For example, the number of rounds was enough to securely generate RSA key - pairs or Diffie-Hellman parameters, but was insufficient to validate - Diffie-Hellman parameters properly. - See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and - Kenneth G. Paterson and Juraj Somorovsky. - -Features - * Add support for temporarily suspending expensive ECC computations after - some configurable amount of operations. This is intended to be used in - constrained, single-threaded systems where ECC is time consuming and can - block other operations until they complete. This is disabled by default, - but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and - configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new - xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported - yet), and to existing functions in ECDH and SSL (currently only - implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2, - including client authentication). - * Add support for Arm CPU DSP extensions to accelerate asymmetric key - operations. On CPUs where the extensions are available, they can accelerate - MPI multiplications used in ECC and RSA cryptography. Contributed by - Aurelien Jarno. - * Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS - signature always used a salt with the same length as the hash, and returned - an error if this was not possible. Now the salt size may be up to two bytes - shorter. This allows the library to support all hash and signature sizes - that comply with FIPS 186-4, including SHA-512 with a 1024-bit key. - * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter - than 256 bits limits the security of generated material to 128 bits. - -API Changes - * Add a common error code of `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for - a feature that is not supported by underlying alternative - implementations implementing cryptographic primitives. This is useful for - hardware accelerators that don't implement all options or features. - -New deprecations - * All module specific errors following the form - MBEDTLS_ERR_XXX_FEATURE_UNAVAILABLE that indicate a feature is not - supported are deprecated and are now replaced by the new equivalent - platform error. - * All module specific generic hardware acceleration errors following the - form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced - by the equivalent plaform error. - * Deprecate the function mbedtls_mpi_is_prime() in favor of - mbedtls_mpi_is_prime_ext() which allows specifying the number of - Miller-Rabin rounds. - -Bugfix - * Fix wrong order of freeing in programs/ssl/ssl_server2 example - application leading to a memory leak in case both - MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set. - Fixes #2069. - * Fix a bug in the update function for SSL ticket keys which previously - invalidated keys of a lifetime of less than a 1s. Fixes #1968. - * Fix failure in hmac_drbg in the benchmark sample application, when - MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 - * Fix a bug in the record decryption routine ssl_decrypt_buf() - which lead to accepting properly authenticated but improperly - padded records in case of CBC ciphersuites using Encrypt-then-MAC. - * Fix memory leak and freeing without initialization in the example - program programs/x509/cert_write. Fixes #1422. - * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is - MBEDTLS_MODE_ECB. Found by ezdevelop. Fixes #1091. - * Zeroize memory used for buffering or reassembling handshake messages - after use. - * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization - of sensitive data in the example programs aescrypt2 and crypt_and_hash. - * Change the default string format used for various X.509 DN attributes to - UTF8String. Previously, the use of the PrintableString format led to - wildcards and non-ASCII characters being unusable in some DN attributes. - Reported by raprepo in #1860 and by kevinpt in #468. Fix contributed by - Thomas-Dee. - * Fix compilation failure for configurations which use compile time - replacements of standard calloc/free functions through the macros - MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. - Reported by ole-de and ddhome2006. Fixes #882, #1642 and #1706. - -Changes - * Removed support for Yotta as a build tool. - * Add tests for session resumption in DTLS. - * Close a test gap in (D)TLS between the client side and the server side: - test the handling of large packets and small packets on the client side - in the same way as on the server side. - * Change the dtls_client and dtls_server samples to work by default over - IPv6 and optionally by a build option over IPv4. - * Change the use of Windows threading to use Microsoft Visual C++ runtime - calls, rather than Win32 API calls directly. This is necessary to avoid - conflict with C runtime usage. Found and fixed by irwir. - * Remember the string format of X.509 DN attributes when replicating - X.509 DNs. Previously, DN attributes were always written in their default - string format (mostly PrintableString), which could lead to CRTs being - created which used PrintableStrings in the issuer field even though the - signing CA used UTF8Strings in its subject field; while X.509 compliant, - such CRTs were rejected in some applications, e.g. some versions of - Firefox, curl and GnuTLS. Reported in #1033 by Moschn. Fix contributed by - Thomas-Dee. - * Improve documentation of mbedtls_ssl_get_verify_result(). - Fixes #517 reported by github-monoculture. - * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and - use it to reduce error probability in RSA key generation to levels mandated - by FIPS-186-4. - -= mbed TLS 2.13.1 branch released 2018-09-06 - -API Changes - * Extend the platform module with an abstraction mbedtls_platform_gmtime_r() - whose implementation should behave as a thread-safe version of gmtime(). - This allows users to configure such an implementation at compile time when - the target system cannot be deduced automatically, by setting the option - MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to - automatically select implementations for Windows and POSIX C libraries. - -Bugfix - * Fix build failures on platforms where only gmtime() is available but - neither gmtime_r() nor gmtime_s() are present. Fixes #1907. - -= mbed TLS 2.13.0 branch released 2018-08-31 - -Security - * Fix an issue in the X.509 module which could lead to a buffer overread - during certificate extensions parsing. In case of receiving malformed - input (extensions length field equal to 0), an illegal read of one byte - beyond the input buffer is made. Found and analyzed by Nathan Crandall. - -Features - * Add support for fragmentation of outgoing DTLS handshake messages. This - is controlled by the maximum fragment length as set locally or negotiated - with the peer, as well as by a new per-connection MTU option, set using - mbedtls_ssl_set_mtu(). - * Add support for auto-adjustment of MTU to a safe value during the - handshake when flights do not get through (RFC 6347, section 4.1.1.1, - last paragraph). - * Add support for packing multiple records within a single datagram, - enabled by default. - * Add support for buffering out-of-order handshake messages in DTLS. - The maximum amount of RAM used for this can be controlled by the - compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined - in mbedtls/config.h. - -API Changes - * Add function mbedtls_ssl_set_datagram_packing() to configure - the use of datagram packing (enabled by default). - -Bugfix - * Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation - failure in the function could lead to other buffers being leaked. - * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if - MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 - * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails. - Fix contributed by Espressif Systems. - * Add ecc extensions only if an ecc based ciphersuite is used. - This improves compliance to RFC 4492, and as a result, solves - interoperability issues with BouncyCastle. Raised by milenamil in #1157. - * Replace printf with mbedtls_printf in the ARIA module. Found by - TrinityTonic in #1908. - * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len() - and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941. - * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake - with TLS versions 1.1 and earlier when the server requested authentication - without providing a list of CAs. This was due to an overly strict bounds - check in parsing the CertificateRequest message, - introduced in Mbed TLS 2.12.0. Fixes #1954. - * Fix a miscalculation of the maximum record expansion in - mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites, - or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914. - * Fix undefined shifts with negative values in certificates parsing - (found by Catena cyber using oss-fuzz) - * Fix memory leak and free without initialization in pk_encrypt - and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128. - * Remove redundant else statement. Raised by irwir. Fixes #1776. - -Changes - * Copy headers preserving timestamps when doing a "make install". - Contributed by xueruini. - * Allow the forward declaration of public structs. Contributed by Dawid - Drozd. Fixes #1215 raised by randombit. - * Improve compatibility with some alternative CCM implementations by using - CCM test vectors from RAM. - * Add support for buffering of out-of-order handshake messages. - * Add warnings to the documentation of the HKDF module to reduce the risk - of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand() - functions. Fixes #1775. Reported by Brian J. Murray. - -= mbed TLS 2.12.0 branch released 2018-07-25 - -Security - * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384, - in (D)TLS 1.0 to 1.2, that allowed an active network attacker to - partially recover the plaintext of messages under some conditions by - exploiting timing measurements. With DTLS, the attacker could perform - this recovery by sending many messages in the same connection. With TLS - or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only - worked if the same secret (for example a HTTP Cookie) has been repeatedly - sent over connections manipulated by the attacker. Connections using GCM - or CCM instead of CBC, using hash sizes other than SHA-384, or using - Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was - caused by a miscalculation (for SHA-384) in a countermeasure to the - original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi - Shamir. - * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to - 1.2, that allowed a local attacker, able to execute code on the local - machine as well as manipulate network packets, to partially recover the - plaintext of messages under some conditions by using a cache attack - targeting an internal MD/SHA buffer. With TLS or if - mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if - the same secret (for example a HTTP Cookie) has been repeatedly sent over - connections manipulated by the attacker. Connections using GCM or CCM - instead of CBC or using Encrypt-then-Mac (RFC 7366) were not affected. - Found by Kenny Paterson, Eyal Ronen and Adi Shamir. - * Add a counter-measure against a vulnerability in TLS ciphersuites based - on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to - execute code on the local machine as well as manipulate network packets, - to partially recover the plaintext of messages under some conditions (see - previous entry) by using a cache attack targeting the SSL input record - buffer. Connections using GCM or CCM instead of CBC or using - Encrypt-then-Mac (RFC 7366) were not affected. Found by Kenny Paterson, - Eyal Ronen and Adi Shamir. - -Features - * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time - authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed - by Daniel King. - * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905. - * Add platform support for the Haiku OS. (https://www.haiku-os.org). - Contributed by Augustin Cavalier. - * Make the receive and transmit buffers independent sizes, for situations - where the outgoing buffer can be fixed at a smaller size than the incoming - buffer, which can save some RAM. If buffer lengths are kept equal, there - is no functional difference. Contributed by Angus Gratton, and also - independently contributed again by Paul Sokolovsky. - * Add support for key wrapping modes based on AES as defined by - NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649. - -Bugfix - * Fix the key_app_writer example which was writing a leading zero byte which - was creating an invalid ASN.1 tag. Found by Aryeh R. Fixes #1257. - * Fix compilation error on C++, because of a variable named new. - Found and fixed by Hirotaka Niisato in #1783. - * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix - contributed by tabascoeye. - * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid - return value. Found by @davidwu2000. #839 - * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber, - Philippe Antoine. Fixes #1623. - * Remove unused headers included in x509.c. Found by Chris Hanson and fixed - by Brendan Shanks. Part of a fix for #992. - * Fix compilation error when MBEDTLS_ARC4_C is disabled and - MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719. - * Added length checks to some TLS parsing functions. Found and fixed by - Philippe Antoine from Catena cyber. #1663. - * Fix the inline assembly for the MPI multiply helper function for i386 and - i386 with SSE2. Found by László Langó. Fixes #1550 - * Fix namespacing in header files. Remove the `mbedtls` namespacing in - the `#include` in the header files. Resolves #857 - * Fix compiler warning of 'use before initialisation' in - mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid - Drozd. #1098 - * Fix decryption for zero length messages (which contain all padding) when a - CBC based ciphersuite is used together with Encrypt-then-MAC. Previously, - such a message was wrongly reported as an invalid record and therefore lead - to the connection being terminated. Seen most often with OpenSSL using - TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix - contributed by Espressif Systems. Fixes #1632 - * Fix ssl_client2 example to send application data with 0-length content - when the request_size argument is set to 0 as stated in the documentation. - Fixes #1833. - * Correct the documentation for `mbedtls_ssl_get_session()`. This API has - deep copy of the session, and the peer certificate is not lost. Fixes #926. - * Fix build using -std=c99. Fixed by Nick Wilson. - -Changes - * Fail when receiving a TLS alert message with an invalid length, or invalid - zero-length messages when using TLS 1.2. Contributed by Espressif Systems. - * Change the default behaviour of mbedtls_hkdf_extract() to return an error - when calling with a NULL salt and non-zero salt_len. Contributed by - Brian J Murray - * Change the shebang line in Perl scripts to look up perl in the PATH. - Contributed by fbrosson. - * Allow overriding the time on Windows via the platform-time abstraction. - Fixed by Nick Wilson. - * Use gmtime_r/gmtime_s for thread-safety. Fixed by Nick Wilson. - -= mbed TLS 2.11.0 branch released 2018-06-18 - -Features - * Add additional block mode, OFB (Output Feedback), to the AES module and - cipher abstraction module. - * Implement the HMAC-based extract-and-expand key derivation function - (HKDF) per RFC 5869. Contributed by Thomas Fossati. - * Add support for the CCM* block cipher mode as defined in IEEE Std. 802.15.4. - * Add support for the XTS block cipher mode with AES (AES-XTS). - Contributed by Aorimn in pull request #414. - * In TLS servers, support offloading private key operations to an external - cryptoprocessor. Private key operations can be asynchronous to allow - non-blocking operation of the TLS server stack. - -Bugfix - * Fix the cert_write example to handle certificates signed with elliptic - curves as well as RSA. Fixes #777 found by dbedev. - * Fix for redefinition of _WIN32_WINNT to avoid overriding a definition - used by user applications. Found and fixed by Fabio Alessandrelli. - * Fix compilation warnings with IAR toolchain, on 32 bit platform. - Reported by rahmanih in #683 - * Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552. - -Changes - * Changed CMake defaults for IAR to treat all compiler warnings as errors. - * Changed the Clang parameters used in the CMake build files to work for - versions later than 3.6. Versions of Clang earlier than this may no longer - work. Fixes #1072 - -= mbed TLS 2.10.0 branch released 2018-06-06 - -Features - * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites - (RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h - -API Changes - * Extend the platform module with a util component that contains - functionality shared by multiple Mbed TLS modules. At this stage - platform_util.h (and its associated platform_util.c) only contain - mbedtls_platform_zeroize(), which is a critical function from a security - point of view. mbedtls_platform_zeroize() needs to be regularly tested - against compilers to ensure that calls to it are not removed from the - output binary as part of redundant code elimination optimizations. - Therefore, mbedtls_platform_zeroize() is moved to the platform module to - facilitate testing and maintenance. - -Bugfix - * Fix an issue with MicroBlaze support in bn_mul.h which was causing the - build to fail. Found by zv-io. Fixes #1651. - -Changes - * Support TLS testing in out-of-source builds using cmake. Fixes #1193. - * Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by - TrinityTonic. #1359. - -= mbed TLS 2.9.0 branch released 2018-04-30 - -Security - * Fix an issue in the X.509 module which could lead to a buffer overread - during certificate validation. Additionally, the issue could also lead to - unnecessary callback checks being made or to some validation checks to be - omitted. The overread could be triggered remotely, while the other issues - would require a non DER-compliant certificate to be correctly signed by a - trusted CA, or a trusted CA with a non DER-compliant certificate. Found by - luocm. Fixes #825. - * Fix the buffer length assertion in the ssl_parse_certificate_request() - function which led to an arbitrary overread of the message buffer. The - overreads could be caused by receiving a malformed message at the point - where an optional signature algorithms list is expected when the signature - algorithms section is too short. In builds with debug output, the overread - data is output with the debug data. - * Fix a client-side bug in the validation of the server's ciphersuite choice - which could potentially lead to the client accepting a ciphersuite it didn't - offer or a ciphersuite that cannot be used with the TLS or DTLS version - chosen by the server. This could lead to corruption of internal data - structures for some configurations. - -Features - * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES - tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB. - Suggested and contributed by jkivilin in pull request #394. - * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and - ECDH primitive functions (mbedtls_ecdh_gen_public(), - mbedtls_ecdh_compute_shared()) are supported for now. Contributed by - Nicholas Wilson in pull request #348. - -API Changes - * Extend the public API with the function of mbedtls_net_poll() to allow user - applications to wait for a network context to become ready before reading - or writing. - * Add function mbedtls_ssl_check_pending() to the public API to allow - a check for whether more more data is pending to be processed in the - internal message buffers. - This function is necessary to determine when it is safe to idle on the - underlying transport in case event-driven IO is used. - -Bugfix - * Fix a spurious uninitialized variable warning in cmac.c. Fix independently - contributed by Brian J Murray and David Brown. - * Add missing dependencies in test suites that led to build failures - in configurations that omit certain hashes or public-key algorithms. - Fixes #1040. - * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. - #1353 - * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and - MBEDTLS_VERSION_FEATURES in some test suites. Contributed by - Deomid Ryabkov. Fixes #1299, #1475. - * Fix the Makefile build process for building shared libraries on Mac OS X. - Fixed by mnacamura. - * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was - unable to parse keys which had only the optional parameters field of the - ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. - * Return the plaintext data more quickly on unpadded CBC decryption, as - stated in the mbedtls_cipher_update() documentation. Contributed by - Andy Leiserson. - * Fix overriding and ignoring return values when parsing and writing to - a file in pk_sign program. Found by kevlut in #1142. - * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations - where data needs to be fetched from the underlying transport in order - to make progress. Previously, this error code was also occasionally - returned when unexpected messages were being discarded, ignoring that - further messages could potentially already be pending to be processed - in the internal buffers; these cases led to deadlocks when event-driven - I/O was used. Found and reported by Hubert Mis in #772. - * Fix buffer length assertions in the ssl_parse_certificate_request() - function which leads to a potential one byte overread of the message - buffer. - * Fix invalid buffer sizes passed to zlib during record compression and - decompression. - * Fix the soversion of libmbedcrypto to match the soversion of the - maintained 2.7 branch. The soversion was increased in Mbed TLS - version 2.7.1 to reflect breaking changes in that release, but the - increment was missed in 2.8.0 and later releases outside of the 2.7 branch. - -Changes - * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. - * Support cmake builds where Mbed TLS is a subproject. Fix contributed - independently by Matthieu Volat and Arne Schwabe. - * Improve testing in configurations that omit certain hashes or - public-key algorithms. Includes contributions by Gert van Dijk. - * Improve negative testing of X.509 parsing. - * Do not define global mutexes around readdir() and gmtime() in - configurations where the feature is disabled. Found and fixed by Gergely - Budai. - * Harden the function mbedtls_ssl_config_free() against misuse, so that it - doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and - instead incorrectly manipulates the configuration structure directly. - Found and fix submitted by junyeonLEE in #1220. - * Provide an empty implementation of mbedtls_pkcs5_pbes2() when - MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 - without PBES2. Fixed by Marcos Del Sol Vives. - * Add the order of the base point as N in the mbedtls_ecp_group structure - for Curve25519 (other curves had it already). Contributed by Nicholas - Wilson #481 - * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan - Krylov. - * Improve the documentation of mbedtls_ssl_write(). Suggested by - Paul Sokolovsky in #1356. - * Add an option in the Makefile to support ar utilities where the operation - letter must not be prefixed by '-', such as LLVM. Found and fixed by - Alex Hixon. - * Allow configuring the shared library extension by setting the DLEXT - environment variable when using the project makefiles. - * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution - by Alexey Skalozub in #405. - * In the SSL module, when f_send, f_recv or f_recv_timeout report - transmitting more than the required length, return an error. Raised by - Sam O'Connor in #1245. - * Improve robustness of mbedtls_ssl_derive_keys against the use of - HMAC functions with non-HMAC ciphersuites. Independently contributed - by Jiayuan Chen in #1377. Fixes #1437. - * Improve security of RSA key generation by including criteria from - FIPS 186-4. Contributed by Jethro Beekman. #1380 - * Declare functions in header files even when an alternative implementation - of the corresponding module is activated by defining the corresponding - MBEDTLS_XXX_ALT macro. This means that alternative implementations do - not need to copy the declarations, and ensures that they will have the - same API. - * Add platform setup and teardown calls in test suites. - -= mbed TLS 2.8.0 branch released 2018-03-16 - -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - -Security - * Fix implementation of the truncated HMAC extension. The previous - implementation allowed an offline 2^80 brute force attack on the - HMAC key of a single, uninterrupted connection (with no - resumption of the session). - * Verify results of RSA private key operations to defend - against Bellcore glitch attack. - * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause - a crash on invalid input. - * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a - crash on invalid input. - * Fix CRL parsing to reject CRLs containing unsupported critical - extensions. Found by Falko Strenzke and Evangelos Karatsiolis. - -Features - * Extend PKCS#8 interface by introducing support for the entire SHA - algorithms family when encrypting private keys using PKCS#5 v2.0. - This allows reading encrypted PEM files produced by software that - uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli, - OpenVPN Inc. Fixes #1339 - * Add support for public keys encoded in PKCS#1 format. #1122 - -New deprecations - * Deprecate support for record compression (configuration option - MBEDTLS_ZLIB_SUPPORT). - -Bugfix - * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. - Fixes #1358. - * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 - * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates - with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. - In the context of SSL, this resulted in handshake failure. Reported by - daniel in the Mbed TLS forum. #1351 - * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 - * Fix setting version TLSv1 as minimal version, even if TLS 1 - is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION - and MBEDTLS_SSL_MIN_MINOR_VERSION instead of - MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664 - * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE - only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and - Nick Wilson on issue #355 - * In test_suite_pk, pass valid parameters when testing for hash length - overflow. #1179 - * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found - by Guido Vranken. #639 - * Log correct number of ciphersuites used in Client Hello message. #918 - * Fix X509 CRT parsing that would potentially accept an invalid tag when - parsing the subject alternative names. - * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange() - that could cause a key exchange to fail on valid data. - * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that - could cause a key exchange to fail on valid data. - * Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under - MBEDTLS_DEPRECATED_REMOVED. #1388 - * Fix a 1-byte heap buffer overflow (read-only) during private key parsing. - Found through fuzz testing. - -Changes - * Fix tag lengths and value ranges in the documentation of CCM encryption. - Contributed by Mathieu Briand. - * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. - * Remove support for the library reference configuration for picocoin. - * MD functions deprecated in 2.7.0 are no longer inline, to provide - a migration path for those depending on the library's ABI. - * Clarify the documentation of mbedtls_ssl_setup. - * Use (void) when defining functions with no parameters. Contributed by - Joris Aerts. #678 - -= mbed TLS 2.7.0 branch released 2018-02-03 - -Security - * Fix a heap corruption issue in the implementation of the truncated HMAC - extension. When the truncated HMAC extension is enabled and CBC is used, - sending a malicious application packet could be used to selectively corrupt - 6 bytes on the peer's heap, which could potentially lead to crash or remote - code execution. The issue could be triggered remotely from either side in - both TLS and DTLS. CVE-2018-0488 - * Fix a buffer overflow in RSA-PSS verification when the hash was too large - for the key size, which could potentially lead to crash or remote code - execution. Found by Seth Terashima, Qualcomm Product Security Initiative, - Qualcomm Technologies Inc. CVE-2018-0487 - * Fix buffer overflow in RSA-PSS verification when the unmasked data is all - zeros. - * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding - 64 KiB to the address of the SSL buffer and causing a wrap around. - * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by - default enabled) maximum fragment length extension is disabled in the - config and the application data buffer passed to mbedtls_ssl_write - is larger than the internal message buffer (16384 bytes by default), the - latter overflows. The exploitability of this issue depends on whether the - application layer can be forced into sending such large packets. The issue - was independently reported by Tim Nordell via e-mail and by Florin Petriuc - and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. - Fixes #707. - * Add a provision to prevent compiler optimizations breaking the time - constancy of mbedtls_ssl_safer_memcmp(). - * Ensure that buffers are cleared after use if they contain sensitive data. - Changes were introduced in multiple places in the library. - * Set PEM buffer to zero before freeing it, to avoid decoded private keys - being leaked to memory after release. - * Fix dhm_check_range() failing to detect trivial subgroups and potentially - leaking 1 bit of the private key. Reported by prashantkspatil. - * Make mbedtls_mpi_read_binary() constant-time with respect to the input - data. Previously, trailing zero bytes were detected and omitted for the - sake of saving memory, but potentially leading to slight timing - differences. Reported by Marco Macchetti, Kudelski Group. - * Wipe stack buffer temporarily holding EC private exponent - after keypair generation. - * Fix a potential heap buffer over-read in ALPN extension parsing - (server-side). Could result in application crash, but only if an ALPN - name larger than 16 bytes had been configured on the server. - * Change default choice of DHE parameters from untrustworthy RFC 5114 - to RFC 3526 containing parameters generated in a nothing-up-my-sleeve - manner. - -Features - * Allow comments in test data files. - * The selftest program can execute a subset of the tests based on command - line arguments. - * New unit tests for timing. Improve the self-test to be more robust - when run on a heavily-loaded machine. - * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, - MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs. - * Add support for alternative implementations of GCM, selected by the - configuration flag MBEDTLS_GCM_ALT. - * Add support for alternative implementations for ECDSA, controlled by new - configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and - MBEDTLS_ECDSDA_GENKEY_AT in config.h. - The following functions from the ECDSA module can be replaced - with alternative implementation: - mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). - * Add support for alternative implementation of ECDH, controlled by the - new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and - MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h. - The following functions from the ECDH module can be replaced - with an alternative implementation: - mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). - * Add support for alternative implementation of ECJPAKE, controlled by - the new configuration flag MBEDTLS_ECJPAKE_ALT. - * Add mechanism to provide alternative implementation of the DHM module. - -API Changes - * Extend RSA interface by multiple functions allowing structure- - independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting - up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup private RSA - contexts from keys consisting of N,D,E only, even if P,Q are needed for the - purpose or CRT and/or blinding. - * The configuration option MBEDTLS_RSA_ALT can be used to define alternative - implementations of the RSA interface declared in rsa.h. - * The following functions in the message digest modules (MD2, MD4, MD5, - SHA1, SHA256, SHA512) have been deprecated and replaced as shown below. - The new functions change the return type from void to int to allow - returning error codes when using MBEDTLS__ALT. - mbedtls__starts() -> mbedtls__starts_ret() - mbedtls__update() -> mbedtls__update_ret() - mbedtls__finish() -> mbedtls__finish_ret() - mbedtls__process() -> mbedtls_internal__process() - -New deprecations - * Deprecate usage of RSA primitives with non-matching key-type - (e.g. signing with a public key). - * Direct manipulation of structure fields of RSA contexts is deprecated. - Users are advised to use the extended RSA API instead. - * Deprecate usage of message digest functions that return void - (mbedtls__starts, mbedtls__update, - mbedtls__finish and mbedtls__process where is - any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions - that can return an error code. - * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by - parameters from RFC 3526 or the newly added parameters from RFC 7919. - * Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc. - Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN - etc. - * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters - from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() - accepting DHM parameters in binary form, matching the new constants. - -Bugfix - * Fix ssl_parse_record_header() to silently discard invalid DTLS records - as recommended in RFC 6347 Section 4.1.2.7. - * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by projectgus and Jethro Beekman, #836. - * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. - * Parse signature algorithm extension when renegotiating. Previously, - renegotiated handshakes would only accept signatures using SHA-1 - regardless of the peer's preferences, or fail if SHA-1 was disabled. - * Fix leap year calculation in x509_date_is_valid() to ensure that invalid - dates on leap years with 100 and 400 intervals are handled correctly. Found - by Nicholas Wilson. #694 - * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were - accepted. Generating these signatures required the private key. - * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys. - Found independently by Florian in the mbed TLS forum and by Mishamax. - #878, #1019. - * Fix variable used before assignment compilation warnings with IAR - toolchain. Found by gkerrien38. - * Fix unchecked return codes from AES, DES and 3DES functions in - pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively. - If a call to one of the functions of the cryptographic primitive modules - failed, the error may not be noticed by the function - mbedtls_pem_read_buffer() causing it to return invalid values. Found by - Guido Vranken. #756 - * Include configuration file in md.h, to fix compilation warnings. - Reported by aaronmdjones in #1001 - * Correct extraction of signature-type from PK instance in X.509 CRT and CSR - writing routines that prevented these functions to work with alternative - RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. - * Don't print X.509 version tag for v1 CRT's, and omit extensions for - non-v3 CRT's. - * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024 - * Fix net_would_block() to avoid modification by errno through fcntl() call. - Found by nkolban. Fixes #845. - * Fix handling of handshake messages in mbedtls_ssl_read() in case - MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp. - * Add a check for invalid private parameters in mbedtls_ecdsa_sign(). - Reported by Yolan Romailler. - * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64. - * Fix incorrect unit in benchmark output. #850 - * Add size-checks for record and handshake message content, securing - fragile yet non-exploitable code-paths. - * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by - MilenkoMitrovic, #1104 - * Fix mbedtls_timing_alarm(0) on Unix and MinGW. - * Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1. - * Fix possible memory leaks in mbedtls_gcm_self_test(). - * Added missing return code checks in mbedtls_aes_self_test(). - * Fix issues in RSA key generation program programs/x509/rsa_genkey and the - RSA test suite where the failure of CTR DRBG initialization lead to - freeing an RSA context and several MPI's without proper initialization - beforehand. - * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. - * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. - Found and fixed by Martijn de Milliano. - * Fix an issue in the cipher decryption with the mode - MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding. - Note, this padding mode is not used by the TLS protocol. Found and fixed by - Micha Kraus. - * Fix the entropy.c module to not call mbedtls_sha256_starts() or - mbedtls_sha512_starts() in the mbedtls_entropy_init() function. - * Fix the entropy.c module to ensure that mbedtls_sha256_init() or - mbedtls_sha512_init() is called before operating on the relevant context - structure. Do not assume that zeroizing a context is a correct way to - reset it. Found independently by ccli8 on Github. - * In mbedtls_entropy_free(), properly free the message digest context. - * Fix status handshake status message in programs/ssl/dtls_client.c. Found - and fixed by muddog. - -Changes - * Extend cert_write example program by options to set the certificate version - and the message digest. Further, allow enabling/disabling of authority - identifier, subject identifier and basic constraints extensions. - * Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In - particular, don't require P,Q if neither CRT nor blinding are - used. Reported and fix proposed independently by satur9nine and sliai - on GitHub. - * Only run AES-192 self-test if AES-192 is available. Fixes #963. - * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the - undeclared dependency of the RSA module on the ASN.1 module. - * Update all internal usage of deprecated message digest functions to the - new ones with return codes. In particular, this modifies the - mbedtls_md_info_t structure. Propagate errors from these functions - everywhere except some locations in the ssl_tls.c module. - * Improve CTR_DRBG error handling by propagating underlying AES errors. - * Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography - modules where the software implementation can be replaced by a hardware - implementation. - * Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4 - throughout the library. - -= mbed TLS 2.6.0 branch released 2017-08-10 - -Security - * Fix authentication bypass in SSL/TLS: when authmode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. This could be - triggered remotely from either side. (With authmode set to 'required' - (the default), the handshake was correctly aborted). - * Reliably wipe sensitive data after use in the AES example applications - programs/aes/aescrypt2 and programs/aes/crypt_and_hash. - Found by Laurent Simon. - -Features - * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - and the context struct mbedtls_platform_context to perform - platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden - by the user in a platform_alt.h file. These new functions are required in - some embedded environments to provide a means of initialising underlying - cryptographic acceleration hardware. - -API Changes - * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the - API consistent with mbed TLS 2.5.0. Specifically removed the inline - qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found - by James Cowgill. #978 - * Certificate verification functions now set flags to -1 in case the full - chain was not verified due to an internal error (including in the verify - callback) or chain length limitations. - * With authmode set to optional, the TLS handshake is now aborted if the - verification of the peer's certificate failed due to an overlong chain or - a fatal error in the verify callback. - -Bugfix - * Add a check if iv_len is zero in GCM, and return an error if it is zero. - Reported by roberto. #716 - * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. #696 - * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(), - in the case of an error. Found by redplait. #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken. #740 - * Fix conditional preprocessor directives in bignum.h to enable 64-bit - compilation when using ARM Compiler 6. - * Fix a potential integer overflow in the version verification for DER - encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - * Fix potential integer overflow in the version verification for DER - encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - * Fix a potential integer overflow in the version verification for DER - encoded X.509 certificates. The overflow could enable maliciously - constructed certificates to bypass the certificate verification check. - * Fix a call to the libc function time() to call the platform abstraction - function mbedtls_time() instead. Found by wairua. #666 - * Avoid shadowing of time and index functions through mbed TLS function - arguments. Found by inestlerode. #557. - -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. This is useful on embedded platforms where 64-bit division - created a dependency on external libraries. #708 - * Removed mutexes from ECP hardware accelerator code. Now all hardware - accelerator code in the library leaves concurrency handling to the - platform. Reported by Steven Cooreman. #863 - * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file - config-no-entropy.h to reduce the RAM footprint. - * Added a test script that can be hooked into git that verifies commits - before they are pushed. - * Improve documentation of PKCS1 decryption functions. - -= mbed TLS 2.5.1 released 2017-06-21 - -Security - * Fixed unlimited overread of heap-based buffer in mbedtls_ssl_read(). - The issue could only happen client-side with renegotiation enabled. - Could result in DoS (application crash) or information leak - (if the application layer sent data read from mbedtls_ssl_read() - back to the server or to a third party). Can be triggered remotely. - * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for - certificate verification. SHA-1 can be turned back on with a compile-time - option if needed. - * Fixed offset in FALLBACK_SCSV parsing that caused TLS server to fail to - detect it sometimes. Reported by Hugo Leisink. #810 - * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a - potential Bleichenbacher/BERserk-style attack. - -Bugfix - * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not - valid C and they prevented the test from compiling in Visual Studio 2015 - and with GCC using the -Wpedantic compilation option. - * Fix insufficient support for signature-hash-algorithm extension, - resulting in compatibility problems with Chrome. Found by hfloyrd. #823 - * Fix behaviour that hid the original cause of fatal alerts in some cases - when sending the alert failed. The fix makes sure not to hide the error - that triggered the alert. - * Fix SSLv3 renegotiation behaviour and stop processing data received from - peer after sending a fatal alert to refuse a renegotiation attempt. - Previous behaviour was to keep processing data even after the alert has - been sent. - * Accept empty trusted CA chain in authentication mode - MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864 - * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate - fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to - reflect bad EC curves within verification result. - * Fix bug that caused the modular inversion function to accept the invalid - modulus 1 and therefore to hang. Found by blaufish. #641. - * Fix incorrect sign computation in modular exponentiation when the base is - a negative MPI. Previously the result was always negative. Found by Guido - Vranken. - * Fix a numerical underflow leading to stack overflow in mpi_read_file() - that was triggered uppon reading an empty line. Found by Guido Vranken. - -Changes - * Send fatal alerts in more cases. The previous behaviour was to skip - sending the fatal alert and just drop the connection. - * Clarify ECDSA documentation and improve the sample code to avoid - misunderstanding and potentially dangerous use of the API. Pointed out - by Jean-Philippe Aumasson. - -= mbed TLS 2.5.0 branch released 2017-05-17 - -Security - * Wipe stack buffers in RSA private key operations - (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent - Simon. - * Add exponent blinding to RSA private operations as a countermeasure - against side-channel attacks like the cache attack described in - https://arxiv.org/abs/1702.08719v2. - Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss, - Clémentine Maurice and Stefan Mangard. - -Features - * Add hardware acceleration support for the Elliptic Curve Point module. - This involved exposing parts of the internal interface to enable - replacing the core functions and adding and alternative, module level - replacement support for enabling the extension of the interface. - * Add a new configuration option to 'mbedtls_ssl_config' to enable - suppressing the CA list in Certificate Request messages. The default - behaviour has not changed, namely every configured CAs name is included. - -API Changes - * The following functions in the AES module have been deprecated and replaced - by the functions shown below. The new functions change the return type from - void to int to allow returning error codes when using MBEDTLS_AES_ALT, - MBEDTLS_AES_DECRYPT_ALT or MBEDTLS_AES_ENCRYPT_ALT. - mbedtls_aes_decrypt() -> mbedtls_internal_aes_decrypt() - mbedtls_aes_encrypt() -> mbedtls_internal_aes_encrypt() - -Bugfix - * Remove macros from compat-1.3.h that correspond to deleted items from most - recent versions of the library. Found by Kyle Keen. - * Fixed issue in the Threading module that prevented mutexes from - initialising. Found by sznaider. #667 #843 - * Add checks in the PK module for the RSA functions on 64-bit systems. - The PK and RSA modules use different types for passing hash length and - without these checks the type cast could lead to data loss. Found by Guido - Vranken. - -= mbed TLS 2.4.2 branch released 2017-03-08 - -Security - * Add checks to prevent signature forgeries for very large messages while - using RSA through the PK module in 64-bit systems. The issue was caused by - some data loss when casting a size_t to an unsigned int value in the - functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and - mbedtls_pk_sign(). Found by Jean-Philippe Aumasson. - * Fixed potential livelock during the parsing of a CRL in PEM format in - mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing - characters after the footer could result in the execution of an infinite - loop. The issue can be triggered remotely. Found by Greg Zaverucha, - Microsoft. - * Removed MD5 from the allowed hash algorithms for CertificateRequest and - CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. - Introduced by interoperability fix for #513. - * Fixed a bug that caused freeing a buffer that was allocated on the stack, - when verifying the validity of a key on secp224k1. This could be - triggered remotely for example with a maliciously constructed certificate - and potentially could lead to remote code execution on some platforms. - Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos - team. #569 CVE-2017-2784 - -Bugfix - * Fix output certificate verification flags set by x509_crt_verify_top() when - traversing a chain of trusted CA. The issue would cause both flags, - MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be - set when the verification conditions are not met regardless of the cause. - Found by Harm Verhagen and inestlerode. #665 #561 - * Fix the redefinition of macro ssl_set_bio to an undefined symbol - mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. - Found by omlib-lin. #673 - * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and - x509_csr.c that are reported when building mbed TLS with a config.h that - does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562 - * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that - would compare 64 bits of the record counter instead of 48 bits as indicated - in RFC 6347 Section 4.3.1. This could cause the execution of the - renegotiation routines at unexpected times when the protocol is DTLS. Found - by wariua. #687 - * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in PEM format to extract the different components. Found - by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_md2_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng - Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. - * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused - by missing calls to mbedtls_pem_free() in cases when a - MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and - fix proposed by Guido Vranken. #722 - * Fixed the templates used to generate project and solution files for Visual - Studio 2015 as well as the files themselves, to remove a build warning - generated in Visual Studio 2015. Reported by Steve Valliere. #742 - * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. - Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771 - * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI - number to write in hexadecimal is negative and requires an odd number of - digits. Found and fixed by Guido Vranken. - * Fix unlisted DES configuration dependency in some pkparse test cases. Found - by inestlerode. #555 - -= mbed TLS 2.4.1 branch released 2016-12-13 - -Changes - * Update to CMAC test data, taken from - NIST Special Publication 800-38B - - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for - Authentication – October 2016 - -= mbed TLS 2.4.0 branch released 2016-10-17 - -Security - * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant - with RFC-5116 and could lead to session key recovery in very long TLS - sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in - TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic. - https://eprint.iacr.org/2016/475.pdf - * Fixed potential stack corruption in mbedtls_x509write_crt_der() and - mbedtls_x509write_csr_der() when the signature is copied to the buffer - without checking whether there is enough space in the destination. The - issue cannot be triggered remotely. Found by Jethro Beekman. - -Features - * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by - NIST SP 800-38B, RFC-4493 and RFC-4615. - * Added hardware entropy selftest to verify that the hardware entropy source - is functioning correctly. - * Added a script to print build environment info for diagnostic use in test - scripts, which is also now called by all.sh. - * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to - configure the maximum length of a file path that can be buffered when - calling mbedtls_x509_crt_parse_path(). - * Added a configuration file config-no-entropy.h that configures the subset of - library features that do not require an entropy source. - * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users - to configure the minimum number of bytes for entropy sources using the - mbedtls_hardware_poll() function. - -Bugfix - * Fix for platform time abstraction to avoid dependency issues where a build - may need time but not the standard C library abstraction, and added - configuration consistency checks to check_config.h - * Fix dependency issue in Makefile to allow parallel builds. - * Fix incorrect handling of block lengths in crypt_and_hash.c sample program, - when GCM is used. Found by udf2457. #441 - * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't - enabled unless others were also present. Found by David Fernandez. #428 - * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on - a contribution from Tobias Tangemann. #541 - * Fixed cert_app.c sample program for debug output and for use when no root - certificates are provided. - * Fix conditional statement that would cause a 1 byte overread in - mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 - * Fixed pthread implementation to avoid unintended double initialisations - and double frees. Found by Niklas Amnebratt. - * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for - builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found - by inestlerode. #559. - * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf - data structure until after error checks are successful. Found by - subramanyam-c. #622 - * Fix documentation and implementation missmatch for function arguments of - mbedtls_gcm_finish(). Found by cmiatpaar. #602 - * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 - * Fix potential byte overread when verifying malformed SERVER_HELLO in - ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken. - * Fix check for validity of date when parsing in mbedtls_x509_get_time(). - Found by subramanyam-c. #626 - * Fix compatibility issue with Internet Explorer client authentication, - where the limited hash choices prevented the client from sending its - certificate. Found by teumas. #513 - * Fix compilation without MBEDTLS_SELF_TEST enabled. - -Changes - * Extended test coverage of special cases, and added new timing test suite. - * Removed self-tests from the basic-built-test.sh script, and added all - missing self-tests to the test suites, to ensure self-tests are only - executed once. - * Added support for 3 and 4 byte lengths to mbedtls_asn1_write_len(). - * Added support for a Yotta specific configuration file - - through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. - * Added optimization for code space for X.509/OID based on configured - features. Contributed by Aviv Palivoda. - * Renamed source file library/net.c to library/net_sockets.c to avoid - naming collision in projects which also have files with the common name - net.c. For consistency, the corresponding header file, net.h, is marked as - deprecated, and its contents moved to net_sockets.h. - * Changed the strategy for X.509 certificate parsing and validation, to no - longer disregard certificates with unrecognised fields. - -= mbed TLS 2.3.0 branch released 2016-06-28 - -Security - * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt - required by PKCS1 v2.2 - * Fix potential integer overflow to buffer overflow in - mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt - (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in - mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in - SSL/TLS. - -Features - * Support for platform abstraction of the standard C library time() - function. - -Bugfix - * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three - arguments where the same (in-place doubling). Found and fixed by Janos - Follath. #309 - * Fix potential build failures related to the 'apidoc' target, introduced - in the previous patch release. Found by Robert Scheck. #390 #391 - * Fix issue in Makefile that prevented building using armar. #386 - * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and - ECDSA was disabled in config.h . The leak didn't occur by default. - * Fix an issue that caused valid certificates to be rejected whenever an - expired or not yet valid certificate was parsed before a valid certificate - in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the - buffer after DER certificates to be included in the raw representation. - * Fix issue that caused a hang when generating RSA keys of odd bitlength - * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer - dereference possible. - * Fix issue that caused a crash if invalid curves were passed to - mbedtls_ssl_conf_curves. #373 - * Fix issue in ssl_fork_server which was preventing it from functioning. #429 - * Fix memory leaks in test framework - * Fix test in ssl-opt.sh that does not run properly with valgrind - * Fix unchecked calls to mmbedtls_md_setup(). Fix by Brian Murray. #502 - -Changes - * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, - don't use the optimized assembly for bignum multiplication. This removes - the need to pass -fomit-frame-pointer to avoid a build error with -O0. - * Disabled SSLv3 in the default configuration. - * Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey - Skalozub). - * Fix non-compliance server extension handling. Extensions for SSLv3 are now - ignored, as required by RFC6101. - -= mbed TLS 2.2.1 released 2016-01-05 - -Security - * Fix potential double free when mbedtls_asn1_store_named_data() fails to - allocate memory. Only used for certificate generation, not triggerable - remotely in SSL/TLS. Found by Rafał Przywara. #367 - * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the - SLOTH attack on TLS 1.2 server authentication (other attacks from the - SLOTH paper do not apply to any version of mbed TLS or PolarSSL). - https://www.mitls.org/pages/attacks/SLOTH - -Bugfix - * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362 - * Fix bug in certificate validation that caused valid chains to be rejected - when the first intermediate certificate has pathLenConstraint=0. Found by - Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280 - * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by - JayaraghavendranK. #372 - * Fix suboptimal handling of unexpected records that caused interop issues - with some peers over unreliable links. Avoid dropping an entire DTLS - datagram if a single record in a datagram is unexpected, instead only - drop the record and look at subsequent records (if any are present) in - the same datagram. Found by jeannotlapin. #345 - -= mbed TLS 2.2.0 released 2015-11-04 - -Security - * Fix potential double free if mbedtls_ssl_conf_psk() is called more than - once and some allocation fails. Cannot be forced remotely. Found by Guido - Vranken, Intelworks. - * Fix potential heap corruption on Windows when - mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be - triggered remotely. Found by Guido Vranken, Intelworks. - * Fix potential buffer overflow in some asn1_write_xxx() functions. - Cannot be triggered remotely unless you create X.509 certificates based - on untrusted input or write keys of untrusted origin. Found by Guido - Vranken, Intelworks. - * The X509 max_pathlen constraint was not enforced on intermediate - certificates. Found by Nicholas Wilson, fix and tests provided by - Janos Follath. #280 and #319 - -Features - * Experimental support for EC J-PAKE as defined in Thread 1.0.0. - Disabled by default as the specification might still change. - * Added a key extraction callback to accees the master secret and key - block. (Potential uses include EAP-TLS and Thread.) - -Bugfix - * Self-signed certificates were not excluded from pathlen counting, - resulting in some valid X.509 being incorrectly rejected. Found and fix - provided by Janos Follath. #319 - * Fix build error with configurations where ECDHE-PSK is the only key - exchange. Found and fix provided by Chris Hammond. #270 - * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or - ECHD-ECDSA if the only key exchange. Multiple reports. #310 - * Fixed a bug causing some handshakes to fail due to some non-fatal alerts - not being properly ignored. Found by mancha and Kasom Koht-arsa, #308 - * mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and - size/curve against the profile. Before that, there was no way to set a - minimum key size for end-entity certificates with RSA keys. Found by - Matthew Page of Scannex Electronics Ltd. - * Fix failures in MPI on Sparc(64) due to use of bad assembly code. - Found by Kurt Danielson. #292 - * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 - * Fix bug in ASN.1 encoding of booleans that caused generated CA - certificates to be rejected by some applications, including OS X - Keychain. Found and fixed by Jonathan Leroy, Inikup. - -Changes - * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1 - or -1. - -= mbed TLS 2.1.2 released 2015-10-06 - -Security - * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer - overflow of the hostname or session ticket. Found by Guido Vranken, - Intelworks. - * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than - once in the same handhake and mbedtls_ssl_conf_psk() was used. - Found and patch provided by Guido Vranken, Intelworks. Cannot be forced - remotely. - * Fix stack buffer overflow in pkcs12 decryption (used by - mbedtls_pk_parse_key(file)() when the password is > 129 bytes. - Found by Guido Vranken, Intelworks. Not triggerable remotely. - * Fix potential buffer overflow in mbedtls_mpi_read_string(). - Found by Guido Vranken, Intelworks. Not exploitable remotely in the context - of TLS, but might be in other uses. On 32 bit machines, requires reading a - string of close to or larger than 1GB to exploit; on 64 bit machines, would - require reading a string of close to or larger than 2^62 bytes. - * Fix potential random memory allocation in mbedtls_pem_read_buffer() - on crafted PEM input data. Found and fix provided by Guido Vranken, - Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you - accept PEM data from an untrusted source. - * Fix possible heap buffer overflow in base64_encoded() when the input - buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken, - Intelworks. Not trigerrable remotely in TLS. - * Fix potential double-free if mbedtls_conf_psk() is called repeatedly on - the same mbedtls_ssl_config object and memory allocation fails. Found by - Guido Vranken, Intelworks. Cannot be forced remotely. - * Fix potential heap buffer overflow in servers that perform client - authentication against a crafted CA cert. Cannot be triggered remotely - unless you allow third parties to pick trust CAs for client auth. - Found by Guido Vranken, Intelworks. - -Bugfix - * Fix compile error in net.c with musl libc. Found and patch provided by - zhasha (#278). - * Fix macroization of 'inline' keyword when building as C++. (#279) - -Changes - * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure - domain names are compliant with RFC 1035. - * Fixed paths for check_config.h in example config files. (Found by bachp) - (#291) - -= mbed TLS 2.1.1 released 2015-09-17 - -Security - * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 - signatures. (Found by Florian Weimer, Red Hat.) - https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ - * Fix possible client-side NULL pointer dereference (read) when the client - tries to continue the handshake after it failed (a misuse of the API). - (Found and patch provided by Fabian Foerg, Gotham Digital Science using - afl-fuzz.) - -Bugfix - * Fix warning when using a 64bit platform. (found by embedthis) (#275) - * Fix off-by-one error in parsing Supported Point Format extension that - caused some handshakes to fail. - -Changes - * Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow - use of mbedtls_x509_crt_profile_next. (found by NWilson) - * When a client initiates a reconnect from the same port as a live - connection, if cookie verification is available - (MBEDTLS_SSL_DTLS_HELLO_VERIFY defined in config.h, and usable cookie - callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be - detected and mbedtls_ssl_read() will return - MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new - handshake with the same context. (See RFC 6347 section 4.2.8.) - -= mbed TLS 2.1.0 released 2015-09-04 - -Features - * Added support for yotta as a build system. - * Primary open source license changed to Apache 2.0 license. - -Bugfix - * Fix segfault in the benchmark program when benchmarking DHM. - * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo - Leisink). - * Fix bug when parsing a ServerHello without extensions (found by David - Sears). - * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed - (found by Benoit Lecocq). - * Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be - installed (found by Rawi666). - * Fix compile error with armcc 5 with --gnu option. - * Fix bug in Makefile that caused programs not to be installed correctly - (found by robotanarchy) (#232). - * Fix bug in Makefile that prevented from installing without building the - tests (found by robotanarchy) (#232). - * Fix missing -static-libgcc when building shared libraries for Windows - with make. - * Fix link error when building shared libraries for Windows with make. - * Fix error when loading libmbedtls.so. - * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to - be always used (found by dcb314) (#235) - * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could - result trying to unlock an unlocked mutex on invalid input (found by - Fredrik Axelsson) (#257) - * Fix -Wshadow warnings (found by hnrkp) (#240) - * Fix memory corruption on client with overlong PSK identity, around - SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by - Aleksandrs Saveljevs) (#238) - * Fix unused function warning when using MBEDTLS_MDx_ALT or - MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) - * Fix memory corruption in pkey programs (found by yankuncheng) (#210) - -Changes - * The PEM parser now accepts a trailing space at end of lines (#226). - * It is now possible to #include a user-provided configuration file at the - end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the - compiler's command line. - * When verifying a certificate chain, if an intermediate certificate is - trusted, no later cert is checked. (suggested by hannes-landeholm) - (#220). - * Prepend a "thread identifier" to debug messages (issue pointed out by - Hugo Leisink) (#210). - * Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment - length. - -= mbed TLS 2.0.0 released 2015-07-13 - -Features - * Support for DTLS 1.0 and 1.2 (RFC 6347). - * Ability to override core functions from MDx, SHAx, AES and DES modules - with custom implementation (eg hardware accelerated), complementing the - ability to override the whole module. - * New server-side implementation of session tickets that rotate keys to - preserve forward secrecy, and allows sharing across multiple contexts. - * Added a concept of X.509 cerificate verification profile that controls - which algorithms and key sizes (curves for ECDSA) are acceptable. - * Expanded configurability of security parameters in the SSL module with - mbedtls_ssl_conf_dhm_min_bitlen() and mbedtls_ssl_conf_sig_hashes(). - * Introduced a concept of presets for SSL security-relevant configuration - parameters. - -API Changes - * The library has been split into libmbedcrypto, libmbedx509, libmbedtls. - You now need to link to all of them if you use TLS for example. - * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace. - Some names have been further changed to make them more consistent. - Migration helpers scripts/rename.pl and include/mbedtls/compat-1.3.h are - provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt - * Renamings of fields inside structures, not covered by the previous list: - mbedtls_cipher_info_t.key_length -> key_bitlen - mbedtls_cipher_context_t.key_length -> key_bitlen - mbedtls_ecp_curve_info.size -> bit_size - * Headers are now found in the 'mbedtls' directory (previously 'polarssl'). - * The following _init() functions that could return errors have - been split into an _init() that returns void and another function that - should generally be the first function called on this context after init: - mbedtls_ssl_init() -> mbedtls_ssl_setup() - mbedtls_ccm_init() -> mbedtls_ccm_setkey() - mbedtls_gcm_init() -> mbedtls_gcm_setkey() - mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)() - mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed() - Note that for mbedtls_ssl_setup(), you need to be done setting up the - ssl_config structure before calling it. - * Most ssl_set_xxx() functions (all except ssl_set_bio(), ssl_set_hostname(), - ssl_set_session() and ssl_set_client_transport_id(), plus - ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx() - (see rename.pl and compat-1.3.h above) and their first argument's type - changed from ssl_context to ssl_config. - * ssl_set_bio() changed signature (contexts merged, order switched, one - additional callback for read-with-timeout). - * The following functions have been introduced and must be used in callback - implementations (SNI, PSK) instead of their *conf counterparts: - mbedtls_ssl_set_hs_own_cert() - mbedtls_ssl_set_hs_ca_chain() - mbedtls_ssl_set_hs_psk() - * mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set - using mbedtls_ssl_set_hostname(). - * mbedtls_ssl_conf_session_cache() changed prototype (only one context - pointer, parameters reordered). - * On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in - place of mbedtls_ssl_conf_session_tickets() to enable session tickets. - * The SSL debug callback gained two new arguments (file name, line number). - * Debug modes were removed. - * mbedtls_ssl_conf_truncated_hmac() now returns void. - * mbedtls_memory_buffer_alloc_init() now returns void. - * X.509 verification flags are now an uint32_t. Affect the signature of: - mbedtls_ssl_get_verify_result() - mbedtls_x509_ctr_verify_info() - mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be updated) - mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated) - * The following functions changed prototype to avoid an in-out length - parameter: - mbedtls_base64_encode() - mbedtls_base64_decode() - mbedtls_mpi_write_string() - mbedtls_dhm_calc_secret() - * In the NET module, all "int" and "int *" arguments for file descriptors - changed type to "mbedtls_net_context *". - * net_accept() gained new arguments for the size of the client_ip buffer. - * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now - return void. - * ecdsa_write_signature() gained an additional md_alg argument and - ecdsa_write_signature_det() was deprecated. - * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. - * Last argument of x509_crt_check_key_usage() and - mbedtls_x509write_crt_set_key_usage() changed from int to unsigned. - * test_ca_list (from certs.h) is renamed to test_cas_pem and is only - available if POLARSSL_PEM_PARSE_C is defined (it never worked without). - * Test certificates in certs.c are no longer guaranteed to be nul-terminated - strings; use the new *_len variables instead of strlen(). - * Functions mbedtls_x509_xxx_parse(), mbedtls_pk_parse_key(), - mbedtls_pk_parse_public_key() and mbedtls_dhm_parse_dhm() now expect the - length parameter to include the terminating null byte for PEM input. - * Signature of mpi_mul_mpi() changed to make the last argument unsigned - * calloc() is now used instead of malloc() everywhere. API of platform - layer and the memory_buffer_alloc module changed accordingly. - (Thanks to Mansour Moufid for helping with the replacement.) - * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION - (support for renegotiation now needs explicit enabling in config.h). - * Split MBEDTLS_HAVE_TIME into MBEDTLS_HAVE_TIME and MBEDTLS_HAVE_TIME_DATE - in config.h - * net_connect() and net_bind() have a new 'proto' argument to choose - between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP. - Their 'port' argument type is changed to a string. - * Some constness fixes - -Removals - * Removed mbedtls_ecp_group_read_string(). Only named groups are supported. - * Removed mbedtls_ecp_sub() and mbedtls_ecp_add(), use - mbedtls_ecp_muladd(). - * Removed individual mdX_hmac, shaX_hmac, mdX_file and shaX_file functions - (use generic functions from md.h) - * Removed mbedtls_timing_msleep(). Use mbedtls_net_usleep() or a custom - waiting function. - * Removed test DHM parameters from the test certs module. - * Removed the PBKDF2 module (use PKCS5). - * Removed POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()). - * Removed compat-1.2.h (helper for migrating from 1.2 to 1.3). - * Removed openssl.h (very partial OpenSSL compatibility layer). - * Configuration options POLARSSL_HAVE_LONGLONG was removed (now always on). - * Configuration options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 have - been removed (compiler is required to support 32-bit operations). - * Configuration option POLARSSL_HAVE_IPV6 was removed (always enabled). - * Removed test program o_p_test, the script compat.sh does more. - * Removed test program ssl_test, superseded by ssl-opt.sh. - * Removed helper script active-config.pl - -New deprecations - * md_init_ctx() is deprecated in favour of md_setup(), that adds a third - argument (allowing memory savings if HMAC is not used) - -Semi-API changes (technically public, morally private) - * Renamed a few headers to include _internal in the name. Those headers are - not supposed to be included by users. - * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). - * Changed pk_info_t into an opaque structure. - * Changed cipher_base_t into an opaque structure. - * Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl. - * x509_crt.key_usage changed from unsigned char to unsigned int. - * Removed r and s from ecdsa_context - * Removed mode from des_context and des3_context - -Default behavior changes - * The default minimum TLS version is now TLS 1.0. - * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the - default ciphersuite list returned by ssl_list_ciphersuites() - * Support for receiving SSLv2 ClientHello is now disabled by default at - compile time. - * The default authmode for SSL/TLS clients is now REQUIRED. - * Support for RSA_ALT contexts in the PK layer is now optional. Since is is - enabled in the default configuration, this is only noticeable if using a - custom config.h - * Default DHM parameters server-side upgraded from 1024 to 2048 bits. - * A minimum RSA key size of 2048 bits is now enforced during ceritificate - chain verification. - * Negotiation of truncated HMAC is now disabled by default on server too. - * The following functions are now case-sensitive: - mbedtls_cipher_info_from_string() - mbedtls_ecp_curve_info_from_name() - mbedtls_md_info_from_string() - mbedtls_ssl_ciphersuite_from_string() - mbedtls_version_check_feature() - -Requirement changes - * The minimum MSVC version required is now 2010 (better C99 support). - * The NET layer now unconditionnaly relies on getaddrinfo() and select(). - * Compiler is required to support C99 types such as long long and uint32_t. - -API changes from the 1.4 preview branch - * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with - new prototype, and mbedtls_ssl_set_read_timeout(). - * The following functions now return void: - mbedtls_ssl_conf_transport() - mbedtls_ssl_conf_max_version() - mbedtls_ssl_conf_min_version() - * DTLS no longer hard-depends on TIMING_C, but uses a callback interface - instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing - an example implementation, see mbedtls_timing_delay_context and - mbedtls_timing_set/get_delay(). - * With UDP sockets, it is no longer necessary to call net_bind() again - after a successful net_accept(). - -Changes - * mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now - thread-safe if MBEDTLS_THREADING_C is enabled. - * Reduced ROM fooprint of SHA-256 and added an option to reduce it even - more (at the expense of performance) MBEDTLS_SHA256_SMALLER. - -= mbed TLS 1.3 branch - -Security - * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and - extendedKeyUsage on the leaf certificate was lost (results not accessible - via ssl_get_verify_results()). - * Add countermeasure against "Lucky 13 strikes back" cache-based attack, - https://dl.acm.org/citation.cfm?id=2714625 - -Features - * Improve ECC performance by using more efficient doubling formulas - (contributed by Peter Dettman). - * Add x509_crt_verify_info() to display certificate verification results. - * Add support for reading DH parameters with privateValueLength included - (contributed by Daniel Kahn Gillmor). - * Add support for bit strings in X.509 names (request by Fredrik Axelsson). - * Add support for id-at-uniqueIdentifier in X.509 names. - * Add support for overriding snprintf() (except on Windows) and exit() in - the platform layer. - * Add an option to use macros instead of function pointers in the platform - layer (helps get rid of unwanted references). - * Improved Makefiles for Windows targets by fixing library targets and making - cross-compilation easier (thanks to Alon Bar-Lev). - * The benchmark program also prints heap usage for public-key primitives - if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined. - * New script ecc-heap.sh helps measuring the impact of ECC parameters on - speed and RAM (heap only for now) usage. - * New script memory.sh helps measuring the ROM and RAM requirements of two - reduced configurations (PSK-CCM and NSA suite B). - * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce - warnings on use of deprecated functions (with GCC and Clang only). - * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce - errors on use of deprecated functions. - -Bugfix - * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS. - * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara). - * Fix bug in entropy.c when THREADING_C is also enabled that caused - entropy_free() to crash (thanks to Rafał Przywara). - * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than - once on the same context. - * Fix bug in ssl_mail_client when password is longer that username (found - by Bruno Pape). - * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules - (detected by Clang's 3.6 UBSan). - * mpi_size() and mpi_msb() would segfault when called on an mpi that is - initialized but not set (found by pravic). - * Fix detection of support for getrandom() on Linux (reported by syzzer) by - doing it at runtime (using uname) rather that compile time. - * Fix handling of symlinks by "make install" (found by Gaël PORTAY). - * Fix potential NULL pointer dereference (not trigerrable remotely) when - ssl_write() is called before the handshake is finished (introduced in - 1.3.10) (first reported by Martin Blumenstingl). - * Fix bug in pk_parse_key() that caused some valid private EC keys to be - rejected. - * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). - * Fix thread safety bug in RSA operations (found by Fredrik Axelsson). - * Fix hardclock() (only used in the benchmarking program) with some - versions of mingw64 (found by kxjhlele). - * Fix warnings from mingw64 in timing.c (found by kxjklele). - * Fix potential unintended sign extension in asn1_get_len() on 64-bit - platforms. - * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid). - * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and - POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced - in 1.3.10). - * Add missing extern "C" guard in aesni.h (reported by amir zamani). - * Add missing dependency on SHA-256 in some x509 programs (reported by - Gergely Budai). - * Fix bug related to ssl_set_curves(): the client didn't check that the - curve picked by the server was actually allowed. - -Changes - * Remove bias in mpi_gen_prime (contributed by Pascal Junod). - * Remove potential sources of timing variations (some contributed by Pascal - Junod). - * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated. - * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated. - * compat-1.2.h and openssl.h are deprecated. - * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now - more flexible (warning: OFLAGS is not used any more) (see the README) - (contributed by Alon Bar-Lev). - * ssl_set_own_cert() no longer calls pk_check_pair() since the - performance impact was bad for some users (this was introduced in 1.3.10). - * Move from SHA-1 to SHA-256 in example programs using signatures - (suggested by Thorsten Mühlfelder). - * Remove some unneeded inclusions of header files from the standard library - "minimize" others (eg use stddef.h if only size_t is needed). - * Change #include lines in test files to use double quotes instead of angle - brackets for uniformity with the rest of the code. - * Remove dependency on sscanf() in X.509 parsing modules. - -= mbed TLS 1.3.10 released 2015-02-09 -Security - * NULL pointer dereference in the buffer-based allocator when the buffer is - full and polarssl_free() is called (found by Mark Hasemeyer) - (only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is - not by default). - * Fix remotely-triggerable uninitialised pointer dereference caused by - crafted X.509 certificate (TLS server is not affected if it doesn't ask for a - client certificate) (found using Codenomicon Defensics). - * Fix remotely-triggerable memory leak caused by crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Fix potential stack overflow while parsing crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Fix timing difference that could theoretically lead to a - Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges - (reported by Sebastian Schinzel). - -Features - * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv). - * Add support for Extended Master Secret (draft-ietf-tls-session-hash). - * Add support for Encrypt-then-MAC (RFC 7366). - * Add function pk_check_pair() to test if public and private keys match. - * Add x509_crl_parse_der(). - * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the - length of an X.509 verification chain. - * Support for renegotiation can now be disabled at compile-time - * Support for 1/n-1 record splitting, a countermeasure against BEAST. - * Certificate selection based on signature hash, preferring SHA-1 over SHA-2 - for pre-1.2 clients when multiple certificates are available. - * Add support for getrandom() syscall on recent Linux kernels with Glibc or - a compatible enough libc (eg uClibc). - * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime - while using the default ciphersuite list. - * Added new error codes and debug messages about selection of - ciphersuite/certificate. - -Bugfix - * Stack buffer overflow if ctr_drbg_update() is called with too large - add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). - * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE - if memory_buffer_alloc_init() was called with buf not aligned and len not - a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely). - * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found - by Julian Ospald). - * Fix potential undefined behaviour in Camellia. - * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a - multiple of 8 (found by Gergely Budai). - * Fix unchecked return code in x509_crt_parse_path() on Windows (found by - Peter Vaskovic). - * Fix assembly selection for MIPS64 (thanks to James Cowgill). - * ssl_get_verify_result() now works even if the handshake was aborted due - to a failed verification (found by Fredrik Axelsson). - * Skip writing and parsing signature_algorithm extension if none of the - key exchanges enabled needs certificates. This fixes a possible interop - issue with some servers when a zero-length extension was sent. (Reported - by Peter Dettman.) - * On a 0-length input, base64_encode() did not correctly set output length - (found by Hendrik van den Boogaard). - -Changes - * Use deterministic nonces for AEAD ciphers in TLS by default (possible to - switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). - * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. - * ssl_set_own_cert() now returns an error on key-certificate mismatch. - * Forbid repeated extensions in X.509 certificates. - * debug_print_buf() now prints a text view in addition to hexadecimal. - * A specific error is now returned when there are ciphersuites in common - but none of them is usable due to external factors such as no certificate - with a suitable (extended)KeyUsage or curve or no PSK set. - * It is now possible to disable negotiation of truncated HMAC server-side - at runtime with ssl_set_truncated_hmac(). - * Example programs for SSL client and server now disable SSLv3 by default. - * Example programs for SSL client and server now disable RC4 by default. - * Use platform.h in all test suites and programs. - -= PolarSSL 1.3.9 released 2014-10-20 -Security - * Lowest common hash was selected from signature_algorithms extension in - TLS 1.2 (found by Darren Bane) (introduced in 1.3.8). - * Remotely-triggerable memory leak when parsing some X.509 certificates - (server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Remotely-triggerable memory leak when parsing crafted ClientHello - (not affected if ECC support was compiled out) (found using Codenomicon - Defensics). - -Bugfix - * Support escaping of commas in x509_string_to_names() - * Fix compile error in ssl_pthread_server (found by Julian Ospald). - * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce). - * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel). - * Fix warnings from Clang's scan-build (contributed by Alfred Klomp). - * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST - are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito). - * Remove non-existent file from VS projects (found by Peter Vaskovic). - * ssl_read() could return non-application data records on server while - renegotation was pending, and on client when a HelloRequest was received. - * Server-initiated renegotiation would fail with non-blocking I/O if the - write callback returned WANT_WRITE when requesting renegotiation. - * ssl_close_notify() could send more than one message in some circumstances - with non-blocking I/O. - * Fix compiler warnings on iOS (found by Sander Niemeijer). - * x509_crt_parse() did not increase total_failed on PEM error - * Fix compile error with armcc in mpi_is_prime() - * Fix potential bad read in parsing ServerHello (found by Adrien - Vialletelle). - -Changes - * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no - standard defining how to use SHA-2 with SSL 3.0). - * Ciphersuites using RSA-PSK key exchange new require TLS 1.x (the spec is - ambiguous on how to encode some packets with SSL 3.0). - * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if - RSA is disabled, larger if POLARSSL_MPI_MAX_SIZE is larger. - * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than - POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts. - * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits - RSA keys. - * Accept spaces at end of line or end of buffer in base64_decode(). - * X.509 certificates with more than one AttributeTypeAndValue per - RelativeDistinguishedName are not accepted any more. - -= PolarSSL 1.3.8 released 2014-07-11 -Security - * Fix length checking for AEAD ciphersuites (found by Codenomicon). - It was possible to crash the server (and client) using crafted messages - when a GCM suite was chosen. - -Features - * Add CCM module and cipher mode to Cipher Layer - * Support for CCM and CCM_8 ciphersuites - * Support for parsing and verifying RSASSA-PSS signatures in the X.509 - modules (certificates, CRLs and CSRs). - * Blowfish in the cipher layer now supports variable length keys. - * Add example config.h for PSK with CCM, optimized for low RAM usage. - * Optimize for RAM usage in example config.h for NSA Suite B profile. - * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites - from the default list (inactive by default). - * Add server-side enforcement of sent renegotiation requests - (ssl_set_renegotiation_enforced()) - * Add SSL_CIPHERSUITES config.h flag to allow specifying a list of - ciphersuites to use and save some memory if the list is small. - -Changes - * Add LINK_WITH_PTHREAD option in CMake for explicit linking that is - required on some platforms (e.g. OpenBSD) - * Migrate zeroizing of data to polarssl_zeroize() instead of memset() - against unwanted compiler optimizations - * md_list() now returns hashes strongest first - * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks - strongest offered by client. - * All public contexts have _init() and _free() functions now for simpler - usage pattern - -Bugfix - * Fix in debug_print_msg() - * Enforce alignment in the buffer allocator even if buffer is not aligned - * Remove less-than-zero checks on unsigned numbers - * Stricter check on SSL ClientHello internal sizes compared to actual packet - size (found by TrustInSoft) - * Fix WSAStartup() return value check (found by Peter Vaskovic) - * Other minor issues (found by Peter Vaskovic) - * Fix symlink command for cross compiling with CMake (found by Andre - Heinecke) - * Fix DER output of gen_key app (found by Gergely Budai) - * Very small records were incorrectly rejected when truncated HMAC was in - use with some ciphersuites and versions (RC4 in all versions, CBC with - versions < TLS 1.1). - * Very large records using more than 224 bytes of padding were incorrectly - rejected with CBC-based ciphersuites and TLS >= 1.1 - * Very large records using less padding could cause a buffer overread of up - to 32 bytes with CBC-based ciphersuites and TLS >= 1.1 - * Restore ability to use a v1 cert as a CA if trusted locally. (This had - been removed in 1.3.6.) - * Restore ability to locally trust a self-signed cert that is not a proper - CA for use as an end entity certificate. (This had been removed in - 1.3.6.) - * Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan). - * Use \n\t rather than semicolons for bn_mul asm, since some assemblers - interpret semicolons as comment delimiters (found by Barry K. Nathan). - * Fix off-by-one error in parsing Supported Point Format extension that - caused some handshakes to fail. - * Fix possible miscomputation of the premaster secret with DHE-PSK key - exchange that caused some handshakes to fail with other implementations. - (Failure rate <= 1/255 with common DHM moduli.) - * Disable broken Sparc64 bn_mul assembly (found by Florian Obser). - * Fix base64_decode() to return and check length correctly (in case of - tight buffers) - * Fix mpi_write_string() to write "00" as hex output for empty MPI (found - by Hui Dong) - -= PolarSSL 1.3.7 released on 2014-05-02 -Features - * debug_set_log_mode() added to determine raw or full logging - * debug_set_threshold() added to ignore messages over threshold level - * version_check_feature() added to check for compile-time options at - run-time - -Changes - * POLARSSL_CONFIG_OPTIONS has been removed. All values are individually - checked and filled in the relevant module headers - * Debug module only outputs full lines instead of parts - * Better support for the different Attribute Types from IETF PKIX (RFC 5280) - * AES-NI now compiles with "old" assemblers too - * Ciphersuites based on RC4 now have the lowest priority by default - -Bugfix - * Only iterate over actual certificates in ssl_write_certificate_request() - (found by Matthew Page) - * Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan - Karger) - * cert_write app should use subject of issuer certificate as issuer of cert - * Fix false reject in padding check in ssl_decrypt_buf() for CBC - ciphersuites, for full SSL frames of data. - * Improve interoperability by not writing extension length in ClientHello / - ServerHello when no extensions are present (found by Matthew Page) - * rsa_check_pubkey() now allows an E up to N - * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings - * mpi_fill_random() was creating numbers larger than requested on - big-endian platform when size was not an integer number of limbs - * Fix dependencies issues in X.509 test suite. - * Some parts of ssl_tls.c were compiled even when the module was disabled. - * Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer) - * Fix detection of Clang on some Apple platforms with CMake - (found by Barry K. Nathan) - -= PolarSSL 1.3.6 released on 2014-04-11 - -Features - * Support for the ALPN SSL extension - * Add option 'use_dev_random' to gen_key application - * Enable verification of the keyUsage extension for CA and leaf - certificates (POLARSSL_X509_CHECK_KEY_USAGE) - * Enable verification of the extendedKeyUsage extension - (POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) - -Changes - * x509_crt_info() now prints information about parsed extensions as well - * pk_verify() now returns a specific error code when the signature is valid - but shorter than the supplied length. - * Use UTC time to check certificate validity. - * Reject certificates with times not in UTC, per RFC 5280. - -Security - * Avoid potential timing leak in ecdsa_sign() by blinding modular division. - (Found by Watson Ladd.) - * The notAfter date of some certificates was no longer checked since 1.3.5. - This affects certificates in the user-supplied chain except the top - certificate. If the user-supplied chain contains only one certificates, - it is not affected (ie, its notAfter date is properly checked). - * Prevent potential NULL pointer dereference in ssl_read_record() (found by - TrustInSoft) - -Bugfix - * The length of various ClientKeyExchange messages was not properly checked. - * Some example server programs were not sending the close_notify alert. - * Potential memory leak in mpi_exp_mod() when error occurs during - calculation of RR. - * Fixed malloc/free default #define in platform.c (found by Gergely Budai). - * Fixed type which made POLARSSL_ENTROPY_FORCE_SHA256 uneffective (found by - Gergely Budai). - * Fix #include path in ecdsa.h which wasn't accepted by some compilers. - (found by Gergely Budai) - * Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by - Shuo Chen). - * oid_get_numeric_string() used to truncate the output without returning an - error if the output buffer was just 1 byte too small. - * dhm_parse_dhm() (hence dhm_parse_dhmfile()) did not set dhm->len. - * Calling pk_debug() on an RSA-alt key would segfault. - * pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys. - * Potential buffer overwrite in pem_write_buffer() because of low length - indication (found by Thijs Alkemade) - * EC curves constants, which should be only in ROM since 1.3.3, were also - stored in RAM due to missing 'const's (found by Gergely Budai). - -= PolarSSL 1.3.5 released on 2014-03-26 -Features - * HMAC-DRBG as a separate module - * Option to set the Curve preference order (disabled by default) - * Single Platform compatilibity layer (for memory / printf / fprintf) - * Ability to provide alternate timing implementation - * Ability to force the entropy module to use SHA-256 as its basis - (POLARSSL_ENTROPY_FORCE_SHA256) - * Testing script ssl-opt.sh added for testing 'live' ssl option - interoperability against OpenSSL and PolarSSL - * Support for reading EC keys that use SpecifiedECDomain in some cases. - * Entropy module now supports seed writing and reading - -Changes - * Deprecated the Memory layer - * entropy_add_source(), entropy_update_manual() and entropy_gather() - now thread-safe if POLARSSL_THREADING_C defined - * Improvements to the CMake build system, contributed by Julian Ospald. - * Work around a bug of the version of Clang shipped by Apple with Mavericks - that prevented bignum.c from compiling. (Reported by Rafael Baptista.) - * Revamped the compat.sh interoperatibility script to include support for - testing against GnuTLS - * Deprecated ssl_set_own_cert_rsa() and ssl_set_own_cert_rsa_alt() - * Improvements to tests/Makefile, contributed by Oden Eriksson. - -Security - * Forbid change of server certificate during renegotiation to prevent - "triple handshake" attack when authentication mode is 'optional' (the - attack was already impossible when authentication is required). - * Check notBefore timestamp of certificates and CRLs from the future. - * Forbid sequence number wrapping - * Fixed possible buffer overflow with overlong PSK - * Possible remotely-triggered out-of-bounds memory access fixed (found by - TrustInSoft) - -Bugfix - * ecp_gen_keypair() does more tries to prevent failure because of - statistics - * Fixed bug in RSA PKCS#1 v1.5 "reversed" operations - * Fixed testing with out-of-source builds using cmake - * Fixed version-major intolerance in server - * Fixed CMake symlinking on out-of-source builds - * Fixed dependency issues in test suite - * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0 - * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by - Alex Wilson.) - * ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled. - * m_sleep() was sleeping twice too long on most Unix platforms. - * Fixed bug with session tickets and non-blocking I/O in the unlikely case - send() would return an EAGAIN error when sending the ticket. - * ssl_cache was leaking memory when reusing a timed out entry containing a - client certificate. - * ssl_srv was leaking memory when client presented a timed out ticket - containing a client certificate - * ssl_init() was leaving a dirty pointer in ssl_context if malloc of - out_ctr failed - * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc - of one of them failed - * Fix typo in rsa_copy() that impacted PKCS#1 v2 contexts - * x509_get_current_time() uses localtime_r() to prevent thread issues - -= PolarSSL 1.3.4 released on 2014-01-27 -Features - * Support for the Koblitz curves: secp192k1, secp224k1, secp256k1 - * Support for RIPEMD-160 - * Support for AES CFB8 mode - * Support for deterministic ECDSA (RFC 6979) - -Bugfix - * Potential memory leak in bignum_selftest() - * Replaced expired test certificate - * ssl_mail_client now terminates lines with CRLF, instead of LF - * net module handles timeouts on blocking sockets better (found by Tilman - Sauerbeck) - * Assembly format fixes in bn_mul.h - -Security - * Missing MPI_CHK calls added around unguarded mpi calls (found by - TrustInSoft) - -= PolarSSL 1.3.3 released on 2013-12-31 -Features - * EC key generation support in gen_key app - * Support for adhering to client ciphersuite order preference - (POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - * Support for Curve25519 - * Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites - * Support for IPv6 in the NET module - * AES-NI support for AES, AES-GCM and AES key scheduling - * SSL Pthread-based server example added (ssl_pthread_server) - -Changes - * gen_prime() speedup - * Speedup of ECP multiplication operation - * Relaxed some SHA2 ciphersuite's version requirements - * Dropped use of readdir_r() instead of readdir() with threading support - * More constant-time checks in the RSA module - * Split off curves from ecp.c into ecp_curves.c - * Curves are now stored fully in ROM - * Memory usage optimizations in ECP module - * Removed POLARSSL_THREADING_DUMMY - -Bugfix - * Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int - * Fixed X.509 hostname comparison (with non-regular characters) - * SSL now gracefully handles missing RNG - * Missing defines / cases for RSA_PSK key exchange - * crypt_and_hash app checks MAC before final decryption - * Potential memory leak in ssl_ticket_keys_init() - * Memory leak in benchmark application - * Fixed x509_crt_parse_path() bug on Windows platforms - * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by - TrustInSoft) - * Fixed potential overflow in certificate size verification in - ssl_write_certificate() (found by TrustInSoft) - -Security - * Possible remotely-triggered out-of-bounds memory access fixed (found by - TrustInSoft) - -= PolarSSL 1.3.2 released on 2013-11-04 -Features - * PK tests added to test framework - * Added optional optimization for NIST MODP curves (POLARSSL_ECP_NIST_OPTIM) - * Support for Camellia-GCM mode and ciphersuites - -Changes - * Padding checks in cipher layer are now constant-time - * Value comparisons in SSL layer are now constant-time - * Support for serialNumber, postalAddress and postalCode in X509 names - * SSL Renegotiation was refactored - -Bugfix - * More stringent checks in cipher layer - * Server does not send out extensions not advertised by client - * Prevent possible alignment warnings on casting from char * to 'aligned *' - * Misc fixes and additions to dependency checks - * Const correctness - * cert_write with selfsign should use issuer_name as subject_name - * Fix ECDSA corner case: missing reduction mod N (found by DualTachyon) - * Defines to handle UEFI environment under MSVC - * Server-side initiated renegotiations send HelloRequest - -= PolarSSL 1.3.1 released on 2013-10-15 -Features - * Support for Brainpool curves and TLS ciphersuites (RFC 7027) - * Support for ECDHE-PSK key-exchange and ciphersuites - * Support for RSA-PSK key-exchange and ciphersuites - -Changes - * RSA blinding locks for a smaller amount of time - * TLS compression only allocates working buffer once - * Introduced POLARSSL_HAVE_READDIR_R for systems without it - * config.h is more script-friendly - -Bugfix - * Missing MSVC defines added - * Compile errors with POLARSSL_RSA_NO_CRT - * Header files with 'polarssl/' - * Const correctness - * Possible naming collision in dhm_context - * Better support for MSVC - * threading_set_alt() name - * Added missing x509write_crt_set_version() - -= PolarSSL 1.3.0 released on 2013-10-01 -Features - * Elliptic Curve Cryptography module added - * Elliptic Curve Diffie Hellman module added - * Ephemeral Elliptic Curve Diffie Hellman support for SSL/TLS - (ECDHE-based ciphersuites) - * Ephemeral Elliptic Curve Digital Signature Algorithm support for SSL/TLS - (ECDSA-based ciphersuites) - * Ability to specify allowed ciphersuites based on the protocol version. - * PSK and DHE-PSK based ciphersuites added - * Memory allocation abstraction layer added - * Buffer-based memory allocator added (no malloc() / free() / HEAP usage) - * Threading abstraction layer added (dummy / pthread / alternate) - * Public Key abstraction layer added - * Parsing Elliptic Curve keys - * Parsing Elliptic Curve certificates - * Support for max_fragment_length extension (RFC 6066) - * Support for truncated_hmac extension (RFC 6066) - * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros - (ISO/IEC 7816-4) padding and zero padding in the cipher layer - * Support for session tickets (RFC 5077) - * Certificate Request (CSR) generation with extensions (key_usage, - ns_cert_type) - * X509 Certificate writing with extensions (basic_constraints, - issuer_key_identifier, etc) - * Optional blinding for RSA, DHM and EC - * Support for multiple active certificate / key pairs in SSL servers for - the same host (Not to be confused with SNI!) - -Changes - * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 - individually - * Introduced separate SSL Ciphersuites module that is based on - Cipher and MD information - * Internals for SSL module adapted to have separate IV pointer that is - dynamically set (Better support for hardware acceleration) - * Moved all OID functionality to a separate module. RSA function - prototypes for the RSA sign and verify functions changed as a result - * Split up the GCM module into a starts/update/finish cycle - * Client and server now filter sent and accepted ciphersuites on minimum - and maximum protocol version - * Ability to disable server_name extension (RFC 6066) - * Renamed error_strerror() to the less conflicting polarssl_strerror() - (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC) - * SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly - * All RSA operations require a random generator for blinding purposes - * X509 core refactored - * x509_crt_verify() now case insensitive for cn (RFC 6125 6.4) - * Also compiles / runs without time-based functions (!POLARSSL_HAVE_TIME) - * Support faulty X509 v1 certificates with extensions - (POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3) - -Bugfix - * Fixed parse error in ssl_parse_certificate_request() - * zlib compression/decompression skipped on empty blocks - * Support for AIX header locations in net.c module - * Fixed file descriptor leaks - -Security - * RSA blinding on CRT operations to counter timing attacks - (found by Cyril Arnaud and Pierre-Alain Fouque) - - -= Version 1.2.14 released 2015-05-?? - -Security - * Fix potential invalid memory read in the server, that allows a client to - crash it remotely (found by Caj Larsson). - * Fix potential invalid memory read in certificate parsing, that allows a - client to crash the server remotely if client authentication is enabled - (found using Codenomicon Defensics). - * Add countermeasure against "Lucky 13 strikes back" cache-based attack, - https://dl.acm.org/citation.cfm?id=2714625 - -Bugfix - * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). - * Fix hardclock() (only used in the benchmarking program) with some - versions of mingw64 (found by kxjhlele). - * Fix warnings from mingw64 in timing.c (found by kxjklele). - * Fix potential unintended sign extension in asn1_get_len() on 64-bit - platforms (found with Coverity Scan). - -= Version 1.2.13 released 2015-02-16 -Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting - this will be made in the 1.2 branch at this point. - -Security - * Fix remotely-triggerable uninitialised pointer dereference caused by - crafted X.509 certificate (TLS server is not affected if it doesn't ask - for a client certificate) (found using Codenomicon Defensics). - * Fix remotely-triggerable memory leak caused by crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Fix potential stack overflow while parsing crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - found using Codenomicon Defensics). - * Fix buffer overread of size 1 when parsing crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate). - -Bugfix - * Fix potential undefined behaviour in Camellia. - * Fix memory leaks in PKCS#5 and PKCS#12. - * Stack buffer overflow if ctr_drbg_update() is called with too large - add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). - * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced - in 1.2.12). - * Fix unchecked return code in x509_crt_parse_path() on Windows (found by - Peter Vaskovic). - * Fix assembly selection for MIPS64 (thanks to James Cowgill). - * ssl_get_verify_result() now works even if the handshake was aborted due - to a failed verification (found by Fredrik Axelsson). - * Skip writing and parsing signature_algorithm extension if none of the - key exchanges enabled needs certificates. This fixes a possible interop - issue with some servers when a zero-length extension was sent. (Reported - by Peter Dettman.) - * On a 0-length input, base64_encode() did not correctly set output length - (found by Hendrik van den Boogaard). - -Changes - * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. - * Forbid repeated extensions in X.509 certificates. - * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the - length of an X.509 verification chain (default = 8). -= Version 1.2.12 released 2014-10-24 - -Security - * Remotely-triggerable memory leak when parsing some X.509 certificates - (server is not affected if it doesn't ask for a client certificate). - (Found using Codenomicon Defensics.) - -Bugfix - * Fix potential bad read in parsing ServerHello (found by Adrien - Vialletelle). - * ssl_close_notify() could send more than one message in some circumstances - with non-blocking I/O. - * x509_crt_parse() did not increase total_failed on PEM error - * Fix compiler warnings on iOS (found by Sander Niemeijer). - * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel). - * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce). - * ssl_read() could return non-application data records on server while - renegotation was pending, and on client when a HelloRequest was received. - * Fix warnings from Clang's scan-build (contributed by Alfred Klomp). - -Changes - * X.509 certificates with more than one AttributeTypeAndValue per - RelativeDistinguishedName are not accepted any more. - * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than - POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts. - * Accept spaces at end of line or end of buffer in base64_decode(). - -= Version 1.2.11 released 2014-07-11 -Features - * Entropy module now supports seed writing and reading - -Changes - * Introduced POLARSSL_HAVE_READDIR_R for systems without it - * Improvements to the CMake build system, contributed by Julian Ospald. - * Work around a bug of the version of Clang shipped by Apple with Mavericks - that prevented bignum.c from compiling. (Reported by Rafael Baptista.) - * Improvements to tests/Makefile, contributed by Oden Eriksson. - * Use UTC time to check certificate validity. - * Reject certificates with times not in UTC, per RFC 5280. - * Migrate zeroizing of data to polarssl_zeroize() instead of memset() - against unwanted compiler optimizations - -Security - * Forbid change of server certificate during renegotiation to prevent - "triple handshake" attack when authentication mode is optional (the - attack was already impossible when authentication is required). - * Check notBefore timestamp of certificates and CRLs from the future. - * Forbid sequence number wrapping - * Prevent potential NULL pointer dereference in ssl_read_record() (found by - TrustInSoft) - * Fix length checking for AEAD ciphersuites (found by Codenomicon). - It was possible to crash the server (and client) using crafted messages - when a GCM suite was chosen. - -Bugfix - * Fixed X.509 hostname comparison (with non-regular characters) - * SSL now gracefully handles missing RNG - * crypt_and_hash app checks MAC before final decryption - * Fixed x509_crt_parse_path() bug on Windows platforms - * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by - TrustInSoft) - * Fixed potential overflow in certificate size verification in - ssl_write_certificate() (found by TrustInSoft) - * Fix ASM format in bn_mul.h - * Potential memory leak in bignum_selftest() - * Replaced expired test certificate - * ssl_mail_client now terminates lines with CRLF, instead of LF - * Fix bug in RSA PKCS#1 v1.5 "reversed" operations - * Fixed testing with out-of-source builds using cmake - * Fixed version-major intolerance in server - * Fixed CMake symlinking on out-of-source builds - * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by - Alex Wilson.) - * ssl_init() was leaving a dirty pointer in ssl_context if malloc of - out_ctr failed - * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc - of one of them failed - * x509_get_current_time() uses localtime_r() to prevent thread issues - * Some example server programs were not sending the close_notify alert. - * Potential memory leak in mpi_exp_mod() when error occurs during - calculation of RR. - * Improve interoperability by not writing extension length in ClientHello - when no extensions are present (found by Matthew Page) - * rsa_check_pubkey() now allows an E up to N - * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings - * mpi_fill_random() was creating numbers larger than requested on - big-endian platform when size was not an integer number of limbs - * Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer) - * Stricter check on SSL ClientHello internal sizes compared to actual packet - size (found by TrustInSoft) - * Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan). - * Use \n\t rather than semicolons for bn_mul asm, since some assemblers - interpret semicolons as comment delimiters (found by Barry K. Nathan). - * Disable broken Sparc64 bn_mul assembly (found by Florian Obser). - * Fix base64_decode() to return and check length correctly (in case of - tight buffers) - -= Version 1.2.10 released 2013-10-07 -Changes - * Changed RSA blinding to a slower but thread-safe version - -Bugfix - * Fixed memory leak in RSA as a result of introduction of blinding - * Fixed ssl_pkcs11_decrypt() prototype - * Fixed MSVC project files - -= Version 1.2.9 released 2013-10-01 -Changes - * x509_verify() now case insensitive for cn (RFC 6125 6.4) - -Bugfix - * Fixed potential memory leak when failing to resume a session - * Fixed potential file descriptor leaks (found by Remi Gacogne) - * Minor fixes - -Security - * Fixed potential heap buffer overflow on large hostname setting - * Fixed potential negative value misinterpretation in load_file() - * RSA blinding on CRT operations to counter timing attacks - (found by Cyril Arnaud and Pierre-Alain Fouque) - -= Version 1.2.8 released 2013-06-19 -Features - * Parsing of PKCS#8 encrypted private key files - * PKCS#12 PBE and derivation functions - * Centralized module option values in config.h to allow user-defined - settings without editing header files by using POLARSSL_CONFIG_OPTIONS - -Changes - * HAVEGE random generator disabled by default - * Internally split up x509parse_key() into a (PEM) handler function - and specific DER parser functions for the PKCS#1 and unencrypted - PKCS#8 private key formats - * Added mechanism to provide alternative implementations for all - symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in - config.h) - * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated - old PBKDF2 module - -Bugfix - * Secure renegotiation extension should only be sent in case client - supports secure renegotiation - * Fixed offset for cert_type list in ssl_parse_certificate_request() - * Fixed const correctness issues that have no impact on the ABI - * x509parse_crt() now better handles PEM error situations - * ssl_parse_certificate() now calls x509parse_crt_der() directly - instead of the x509parse_crt() wrapper that can also parse PEM - certificates - * x509parse_crtpath() is now reentrant and uses more portable stat() - * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler - * Fixed values for 2-key Triple DES in cipher layer - * ssl_write_certificate_request() can handle empty ca_chain - -Security - * A possible DoS during the SSL Handshake, due to faulty parsing of - PEM-encoded certificates has been fixed (found by Jack Lloyd) - -= Version 1.2.7 released 2013-04-13 -Features - * Ability to specify allowed ciphersuites based on the protocol version. - -Changes - * Default Blowfish keysize is now 128-bits - * Test suites made smaller to accommodate Raspberry Pi - -Bugfix - * Fix for MPI assembly for ARM - * GCM adapted to support sizes > 2^29 - -= Version 1.2.6 released 2013-03-11 -Bugfix - * Fixed memory leak in ssl_free() and ssl_reset() for active session - * Corrected GCM counter incrementation to use only 32-bits instead of - 128-bits (found by Yawning Angel) - * Fixes for 64-bit compilation with MS Visual Studio - * Fixed net_bind() for specified IP addresses on little endian systems - * Fixed assembly code for ARM (Thumb and regular) for some compilers - -Changes - * Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(), - rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and - PKCS#1 v2.1 functions - * Added support for custom labels when using rsa_rsaes_oaep_encrypt() - or rsa_rsaes_oaep_decrypt() - * Re-added handling for SSLv2 Client Hello when the define - POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set - * The SSL session cache module (ssl_cache) now also retains peer_cert - information (not the entire chain) - -Security - * Removed further timing differences during SSL message decryption in - ssl_decrypt_buf() - * Removed timing differences due to bad padding from - rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 - operations - -= Version 1.2.5 released 2013-02-02 -Changes - * Allow enabling of dummy error_strerror() to support some use-cases - * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL - * Sending of security-relevant alert messages that do not break - interoperability can be switched on/off with the flag - POLARSSL_SSL_ALL_ALERT_MESSAGES - -Security - * Removed timing differences during SSL message decryption in - ssl_decrypt_buf() due to badly formatted padding - -= Version 1.2.4 released 2013-01-25 -Changes - * More advanced SSL ciphersuite representation and moved to more dynamic - SSL core - * Added ssl_handshake_step() to allow single stepping the handshake process - -Bugfix - * Memory leak when using RSA_PKCS_V21 operations fixed - * Handle future version properly in ssl_write_certificate_request() - * Correctly handle CertificateRequest message in client for <= TLS 1.1 - without DN list - -= Version 1.2.3 released 2012-11-26 -Bugfix - * Server not always sending correct CertificateRequest message - -= Version 1.2.2 released 2012-11-24 -Changes - * Added p_hw_data to ssl_context for context specific hardware acceleration - data - * During verify trust-CA is only checked for expiration and CRL presence - -Bugfixes - * Fixed client authentication compatibility - * Fixed dependency on POLARSSL_SHA4_C in SSL modules - -= Version 1.2.1 released 2012-11-20 -Changes - * Depth that the certificate verify callback receives is now numbered - bottom-up (Peer cert depth is 0) - -Bugfixes - * Fixes for MSVC6 - * Moved mpi_inv_mod() outside POLARSSL_GENPRIME - * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel - Pégourié-Gonnard) - * Fixed possible segfault in mpi_shift_r() (found by Manuel - Pégourié-Gonnard) - * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 - -= Version 1.2.0 released 2012-10-31 -Features - * Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak - ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by - default! - * Added support for wildcard certificates - * Added support for multi-domain certificates through the X509 Subject - Alternative Name extension - * Added preliminary ASN.1 buffer writing support - * Added preliminary X509 Certificate Request writing support - * Added key_app_writer example application - * Added cert_req example application - * Added base Galois Counter Mode (GCM) for AES - * Added TLS 1.2 support (RFC 5246) - * Added GCM suites to TLS 1.2 (RFC 5288) - * Added commandline error code convertor (util/strerror) - * Added support for Hardware Acceleration hooking in SSL/TLS - * Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and - example application (programs/ssl/o_p_test) (requires OpenSSL) - * Added X509 CA Path support - * Added Thumb assembly optimizations - * Added DEFLATE compression support as per RFC3749 (requires zlib) - * Added blowfish algorithm (Generic and cipher layer) - * Added PKCS#5 PBKDF2 key derivation function - * Added Secure Renegotiation (RFC 5746) - * Added predefined DHM groups from RFC 5114 - * Added simple SSL session cache implementation - * Added ServerName extension parsing (SNI) at server side - * Added option to add minimum accepted SSL/TLS protocol version - -Changes - * Removed redundant POLARSSL_DEBUG_MSG define - * AES code only check for Padlock once - * Fixed const-correctness mpi_get_bit() - * Documentation for mpi_lsb() and mpi_msb() - * Moved out_msg to out_hdr + 32 to support hardware acceleration - * Changed certificate verify behaviour to comply with RFC 6125 section 6.3 - to not match CN if subjectAltName extension is present (Closes ticket #56) - * Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to - POLARSSL_MODE_CFB, to also handle different block size CFB modes. - * Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation) - * Revamped session resumption handling - * Generalized external private key implementation handling (like PKCS#11) - in SSL/TLS - * Revamped x509_verify() and the SSL f_vrfy callback implementations - * Moved from unsigned long to fixed width uint32_t types throughout code - * Renamed ciphersuites naming scheme to IANA reserved names - -Bugfix - * Fixed handling error in mpi_cmp_mpi() on longer B values (found by - Hui Dong) - * Fixed potential heap corruption in x509_name allocation - * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54) - * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket - #52) - * Handle encryption with private key and decryption with public key as per - RFC 2313 - * Handle empty certificate subject names - * Prevent reading over buffer boundaries on X509 certificate parsing - * mpi_add_abs() now correctly handles adding short numbers to long numbers - with carry rollover (found by Ruslan Yushchenko) - * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob - * Fixed MPI assembly for SPARC64 platform - -Security - * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi - Vanderbeken) - -= Version 1.1.8 released on 2013-10-01 -Bugfix - * Fixed potential memory leak when failing to resume a session - * Fixed potential file descriptor leaks - -Security - * Potential buffer-overflow for ssl_read_record() (independently found by - both TrustInSoft and Paul Brodeur of Leviathan Security Group) - * Potential negative value misinterpretation in load_file() - * Potential heap buffer overflow on large hostname setting - -= Version 1.1.7 released on 2013-06-19 -Changes - * HAVEGE random generator disabled by default - -Bugfix - * x509parse_crt() now better handles PEM error situations - * ssl_parse_certificate() now calls x509parse_crt_der() directly - instead of the x509parse_crt() wrapper that can also parse PEM - certificates - * Fixed values for 2-key Triple DES in cipher layer - * ssl_write_certificate_request() can handle empty ca_chain - -Security - * A possible DoS during the SSL Handshake, due to faulty parsing of - PEM-encoded certificates has been fixed (found by Jack Lloyd) - -= Version 1.1.6 released on 2013-03-11 -Bugfix - * Fixed net_bind() for specified IP addresses on little endian systems - -Changes - * Allow enabling of dummy error_strerror() to support some use-cases - * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL - -Security - * Removed timing differences during SSL message decryption in - ssl_decrypt_buf() - * Removed timing differences due to bad padding from - rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 - operations - -= Version 1.1.5 released on 2013-01-16 -Bugfix - * Fixed MPI assembly for SPARC64 platform - * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob - * mpi_add_abs() now correctly handles adding short numbers to long numbers - with carry rollover - * Moved mpi_inv_mod() outside POLARSSL_GENPRIME - * Prevent reading over buffer boundaries on X509 certificate parsing - * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket - #52) - * Fixed possible segfault in mpi_shift_r() (found by Manuel - Pégourié-Gonnard) - * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel - Pégourié-Gonnard) - * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 - * Memory leak when using RSA_PKCS_V21 operations fixed - * Handle encryption with private key and decryption with public key as per - RFC 2313 - * Fixes for MSVC6 - -Security - * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi - Vanderbeken) - -= Version 1.1.4 released on 2012-05-31 -Bugfix - * Correctly handle empty SSL/TLS packets (Found by James Yonan) - * Fixed potential heap corruption in x509_name allocation - * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54) - -= Version 1.1.3 released on 2012-04-29 -Bugfix - * Fixed random MPI generation to not generate more size than requested. - -= Version 1.1.2 released on 2012-04-26 -Bugfix - * Fixed handling error in mpi_cmp_mpi() on longer B values (found by - Hui Dong) - -Security - * Fixed potential memory corruption on miscrafted client messages (found by - Frama-C team at CEA LIST) - * Fixed generation of DHM parameters to correct length (found by Ruslan - Yushchenko) - -= Version 1.1.1 released on 2012-01-23 -Bugfix - * Check for failed malloc() in ssl_set_hostname() and x509_get_entries() - (Closes ticket #47, found by Hugo Leisink) - * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50) - * Fixed multiple compiler warnings for VS6 and armcc - * Fixed bug in CTR_CRBG selftest - -= Version 1.1.0 released on 2011-12-22 -Features - * Added ssl_session_reset() to allow better multi-connection pools of - SSL contexts without needing to set all non-connection-specific - data and pointers again. Adapted ssl_server to use this functionality. - * Added ssl_set_max_version() to allow clients to offer a lower maximum - supported version to a server to help buggy server implementations. - (Closes ticket #36) - * Added cipher_get_cipher_mode() and cipher_get_cipher_operation() - introspection functions (Closes ticket #40) - * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator - * Added a generic entropy accumulator that provides support for adding - custom entropy sources and added some generic and platform dependent - entropy sources - -Changes - * Documentation for AES and Camellia in modes CTR and CFB128 clarified. - * Fixed rsa_encrypt and rsa_decrypt examples to use public key for - encryption and private key for decryption. (Closes ticket #34) - * Inceased maximum size of ASN1 length reads to 32-bits. - * Added an EXPLICIT tag number parameter to x509_get_ext() - * Added a separate CRL entry extension parsing function - * Separated the ASN.1 parsing code from the X.509 specific parsing code. - So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C. - * Changed the defined key-length of DES ciphers in cipher.h to include the - parity bits, to prevent mistakes in copying data. (Closes ticket #33) - * Loads of minimal changes to better support WINCE as a build target - (Credits go to Marco Lizza) - * Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory - trade-off - * Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size - management (Closes ticket #44) - * Changed the used random function pointer to more flexible format. Renamed - havege_rand() to havege_random() to prevent mistakes. Lots of changes as - a consequence in library code and programs - * Moved all examples programs to use the new entropy and CTR_DRBG - * Added permissive certificate parsing to x509parse_crt() and - x509parse_crtfile(). With permissive parsing the parsing does not stop on - encountering a parse-error. Beware that the meaning of return values has - changed! - * All error codes are now negative. Even on mermory failures and IO errors. - -Bugfix - * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes - ticket #37) - * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag - before version numbers - * Allowed X509 key usage parsing to accept 4 byte values instead of the - standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) - * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length - smaller than the hash length. (Closes ticket #41) - * If certificate serial is longer than 32 octets, serial number is now - appended with '....' after first 28 octets - * Improved build support for s390x and sparc64 in bignum.h - * Fixed MS Visual C++ name clash with int64 in sha4.h - * Corrected removal of leading "00:" in printing serial numbers in - certificates and CRLs - -= Version 1.0.0 released on 2011-07-27 -Features - * Expanded cipher layer with support for CFB128 and CTR mode - * Added rsa_encrypt and rsa_decrypt simple example programs. - -Changes - * The generic cipher and message digest layer now have normal error - codes instead of integers - -Bugfix - * Undid faulty bug fix in ssl_write() when flushing old data (Ticket - #18) - -= Version 0.99-pre5 released on 2011-05-26 -Features - * Added additional Cipher Block Modes to symmetric ciphers - (AES CTR, Camellia CTR, XTEA CBC) including the option to - enable and disable individual modes when needed - * Functions requiring File System functions can now be disabled - by undefining POLARSSL_FS_IO - * A error_strerror function() has been added to translate between - error codes and their description. - * Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter - functions. - * Added ssl_mail_client and ssl_fork_server as example programs. - -Changes - * Major argument / variable rewrite. Introduced use of size_t - instead of int for buffer lengths and loop variables for - better unsigned / signed use. Renamed internal bigint types - t_int and t_dbl to t_uint and t_udbl in the process - * mpi_init() and mpi_free() now only accept a single MPI - argument and do not accept variable argument lists anymore. - * The error codes have been remapped and combining error codes - is now done with a PLUS instead of an OR as error codes - used are negative. - * Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv(). - net_recv() now returns 0 on EOF instead of - POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns - POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. - ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received - after the handshake. - * Network functions now return POLARSSL_ERR_NET_WANT_READ or - POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous - POLARSSL_ERR_NET_TRY_AGAIN - -= Version 0.99-pre4 released on 2011-04-01 -Features - * Added support for PKCS#1 v2.1 encoding and thus support - for the RSAES-OAEP and RSASSA-PSS operations. - * Reading of Public Key files incorporated into default x509 - functionality as well. - * Added mpi_fill_random() for centralized filling of big numbers - with random data (Fixed ticket #10) - -Changes - * Debug print of MPI now removes leading zero octets and - displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) - does not zeroize memory in advance anymore. Use rsa_init() - before parsing a key or keyfile! - -Bugfix - * Debug output of MPI's now the same independent of underlying - platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads - Kiilerich and Mihai Militaru) - * Fixed bug in ssl_write() when flushing old data (Fixed ticket - #18, found by Nikolay Epifanov) - * Fixed proper handling of RSASSA-PSS verification with variable - length salt lengths - -= Version 0.99-pre3 released on 2011-02-28 -This release replaces version 0.99-pre2 which had possible copyright issues. -Features - * Parsing PEM private keys encrypted with DES and AES - are now supported as well (Fixes ticket #5) - * Added crl_app program to allow easy reading and - printing of X509 CRLs from file - -Changes - * Parsing of PEM files moved to separate module (Fixes - ticket #13). Also possible to remove PEM support for - systems only using DER encoding - -Bugfixes - * Corrected parsing of UTCTime dates before 1990 and - after 1950 - * Support more exotic OID's when parsing certificates - (found by Mads Kiilerich) - * Support more exotic name representations when parsing - certificates (found by Mads Kiilerich) - * Replaced the expired test certificates - * Do not bail out if no client certificate specified. Try - to negotiate anonymous connection (Fixes ticket #12, - found by Boris Krasnovskiy) - -Security fixes - * Fixed a possible Man-in-the-Middle attack on the - Diffie Hellman key exchange (thanks to Larry Highsmith, - Subreption LLC) - -= Version 0.99-pre1 released on 2011-01-30 -Features -Note: Most of these features have been donated by Fox-IT - * Added Doxygen source code documentation parts - * Added reading of DHM context from memory and file - * Improved X509 certificate parsing to include extended - certificate fields, including Key Usage - * Improved certificate verification and verification - against the available CRLs - * Detection for DES weak keys and parity bits added - * Improvements to support integration in other - applications: - + Added generic message digest and cipher wrapper - + Improved information about current capabilities, - status, objects and configuration - + Added verification callback on certificate chain - verification to allow external blacklisting - + Additional example programs to show usage - * Added support for PKCS#11 through the use of the - libpkcs11-helper library - -Changes - * x509parse_time_expired() checks time in addition to - the existing date check - * The ciphers member of ssl_context and the cipher member - of ssl_session have been renamed to ciphersuites and - ciphersuite respectively. This clarifies the difference - with the generic cipher layer and is better naming - altogether - -= Version 0.14.0 released on 2010-08-16 -Features - * Added support for SSL_EDH_RSA_AES_128_SHA and - SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites - * Added compile-time and run-time version information - * Expanded ssl_client2 arguments for more flexibility - * Added support for TLS v1.1 - -Changes - * Made Makefile cleaner - * Removed dependency on rand() in rsa_pkcs1_encrypt(). - Now using random fuction provided to function and - changed the prototype of rsa_pkcs1_encrypt(), - rsa_init() and rsa_gen_key(). - * Some SSL defines were renamed in order to avoid - future confusion - -Bug fixes - * Fixed CMake out of source build for tests (found by - kkert) - * rsa_check_private() now supports PKCS1v2 keys as well - * Fixed deadlock in rsa_pkcs1_encrypt() on failing random - generator - -= Version 0.13.1 released on 2010-03-24 -Bug fixes - * Fixed Makefile in library that was mistakenly merged - * Added missing const string fixes - -= Version 0.13.0 released on 2010-03-21 -Features - * Added option parsing for host and port selection to - ssl_client2 - * Added support for GeneralizedTime in X509 parsing - * Added cert_app program to allow easy reading and - printing of X509 certificates from file or SSL - connection. - -Changes - * Added const correctness for main code base - * X509 signature algorithm determination is now - in a function to allow easy future expansion - * Changed symmetric cipher functions to - identical interface (returning int result values) - * Changed ARC4 to use separate input/output buffer - * Added reset function for HMAC context as speed-up - for specific use-cases - -Bug fixes - * Fixed bug resulting in failure to send the last - certificate in the chain in ssl_write_certificate() and - ssl_write_certificate_request() (found by fatbob) - * Added small fixes for compiler warnings on a Mac - (found by Frank de Brabander) - * Fixed algorithmic bug in mpi_is_prime() (found by - Smbat Tonoyan) - -= Version 0.12.1 released on 2009-10-04 -Changes - * Coverage test definitions now support 'depends_on' - tagging system. - * Tests requiring specific hashing algorithms now honor - the defines. - -Bug fixes - * Changed typo in #ifdef in x509parse.c (found - by Eduardo) - -= Version 0.12.0 released on 2009-07-28 -Features - * Added CMake makefiles as alternative to regular Makefiles. - * Added preliminary Code Coverage tests for AES, ARC4, - Base64, MPI, SHA-family, MD-family, HMAC-SHA-family, - Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman - and X509parse. - -Changes - * Error codes are not (necessarily) negative. Keep - this is mind when checking for errors. - * RSA_RAW renamed to SIG_RSA_RAW for consistency. - * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. - * Changed interface for AES and Camellia setkey functions - to indicate invalid key lengths. - -Bug fixes - * Fixed include location of endian.h on FreeBSD (found by - Gabriel) - * Fixed include location of endian.h and name clash on - Apples (found by Martin van Hensbergen) - * Fixed HMAC-MD2 by modifying md2_starts(), so that the - required HMAC ipad and opad variables are not cleared. - (found by code coverage tests) - * Prevented use of long long in bignum if - POLARSSL_HAVE_LONGLONG not defined (found by Giles - Bathgate). - * Fixed incorrect handling of negative strings in - mpi_read_string() (found by code coverage tests). - * Fixed segfault on handling empty rsa_context in - rsa_check_pubkey() and rsa_check_privkey() (found by - code coverage tests). - * Fixed incorrect handling of one single negative input - value in mpi_add_abs() (found by code coverage tests). - * Fixed incorrect handling of negative first input - value in mpi_sub_abs() (found by code coverage tests). - * Fixed incorrect handling of negative first input - value in mpi_mod_mpi() and mpi_mod_int(). Resulting - change also affects mpi_write_string() (found by code - coverage tests). - * Corrected is_prime() results for 0, 1 and 2 (found by - code coverage tests). - * Fixed Camellia and XTEA for 64-bit Windows systems. - -= Version 0.11.1 released on 2009-05-17 - * Fixed missing functionality for SHA-224, SHA-256, SHA384, - SHA-512 in rsa_pkcs1_sign() - -= Version 0.11.0 released on 2009-05-03 - * Fixed a bug in mpi_gcd() so that it also works when both - input numbers are even and added testcases to check - (found by Pierre Habouzit). - * Added support for SHA-224, SHA-256, SHA-384 and SHA-512 - one way hash functions with the PKCS#1 v1.5 signing and - verification. - * Fixed minor bug regarding mpi_gcd located within the - POLARSSL_GENPRIME block. - * Fixed minor memory leak in x509parse_crt() and added better - handling of 'full' certificate chains (found by Mathias - Olsson). - * Centralized file opening and reading for x509 files into - load_file() - * Made definition of net_htons() endian-clean for big endian - systems (Found by Gernot). - * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. - * Fixed an off-by-one buffer allocation in ssl_set_hostname() - responsible for crashes and unwanted behaviour. - * Added support for Certificate Revocation List (CRL) parsing. - * Added support for CRL revocation to x509parse_verify() and - SSL/TLS code. - * Fixed compatibility of XTEA and Camellia on a 64-bit system - (found by Felix von Leitner). - -= Version 0.10.0 released on 2009-01-12 - * Migrated XySSL to PolarSSL - * Added XTEA symmetric cipher - * Added Camellia symmetric cipher - * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA, - SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA - * Fixed dangerous bug that can cause a heap overflow in - rsa_pkcs1_decrypt (found by Christophe Devine) - -================================================================ -XySSL ChangeLog - -= Version 0.9 released on 2008-03-16 - - * Added support for ciphersuite: SSL_RSA_AES_128_SHA - * Enabled support for large files by default in aescrypt2.c - * Preliminary openssl wrapper contributed by David Barrett - * Fixed a bug in ssl_write() that caused the same payload to - be sent twice in non-blocking mode when send returns EAGAIN - * Fixed ssl_parse_client_hello(): session id and challenge must - not be swapped in the SSLv2 ClientHello (found by Greg Robson) - * Added user-defined callback debug function (Krystian Kolodziej) - * Before freeing a certificate, properly zero out all cert. data - * Fixed the "mode" parameter so that encryption/decryption are - not swapped on PadLock; also fixed compilation on older versions - of gcc (bug reported by David Barrett) - * Correctly handle the case in padlock_xcryptcbc() when input or - output data is non-aligned by falling back to the software - implementation, as VIA Nehemiah cannot handle non-aligned buffers - * Fixed a memory leak in x509parse_crt() which was reported by Greg - Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to - Matthew Page who reported several bugs - * Fixed x509_get_ext() to accept some rare certificates which have - an INTEGER instead of a BOOLEAN for BasicConstraints::cA. - * Added support on the client side for the TLS "hostname" extension - (patch contributed by David Patino) - * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty - string is passed as the CN (bug reported by spoofy) - * Added an option to enable/disable the BN assembly code - * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1) - * Disabled obsolete hash functions by default (MD2, MD4); updated - selftest and benchmark to not test ciphers that have been disabled - * Updated x509parse_cert_info() to correctly display byte 0 of the - serial number, setup correct server port in the ssl client example - * Fixed a critical denial-of-service with X.509 cert. verification: - peer may cause xyssl to loop indefinitely by sending a certificate - for which the RSA signature check fails (bug reported by Benoit) - * Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC, - HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 - * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin) - * Modified ssl_parse_client_key_exchange() to protect against - Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well - as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * Updated rsa_gen_key() so that ctx->N is always nbits in size - * Fixed assembly PPC compilation errors on Mac OS X, thanks to - David Barrett and Dusan Semen - -= Version 0.8 released on 2007-10-20 - - * Modified the HMAC functions to handle keys larger - than 64 bytes, thanks to Stephane Desneux and gary ng - * Fixed ssl_read_record() to properly update the handshake - message digests, which fixes IE6/IE7 client authentication - * Cleaned up the XYSSL* #defines, suggested by Azriel Fasten - * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan - * Added user-defined callbacks for handling I/O and sessions - * Added lots of debugging output in the SSL/TLS functions - * Added preliminary X.509 cert. writing by Pascal Vizeli - * Added preliminary support for the VIA PadLock routines - * Added AES-CFB mode of operation, contributed by chmike - * Added an SSL/TLS stress testing program (ssl_test.c) - * Updated the RSA PKCS#1 code to allow choosing between - RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett - * Updated ssl_read() to skip 0-length records from OpenSSL - * Fixed the make install target to comply with *BSD make - * Fixed a bug in mpi_read_binary() on 64-bit platforms - * mpi_is_prime() speedups, thanks to Kevin McLaughlin - * Fixed a long standing memory leak in mpi_is_prime() - * Replaced realloc with malloc in mpi_grow(), and set - the sign of zero as positive in mpi_init() (reported - by Jonathan M. McCune) - -= Version 0.7 released on 2007-07-07 - - * Added support for the MicroBlaze soft-core processor - * Fixed a bug in ssl_tls.c which sometimes prevented SSL - connections from being established with non-blocking I/O - * Fixed a couple bugs in the VS6 and UNIX Makefiles - * Fixed the "PIC register ebx clobbered in asm" bug - * Added HMAC starts/update/finish support functions - * Added the SHA-224, SHA-384 and SHA-512 hash functions - * Fixed the net_set_*block routines, thanks to Andreas - * Added a few demonstration programs: md5sum, sha1sum, - dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify - * Added new bignum import and export helper functions - * Rewrote README.txt in program/ssl/ca to better explain - how to create a test PKI - -= Version 0.6 released on 2007-04-01 - - * Ciphers used in SSL/TLS can now be disabled at compile - time, to reduce the memory footprint on embedded systems - * Added multiply assembly code for the TriCore and modified - havege_struct for this processor, thanks to David Patiño - * Added multiply assembly code for 64-bit PowerPCs, - thanks to Peking University and the OSU Open Source Lab - * Added experimental support of Quantum Cryptography - * Added support for autoconf, contributed by Arnaud Cornet - * Fixed "long long" compilation issues on IA-64 and PPC64 - * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock - was not being correctly defined on ARM and MIPS - -= Version 0.5 released on 2007-03-01 - - * Added multiply assembly code for SPARC and Alpha - * Added (beta) support for non-blocking I/O operations - * Implemented session resuming and client authentication - * Fixed some portability issues on WinCE, MINIX 3, Plan9 - (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris - * Improved the performance of the EDH key exchange - * Fixed a bug that caused valid packets with a payload - size of 16384 bytes to be rejected - -= Version 0.4 released on 2007-02-01 - - * Added support for Ephemeral Diffie-Hellman key exchange - * Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K - * Various improvement to the modular exponentiation code - * Rewrote the headers to generate the API docs with doxygen - * Fixed a bug in ssl_encrypt_buf (incorrect padding was - generated) and in ssl_parse_client_hello (max. client - version was not properly set), thanks to Didier Rebeix - * Fixed another bug in ssl_parse_client_hello: clients with - cipherlists larger than 96 bytes were incorrectly rejected - * Fixed a couple memory leak in x509_read.c - -= Version 0.3 released on 2007-01-01 - - * Added server-side SSLv3 and TLSv1.0 support - * Multiple fixes to enhance the compatibility with g++, - thanks to Xosé Antón Otero Ferreira - * Fixed a bug in the CBC code, thanks to dowst; also, - the bignum code is no longer dependent on long long - * Updated rsa_pkcs1_sign to handle arbitrary large inputs - * Updated timing.c for improved compatibility with i386 - and 486 processors, thanks to Arnaud Cornet - -= Version 0.2 released on 2006-12-01 - - * Updated timing.c to support ARM and MIPS arch - * Updated the MPI code to support 8086 on MSVC 1.5 - * Added the copyright notice at the top of havege.h - * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang - * Fixed a bug reported by Adrian Rüegsegger in x509_read_key - * Fixed a bug reported by Torsten Lauter in ssl_read_record - * Fixed a bug in rsa_check_privkey that would wrongly cause - valid RSA keys to be dismissed (thanks to oldwolf) - * Fixed a bug in mpi_is_prime that caused some primes to fail - the Miller-Rabin primality test - - I'd also like to thank Younès Hafri for the CRUX linux port, - Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet - who maintains the Debian package :-) - -= Version 0.1 released on 2006-11-01 diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md deleted file mode 100644 index 2fbc989de..000000000 --- a/ChangeLog.d/00README.md +++ /dev/null @@ -1,91 +0,0 @@ -# Pending changelog entry directory - -This directory contains changelog entries that have not yet been merged -to the changelog file ([`../ChangeLog`](../ChangeLog)). - -## What requires a changelog entry? - -Write a changelog entry if there is a user-visible change. This includes: - -* Bug fixes in the library or in sample programs: fixing a security hole, - fixing broken behavior, fixing the build in some configuration or on some - platform, etc. -* New features in the library, new sample programs, or new platform support. -* Changes in existing behavior. These should be rare. Changes in features - that are documented as experimental may or may not be announced, depending - on the extent of the change and how widely we expect the feature to be used. - -We generally don't include changelog entries for: - -* Documentation improvements. -* Performance improvements, unless they are particularly significant. -* Changes to parts of the code base that users don't interact with directly, - such as test code and test data. -* Fixes for compiler warnings. Releases typically contain a number of fixes - of this kind, so we will only mention them in the Changelog if they are - particularly significant. - -Until Mbed TLS 2.24.0, we required changelog entries in more cases. -Looking at older changelog entries is good practice for how to write a -changelog entry, but not for deciding whether to write one. - -## Changelog entry file format - -A changelog entry file must have the extension `*.txt` and must have the -following format: - -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Security - * Change description. - * Another change description. - -Features - * Yet another change description. This is a long change description that - spans multiple lines. - * Yet again another change description. - -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The permitted changelog entry categories are as follows: - - - API changes - Default behavior changes - Requirement changes - New deprecations - Removals - Features - Security - Bugfix - Changes - -Use “Changes” for anything that doesn't fit in the other categories. - -## How to write a changelog entry - -Each entry starts with three spaces, an asterisk and a space. Continuation -lines start with 5 spaces. Lines wrap at 79 characters. - -Write full English sentences with proper capitalization and punctuation. Use -the present tense. Use the imperative where applicable. For example: “Fix a -bug in mbedtls_xxx() ….” - -Include GitHub issue numbers where relevant. Use the format “#1234” for an -Mbed TLS issue. Add other external references such as CVE numbers where -applicable. - -Credit bug reporters where applicable. - -**Explain why, not how**. Remember that the audience is the users of the -library, not its developers. In particular, for a bug fix, explain the -consequences of the bug, not how the bug was fixed. For a new feature, explain -why one might be interested in the feature. For an API change or a deprecation, -explain how to update existing applications. - -See [existing entries](../ChangeLog) for examples. - -## How `ChangeLog` is updated - -Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py) -from a Git working copy -to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file. diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt deleted file mode 100644 index 22939df86..000000000 --- a/ChangeLog.d/9126.txt +++ /dev/null @@ -1,5 +0,0 @@ -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt deleted file mode 100644 index d61ba1963..000000000 --- a/ChangeLog.d/9302.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt deleted file mode 100644 index d00eb16bc..000000000 --- a/ChangeLog.d/9690.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt deleted file mode 100644 index 079cd741d..000000000 --- a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/add-psa-iop-generate-key.txt deleted file mode 100644 index 0f586ee19..000000000 --- a/ChangeLog.d/add-psa-iop-generate-key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/add-psa-iop-key-agreement.txt deleted file mode 100644 index 92dfde184..000000000 --- a/ChangeLog.d/add-psa-iop-key-agreement.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt deleted file mode 100644 index 771e6e260..000000000 --- a/ChangeLog.d/add-psa-key-agreement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt deleted file mode 100644 index bb5b47088..000000000 --- a/ChangeLog.d/asn1-missing-guard-in-rsa.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt deleted file mode 100644 index 8570a1175..000000000 --- a/ChangeLog.d/check-config.txt +++ /dev/null @@ -1,9 +0,0 @@ -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/configuration-split.txt deleted file mode 100644 index f4d9bc63a..000000000 --- a/ChangeLog.d/configuration-split.txt +++ /dev/null @@ -1,16 +0,0 @@ -Changes - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt deleted file mode 100644 index c6aac3c99..000000000 --- a/ChangeLog.d/dynamic-keystore.txt +++ /dev/null @@ -1,10 +0,0 @@ -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - -Bugfix - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt deleted file mode 100644 index 83b7f2f88..000000000 --- a/ChangeLog.d/ecdsa-conversion-overflow.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt deleted file mode 100644 index 538f0c511..000000000 --- a/ChangeLog.d/fix-aesni-asm-clobbers.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt deleted file mode 100644 index 7ae1c68a4..000000000 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt deleted file mode 100644 index 11e7d2539..000000000 --- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt deleted file mode 100644 index 5b79fb69d..000000000 --- a/ChangeLog.d/fix-compilation-with-djgpp.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt deleted file mode 100644 index 8a406a12e..000000000 --- a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt deleted file mode 100644 index 9b6d8acd6..000000000 --- a/ChangeLog.d/fix-driver-schema-check.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt deleted file mode 100644 index 2549af873..000000000 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt deleted file mode 100644 index e3c8aecc2..000000000 --- a/ChangeLog.d/fix-psa-cmac.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt deleted file mode 100644 index b5c26505c..000000000 --- a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt deleted file mode 100644 index 603612a31..000000000 --- a/ChangeLog.d/fix-rsa-performance-regression.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt deleted file mode 100644 index 23a46c068..000000000 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt deleted file mode 100644 index d1d8341f7..000000000 --- a/ChangeLog.d/fix-server-mode-only-build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt deleted file mode 100644 index 26042193c..000000000 --- a/ChangeLog.d/fix-test-suite-pk-warnings.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt deleted file mode 100644 index b81fb426a..000000000 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt deleted file mode 100644 index e4726a45d..000000000 --- a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt deleted file mode 100644 index 69c00e1a7..000000000 --- a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt deleted file mode 100644 index 2fc2751ac..000000000 --- a/ChangeLog.d/mbedtls_psa_register_se_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt deleted file mode 100644 index dba25af61..000000000 --- a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt deleted file mode 100644 index d00aa8a87..000000000 --- a/ChangeLog.d/pk-norsa-warning.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt deleted file mode 100644 index 45f4d9b10..000000000 --- a/ChangeLog.d/psa-always-on.txt +++ /dev/null @@ -1,10 +0,0 @@ -Default behavior changes - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa-crypto-config-always-on.txt deleted file mode 100644 index d255f8c3c..000000000 --- a/ChangeLog.d/psa-crypto-config-always-on.txt +++ /dev/null @@ -1,7 +0,0 @@ -Default behavior changes - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt deleted file mode 100644 index 39e03b93b..000000000 --- a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt deleted file mode 100644 index 3fc1bd7d1..000000000 --- a/ChangeLog.d/psa_generate_key_custom.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt deleted file mode 100644 index 9aa70ad97..000000000 --- a/ChangeLog.d/psa_util-bits-0.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt deleted file mode 100644 index 7c0866dd3..000000000 --- a/ChangeLog.d/psa_util_in_builds_without_psa.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221..000000000 --- a/ChangeLog.d/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b9657..000000000 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt deleted file mode 100644 index 213cf55b4..000000000 --- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt deleted file mode 100644 index f03b5ed7f..000000000 --- a/ChangeLog.d/repo-split.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt deleted file mode 100644 index 938e9eccb..000000000 --- a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt deleted file mode 100644 index 4df6b3e30..000000000 --- a/ChangeLog.d/tls-key-exchange-rsa.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt deleted file mode 100644 index 8dd8a327d..000000000 --- a/ChangeLog.d/tls13-cert-regressions.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt deleted file mode 100644 index f5331bc06..000000000 --- a/ChangeLog.d/tls13-middlebox-compat-disabled.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt deleted file mode 100644 index 8ceef21ee..000000000 --- a/ChangeLog.d/tls13-without-tickets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl deleted file mode 100644 index af0578a58..000000000 --- a/DartConfiguration.tcl +++ /dev/null @@ -1,4 +0,0 @@ -Site: localhost -BuildName: Mbed TLS-test -CoverageCommand: /usr/bin/gcov -MemoryCheckCommand: /usr/bin/valgrind diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 776ac77ea..000000000 --- a/LICENSE +++ /dev/null @@ -1,553 +0,0 @@ -Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) -OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. -This means that users may choose which of these licenses they take the code -under. - -The full text of each of these licenses is given below. - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - -=============================================================================== - - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/Makefile b/Makefile deleted file mode 100644 index c9f575082..000000000 --- a/Makefile +++ /dev/null @@ -1,247 +0,0 @@ -DESTDIR=/usr/local -PREFIX=mbedtls_ -PERL ?= perl - -ifneq (,$(filter-out lib library/%,$(or $(MAKECMDGOALS),all))) - ifeq (,$(wildcard framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - ifneq (,$(wildcard .git)) - define error_message -${MBEDTLS_PATH}/framework/exported.make not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents. -This is a fatal error - endef - else - define error_message -${MBEDTLS_PATH}/framework/exported.make not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub. - endef - endif - $(error $(error_message)) - endif - include framework/exported.make -endif - -.SILENT: - -.PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean - -all: programs tests - $(MAKE) post_build - -no_test: programs - -programs: lib mbedtls_test - $(MAKE) -C programs - -ssl-opt: lib mbedtls_test - $(MAKE) -C programs ssl-opt - $(MAKE) -C tests ssl-opt - -lib: - $(MAKE) -C library - -ifndef PSASIM -tests: lib -endif -tests: mbedtls_test - $(MAKE) -C tests - -mbedtls_test: - $(MAKE) -C tests mbedtls_test - -library/%: - $(MAKE) -C library $* -programs/%: - $(MAKE) -C programs $* -tests/%: - $(MAKE) -C tests $* - -.PHONY: generated_files -generated_files: library/generated_files -generated_files: programs/generated_files -generated_files: tests/generated_files -generated_files: visualc_files - -# Set GEN_FILES to the empty string to disable dependencies on generated -# source files. Then `make generated_files` will only build files that -# are missing, it will not rebuilt files that are present but out of date. -# This is useful, for example, if you have a source tree where -# `make generated_files` has already run and file timestamps reflect the -# time the files were copied or extracted, and you are now in an environment -# that lacks some of the necessary tools to re-generate the files. -# If $(GEN_FILES) is non-empty, the generated source files' dependencies -# are treated ordinarily, based on file timestamps. -GEN_FILES ?= yes - -# In dependencies where the target is a configuration-independent generated -# file, use `TARGET: $(gen_file_dep) DEPENDENCY1 DEPENDENCY2 ...` -# rather than directly `TARGET: DEPENDENCY1 DEPENDENCY2 ...`. This -# enables the re-generation to be turned off when GEN_FILES is disabled. -ifdef GEN_FILES -gen_file_dep = -else -# Order-only dependency: generate the target if it's absent, but don't -# re-generate it if it's present but older than its dependencies. -gen_file_dep = | -endif - -.PHONY: visualc_files -VISUALC_FILES = visualc/VS2017/mbedTLS.sln visualc/VS2017/mbedTLS.vcxproj -# TODO: $(app).vcxproj for each $(app) in programs/ -visualc_files: $(VISUALC_FILES) - -# Ensure that the .c files that generate_visualc_files.pl enumerates are -# present before it runs. It doesn't matter if the files aren't up-to-date, -# they just need to be present. -$(VISUALC_FILES): | library/generated_files -$(VISUALC_FILES): | programs/generated_files -$(VISUALC_FILES): | tests/generated_files -$(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-app-template.vcxproj -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-main-template.vcxproj -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-sln-template.sln -# TODO: also the list of .c and .h source files, but not their content -$(VISUALC_FILES): - echo " Gen $@ ..." - $(PERL) scripts/generate_visualc_files.pl - -ifndef WINDOWS -install: no_test - mkdir -p $(DESTDIR)/include/mbedtls - cp -rp include/mbedtls $(DESTDIR)/include - cp -rp tf-psa-crypto/drivers/builtin/include/mbedtls $(DESTDIR)/include - mkdir -p $(DESTDIR)/include/psa - cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include - - mkdir -p $(DESTDIR)/lib - cp -RP library/libmbedtls.* $(DESTDIR)/lib - cp -RP library/libmbedx509.* $(DESTDIR)/lib - cp -RP library/libmbedcrypto.* $(DESTDIR)/lib - - mkdir -p $(DESTDIR)/bin - for p in programs/*/* ; do \ - if [ -x $$p ] && [ ! -d $$p ] ; \ - then \ - f=$(PREFIX)`basename $$p` ; \ - cp $$p $(DESTDIR)/bin/$$f ; \ - fi \ - done - -uninstall: - rm -rf $(DESTDIR)/include/mbedtls - rm -rf $(DESTDIR)/include/psa - rm -f $(DESTDIR)/lib/libmbedtls.* - rm -f $(DESTDIR)/lib/libmbedx509.* - rm -f $(DESTDIR)/lib/libmbedcrypto.* - - for p in programs/*/* ; do \ - if [ -x $$p ] && [ ! -d $$p ] ; \ - then \ - f=$(PREFIX)`basename $$p` ; \ - rm -f $(DESTDIR)/bin/$$f ; \ - fi \ - done -endif - - -WARNING_BORDER_LONG =**********************************************************************************\n -CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n -CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n -CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n - -CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG) - -# Post build steps -post_build: -ifndef WINDOWS - - # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ - echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' - -endif - -clean: clean_more_on_top - $(MAKE) -C library clean - $(MAKE) -C programs clean - $(MAKE) -C tests clean - -clean_more_on_top: -ifndef WINDOWS - find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + -endif - -neat: clean_more_on_top - $(MAKE) -C library neat - $(MAKE) -C programs neat - $(MAKE) -C tests neat -ifndef WINDOWS - rm -f visualc/VS2017/*.vcxproj visualc/VS2017/mbedTLS.sln -else - if exist visualc\VS2017\*.vcxproj del /Q /F visualc\VS2017\*.vcxproj - if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln -endif - -ifndef PSASIM -check: lib -endif -check: tests - $(MAKE) -C tests check - -test: check - -ifndef WINDOWS -# For coverage testing: -# 1. Build with: -# make CFLAGS='--coverage -g3 -O0' LDFLAGS='--coverage' -# 2. Run the relevant tests for the part of the code you're interested in. -# For the reference coverage measurement, see -# tests/scripts/basic-build-test.sh -# 3. Run scripts/lcov.sh to generate an HTML report. -lcov: - scripts/lcov.sh - -apidoc: - mkdir -p apidoc - cd doxygen && doxygen mbedtls.doxyfile - -apidoc_clean: - rm -rf apidoc -endif - -## Editor navigation files -C_SOURCE_FILES = $(wildcard \ - include/*/*.h \ - library/*.[hc] \ - tf-psa-crypto/core/*.[hc] \ - tf-psa-crypto/include/*/*.h \ - tf-psa-crypto/drivers/*/include/*/*.h \ - tf-psa-crypto/drivers/*/include/*/*/*.h \ - tf-psa-crypto/drivers/*/include/*/*/*/*.h \ - tf-psa-crypto/drivers/builtin/src/*.[hc] \ - tf-psa-crypto/drivers/*/*.c \ - tf-psa-crypto/drivers/*/*/*.c \ - tf-psa-crypto/drivers/*/*/*/*.c \ - tf-psa-crypto/drivers/*/*/*/*/*.c \ - programs/*/*.[hc] \ - framework/tests/include/*/*.h framework/tests/include/*/*/*.h \ - framework/tests/src/*.c framework/tests/src/*/*.c \ - tests/suites/*.function \ - tf-psa-crypto/tests/suites/*.function \ -) -# Exuberant-ctags invocation. Other ctags implementations may require different options. -CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o -tags: $(C_SOURCE_FILES) - $(CTAGS) $@ $(C_SOURCE_FILES) -TAGS: $(C_SOURCE_FILES) - etags --no-line-directive -o $@ $(C_SOURCE_FILES) -global: GPATH GRTAGS GSYMS GTAGS -GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) - ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc -cscope: cscope.in.out cscope.po.out cscope.out -cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) - cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \ - -Itf-psa-crypto/include \ - -Itf-psa-crypto/drivers/builtin/src \ - $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Iframework/tests/include $(C_SOURCE_FILES) -.PHONY: cscope global diff --git a/README.md b/README.md deleted file mode 100644 index b00d21ae5..000000000 --- a/README.md +++ /dev/null @@ -1,326 +0,0 @@ -README for Mbed TLS -=================== - -Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. - -Mbed TLS includes a reference implementation of the [PSA Cryptography API](#psa-cryptography-api). This is currently a preview for evaluation purposes only. - -Configuration -------------- - -Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). - -Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). - -We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` - -Documentation -------------- - -The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/). - -Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/psa-api/crypto/). - -To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: - -1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. -1. Run `make apidoc`. -1. Browse `apidoc/index.html` or `apidoc/modules.html`. - -For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. - -Compiling ---------- - -There are currently three active build systems used within Mbed TLS releases: - -- GNU Make -- CMake -- Microsoft Visual Studio - -The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. - -The Make and CMake build systems create three libraries: libmbedcrypto/libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto/libtfpsacrypto, and libmbedx509 depends on libmbedcrypto/libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. - -### Tool versions - -You need the following tools to build the library with the provided makefiles: - -* GNU Make 3.82 or a build tool that CMake supports. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. -* Python 3.8 to generate the test code. Python is also needed to integrate PSA drivers and to build the development branch (see next section). -* Perl to run the tests, and to generate some source files in the development branch. -* CMake 3.10.2 or later (if using CMake). -* Microsoft Visual Studio 2017 or later (if using Visual Studio). -* Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). - -### Git usage - -The `development` branch and the `mbedtls-3.6` long-term support branch of Mbed TLS use a [Git submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules) ([framework](https://github.com/Mbed-TLS/mbedtls-framework)). This is not needed to merely compile the library at a release tag. This is not needed to consume a release archive (zip or tar). - -### Generated source files in the development branch - -The source code of Mbed TLS includes some files that are automatically generated by scripts and whose content depends only on the Mbed TLS source, not on the platform or on the library configuration. These files are not included in the development branch of Mbed TLS, but the generated files are included in official releases. This section explains how to generate the missing files in the development branch. - -The following tools are required: - -* Perl, for some library source files and for Visual Studio build files. -* Python 3.8 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: - ``` - python3 -m pip install --user -r scripts/basic.requirements.txt - ``` - Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option. -* A C compiler for the host platform, for some test data. - -If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files. - -Any of the following methods are available to generate the configuration-independent files: - -* If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. -* On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically. -* Run `make generated_files` to generate all the configuration-independent files. -* On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files. -* On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. - -### Make - -We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. - -We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. - -In order to build from the source code using GNU Make, just enter at the command line: - - make - -In order to run the tests, enter: - - make check - -The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with: - - make no_test - -You'll still be able to run a much smaller set of tests with: - - programs/test/selftest - -In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available). - -Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. - -Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -Wextra`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line. - -Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/) for articles on your platform or issue. - -In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/). - -### CMake - -In order to build the source using CMake in a separate directory (recommended), just enter at the command line: - - mkdir /path/to/build_dir && cd /path/to/build_dir - cmake /path/to/mbedtls_source - cmake --build . - -In order to run the tests, enter: - - ctest - -The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with: - - cmake -DENABLE_TESTING=Off /path/to/mbedtls_source - -If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with: - - programs/test/selftest - -To configure CMake for building shared libraries, use: - - cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source - -There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: - -- `Release`. This generates the default code without any unnecessary information in the binary files. -- `Debug`. This generates debug information and disables optimization of the code. -- `Coverage`. This generates code coverage information in addition to debug information. -- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) -- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces. -- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. -- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. -- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. - -Switching build modes in CMake is simple. For debug mode, enter at the command line: - - cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source - -To list other available CMake options, use: - - cmake -LH - -Note that, with CMake, you can't adjust the compiler or its flags after the -initial invocation of cmake. This means that `CC=your_cc make` and `make -CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables). -These variables need to be adjusted when invoking cmake for the first time, -for example: - - CC=your_cc cmake /path/to/mbedtls_source - -If you already invoked cmake and want to change those settings, you need to -remove the build directory and create it again. - -Note that it is possible to build in-place; this will however overwrite the -provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to -prevent `git status` from showing them as modified). In order to do so, from -the Mbed TLS source directory, use: - - cmake . - make - -If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the -CMake cache. This can be done with the following command using GNU find: - - find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - -You can now make the desired change: - - CC=your_cc cmake . - make - -Regarding variables, also note that if you set CFLAGS when invoking cmake, -your value of CFLAGS doesn't override the content provided by cmake (depending -on the build mode as seen above), it's merely prepended to it. - -#### Consuming Mbed TLS - -Mbed TLS provides a package config file for consumption as a dependency in other -CMake projects. You can include Mbed TLS's CMake targets yourself with: - - find_package(MbedTLS) - -If prompted, set `MbedTLS_DIR` to `${YOUR_MBEDTLS_INSTALL_DIR}/cmake`. This -creates the following targets: - -- `MbedTLS::tfpsacrypto` (Crypto library) -- `MbedTLS::mbedtls` (TLS library) -- `MbedTLS::mbedx509` (X509 library) - -You can then use these directly through `target_link_libraries()`: - - add_executable(xyz) - - target_link_libraries(xyz - PUBLIC MbedTLS::mbedtls - MbedTLS::tfpsacrypto - MbedTLS::mbedx509) - -This will link the Mbed TLS libraries to your library or application, and add -its include directories to your target (transitively, in the case of `PUBLIC` or -`INTERFACE` link libraries). - -#### Mbed TLS as a subproject - -Mbed TLS supports being built as a CMake subproject. One can -use `add_subdirectory()` from a parent CMake project to include Mbed TLS as a -subproject. - -### Microsoft Visual Studio - -The build files for Microsoft Visual Studio are generated for Visual Studio 2017. - -The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. - -In the development branch of Mbed TLS, the Visual Studio solution files need to be generated first as described in [“Generated source files in the development branch”](#generated-source-files-in-the-development-branch). - -Example programs ----------------- - -We've included example programs for a lot of different features and uses in [`programs/`](programs/README.md). -Please note that the goal of these sample programs is to demonstrate specific features of the library, and the code may need to be adapted to build a real-world application. - -Tests ------ - -Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_ssl.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_ssl.function`) and a `data file` (e.g. `suites/test\_suite\_ssl.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. - -For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: - -- `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. -- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. -- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations. -- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. -- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc). - -Instead of manually installing the required versions of all tools required for testing, it is possible to use the Docker images from our CI systems, as explained in [our testing infrastructure repository](https://github.com/Mbed-TLS/mbedtls-test/blob/main/README.md#quick-start). - -Porting Mbed TLS ----------------- - -Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following Knowledge Base articles useful: - -- [Porting Mbed TLS to a new environment or OS](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS/) -- [What external dependencies does Mbed TLS rely on?](https://mbed-tls.readthedocs.io/en/latest/kb/development/what-external-dependencies-does-mbedtls-rely-on/) -- [How do I configure Mbed TLS](https://mbed-tls.readthedocs.io/en/latest/kb/compiling-and-building/how-do-i-configure-mbedtls/) - -Mbed TLS is mostly written in portable C99; however, it has a few platform requirements that go beyond the standard, but are met by most modern architectures: - -- Bytes must be 8 bits. -- All-bits-zero must be a valid representation of a null pointer. -- Signed integers must be represented using two's complement. -- `int` and `size_t` must be at least 32 bits wide. -- The types `uint8_t`, `uint16_t`, `uint32_t` and their signed equivalents must be available. -- Mixed-endian platforms are not supported. -- SIZE_MAX must be at least as big as INT_MAX and UINT_MAX. - -PSA cryptography API --------------------- - -### PSA API - -Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. - -The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. - -The design goals of the PSA cryptography API include: - -* The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired. -* The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example, in order to take advantage of hardware accelerators. -* All access to the keys happens through key identifiers, which allows support for external cryptoprocessors that is transparent to applications. -* The interface to algorithms is generic, favoring algorithm agility. -* The interface is designed to be easy to use and hard to accidentally misuse. - -Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially. - -### PSA implementation in Mbed TLS - -Mbed TLS includes a reference implementation of the PSA Cryptography API. -However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms. - -### PSA drivers - -Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS. - -Please see the [PSA driver example and guide](docs/psa-driver-example-and-guide.md) for information on writing a driver. - -License -------- - -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. - -### Third-party code included in Mbed TLS - -This project contains code from other projects. This code is located within the `tf-psa-crypto/drivers/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below: - -* `drivers/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `drivers/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author. - -Contributing ------------- - -We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this. - -Contact -------- - -* To report a security vulnerability in Mbed TLS, please email . For more information, see [`SECURITY.md`](SECURITY.md). -* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/Mbed-TLS/mbedtls/issues/new/choose). -* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS. diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 9506eb913..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,146 +0,0 @@ -## Reporting Vulnerabilities - -If you think you have found an Mbed TLS security vulnerability, then please -send an email to the security team at -. - -## Security Incident Handling Process - -Our security process is detailed in our -[security -center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/). - -Its primary goal is to ensure fixes are ready to be deployed when the issue -goes public. - -## Maintained branches - -Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md), -get security fixes. -Users are urged to always use the latest version of a maintained branch. - -## Threat model - -We classify attacks based on the capabilities of the attacker. - -### Remote attacks - -In this section, we consider an attacker who can observe and modify data sent -over the network. This includes observing the content and timing of individual -packets, as well as suppressing or delaying legitimate messages, and injecting -messages. - -Mbed TLS aims to fully protect against remote attacks and to enable the user -application in providing full protection against remote attacks. Said -protection is limited to providing security guarantees offered by the protocol -being implemented. (For example Mbed TLS alone won't guarantee that the -messages will arrive without delay, as the TLS protocol doesn't guarantee that -either.) - -**Warning!** Block ciphers do not yet achieve full protection against attackers -who can measure the timing of packets with sufficient precision. For details -and workarounds see the [Block Ciphers](#block-ciphers) section. - -### Local attacks - -In this section, we consider an attacker who can run software on the same -machine. The attacker has insufficient privileges to directly access Mbed TLS -assets such as memory and files. - -#### Timing attacks - -The attacker is able to observe the timing of instructions executed by Mbed TLS -by leveraging shared hardware that both Mbed TLS and the attacker have access -to. Typical attack vectors include cache timings, memory bus contention and -branch prediction. - -Mbed TLS provides limited protection against timing attacks. The cost of -protecting against timing attacks widely varies depending on the granularity of -the measurements and the noise present. Therefore the protection in Mbed TLS is -limited. We are only aiming to provide protection against **publicly -documented attack techniques**. - -As attacks keep improving, so does Mbed TLS's protection. Mbed TLS is moving -towards a model of fully timing-invariant code, but has not reached this point -yet. - -**Remark:** Timing information can be observed over the network or through -physical side channels as well. Remote and physical timing attacks are covered -in the [Remote attacks](remote-attacks) and [Physical -attacks](physical-attacks) sections respectively. - -**Warning!** Block ciphers do not yet achieve full protection. For -details and workarounds see the [Block Ciphers](#block-ciphers) section. - -#### Local non-timing side channels - -The attacker code running on the platform has access to some sensor capable of -picking up information on the physical state of the hardware while Mbed TLS is -running. This could for example be an analogue-to-digital converter on the -platform that is located unfortunately enough to pick up the CPU noise. - -Mbed TLS doesn't make any security guarantees against local non-timing-based -side channel attacks. If local non-timing attacks are present in a use case or -a user application's threat model, they need to be mitigated by the platform. - -#### Local fault injection attacks - -Software running on the same hardware can affect the physical state of the -device and introduce faults. - -Mbed TLS doesn't make any security guarantees against local fault injection -attacks. If local fault injection attacks are present in a use case or a user -application's threat model, they need to be mitigated by the platform. - -### Physical attacks - -In this section, we consider an attacker who has access to physical information -about the hardware Mbed TLS is running on and/or can alter the physical state -of the hardware (e.g. power analysis, radio emissions or fault injection). - -Mbed TLS doesn't make any security guarantees against physical attacks. If -physical attacks are present in a use case or a user application's threat -model, they need to be mitigated by physical countermeasures. - -### Caveats - -#### Out-of-scope countermeasures - -Mbed TLS has evolved organically and a well defined threat model hasn't always -been present. Therefore, Mbed TLS might have countermeasures against attacks -outside the above defined threat model. - -The presence of such countermeasures don't mean that Mbed TLS provides -protection against a class of attacks outside of the above described threat -model. Neither does it mean that the failure of such a countermeasure is -considered a vulnerability. - -#### Block ciphers - -Currently there are four block ciphers in Mbed TLS: AES, CAMELLIA, ARIA and -DES. The pure software implementation in Mbed TLS implementation uses lookup -tables, which are vulnerable to timing attacks. - -These timing attacks can be physical, local or depending on network latency -even a remote. The attacks can result in key recovery. - -**Workarounds:** - -- Turn on hardware acceleration for AES. This is supported only on selected - architectures and currently only available for AES. See configuration options - `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details. -- Add a secure alternative implementation (typically hardware acceleration) for - the vulnerable cipher. See the [Alternative Implementations -Guide](docs/architecture/alternative-implementations.md) for more information. -- Use cryptographic mechanisms that are not based on block ciphers. In - particular, for authenticated encryption, use ChaCha20/Poly1305 instead of - block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG. - -#### Everest - -The HACL* implementation of X25519 taken from the Everest project only protects -against remote timing attacks. (See their [Security -Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) - -The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` -configuration option is defined. This option is off by default. diff --git a/SUPPORT.md b/SUPPORT.md deleted file mode 100644 index b550e08e5..000000000 --- a/SUPPORT.md +++ /dev/null @@ -1,16 +0,0 @@ -## Documentation - -Here are some useful sources of information about using Mbed TLS: - -- [ReadTheDocs](https://mbed-tls.readthedocs.io/); -- API documentation, see the [Documentation section of the - README](README.md#documentation); -- the `docs` directory in the source tree; -- the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/); -- the [Mbed TLS mailing-list - archives](https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/). - -## Asking Questions - -If you can't find your answer in the above sources, please use the [Mbed TLS -mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org). diff --git a/cmake/MbedTLSConfig.cmake.in b/cmake/MbedTLSConfig.cmake.in deleted file mode 100644 index b65bbaba5..000000000 --- a/cmake/MbedTLSConfig.cmake.in +++ /dev/null @@ -1,3 +0,0 @@ -@PACKAGE_INIT@ - -include("${CMAKE_CURRENT_LIST_DIR}/MbedTLSTargets.cmake") diff --git a/configs/README.txt b/configs/README.txt deleted file mode 100644 index 86496db01..000000000 --- a/configs/README.txt +++ /dev/null @@ -1,24 +0,0 @@ -This directory contains example configuration files. - -The examples are generally focused on a particular usage case (eg, support for -a restricted number of ciphersuites) and aim at minimizing resource usage for -this target. They can be used as a basis for custom configurations. - -These files are complete replacements for the default mbedtls_config.h. To use one of -them, you can pick one of the following methods: - -1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one. - -2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. - For example, using make: - - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" make - - Or, using cmake: - - find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" cmake . - make - -Note that the second method also works if you want to keep your custom -configuration file outside the Mbed TLS tree. diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h deleted file mode 100644 index 6712c331b..000000000 --- a/configs/config-ccm-psk-dtls1_2.h +++ /dev/null @@ -1,66 +0,0 @@ -/** - * \file config-ccm-psk-dtls1_2.h - * - * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites - * - * Distinguishing features: - * - Optimized for small code size, low bandwidth (on an unreliable transport), - * and low RAM usage. - * - No asymmetric cryptography (no certificates, no Diffie-Hellman key - * exchange). - * - Fully modern and secure (provided the pre-shared keys are generated and - * stored securely). - * - Very low record overhead with CCM-8. - * - Includes several optional DTLS features typically used in IoT. - * - * See README.txt for usage instructions. - */ - -/* Mbed TLS modules */ -#define MBEDTLS_NET_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_TIMING_C - -/* TLS protocol feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#define MBEDTLS_SSL_DTLS_CONNECTION_ID -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/* - * Use only CCM_8 ciphersuites, and - * save ROM and a few bytes of RAM by specifying our own ciphersuite list - */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The optimal size here depends on the typical size of records. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 256 -#define MBEDTLS_SSL_OUT_CONTENT_LEN 256 - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* Error messages and TLS debugging traces - * (huge code size increase, needed for tests/ssl-opt.sh) */ -//#define MBEDTLS_DEBUG_C -//#define MBEDTLS_ERROR_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h deleted file mode 100644 index 5fb67fe4b..000000000 --- a/configs/config-ccm-psk-tls1_2.h +++ /dev/null @@ -1,58 +0,0 @@ -/** - * \file config-ccm-psk-tls1_2.h - * - * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - * - * Distinguishing features: - * - Optimized for small code size, low bandwidth (on a reliable transport), - * and low RAM usage. - * - No asymmetric cryptography (no certificates, no Diffie-Hellman key - * exchange). - * - Fully modern and secure (provided the pre-shared keys are generated and - * stored securely). - * - Very low record overhead with CCM-8. - * - * See README.txt for usage instructions. - */ - -/* Mbed TLS modules */ -#define MBEDTLS_NET_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* TLS protocol feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* - * Use only CCM_8 ciphersuites, and - * save ROM and a few bytes of RAM by specifying our own ciphersuite list - */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The optimal size here depends on the typical size of records. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 -#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 - - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* Error messages and TLS debugging traces - * (huge code size increase, needed for tests/ssl-opt.sh) */ -//#define MBEDTLS_DEBUG_C -//#define MBEDTLS_ERROR_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h deleted file mode 100644 index c08d5d1a6..000000000 --- a/configs/config-suite-b.h +++ /dev/null @@ -1,53 +0,0 @@ -/** - * \file config-suite-b.h - * - * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - optimized for low RAM usage - * - * Possible improvements: - * - if 128-bit security is enough, disable secp384r1 and SHA-512 - * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C - * - * See README.txt for usage instructions. - */ - -/* Mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* Mbed TLS modules */ -#define MBEDTLS_NET_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The minimum size here depends on the certificate chain used as well as the - * typical size of records. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 -#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 - -/* Error messages and TLS debugging traces - * (huge code size increase, needed for tests/ssl-opt.sh) */ -//#define MBEDTLS_DEBUG_C -//#define MBEDTLS_ERROR_C diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h deleted file mode 100644 index 606f4a1bf..000000000 --- a/configs/config-symmetric-only.h +++ /dev/null @@ -1,16 +0,0 @@ -/** - * \file config-symmetric-only.h - * - * \brief Configuration without any asymmetric cryptography. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Mbed TLS feature support */ -#define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_VERSION_FEATURES - -#define MBEDTLS_TIMING_C -#define MBEDTLS_VERSION_C diff --git a/configs/config-tfm.h b/configs/config-tfm.h deleted file mode 100644 index 8733831b4..000000000 --- a/configs/config-tfm.h +++ /dev/null @@ -1,12 +0,0 @@ -/** - * \file config-tfm.h - * - * \brief TF-M medium profile, adapted to work on other platforms. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* TF-M medium profile: mbedtls legacy configuration */ -#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h" diff --git a/configs/config-thread.h b/configs/config-thread.h deleted file mode 100644 index 95f588edd..000000000 --- a/configs/config-thread.h +++ /dev/null @@ -1,43 +0,0 @@ -/** - * \file config-thread.h - * - * \brief Minimal configuration for using TLS as part of Thread - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * Minimal configuration for using TLS a part of Thread - * http://threadgroup.org/ - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - no X.509 - * - support for experimental EC J-PAKE key exchange - * - * To be used in conjunction with configs/crypto-config-thread.h. - * See README.txt for usage instructions. - */ - -/* Mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/* Mbed TLS modules */ -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* For tests using ssl-opt.sh */ -#define MBEDTLS_NET_C -#define MBEDTLS_TIMING_C - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h deleted file mode 100644 index be8a7467e..000000000 --- a/configs/crypto-config-ccm-aes-sha256.h +++ /dev/null @@ -1,28 +0,0 @@ -/** - * \file configs/crypto-config-ccm-aes-sha256.h - * - * \brief PSA crypto configuration with only symmetric cryptography: CCM-AES, - * SHA-256 and key derivation (uses HMAC). - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 - - -#define MBEDTLS_PSA_CRYPTO_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h deleted file mode 100644 index e4de8b3fb..000000000 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ /dev/null @@ -1,45 +0,0 @@ -/** - * \file crypto-config-ccm-psk-tls1_2.h - * - * \brief Minimal crypto configuration for TLS 1.2 with - * PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * To be used in conjunction with configs/config-ccm-psk-tls1_2.h - * or configs/config-ccm-psk-dtls1_2.h. */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 - -#define PSA_WANT_KEY_TYPE_AES 1 - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ -/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ - -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h deleted file mode 100644 index 3eea06126..000000000 --- a/configs/crypto-config-suite-b.h +++ /dev/null @@ -1,79 +0,0 @@ -/** - * \file crypto-config-symmetric-only.h - * - * \brief \brief Minimal crypto configuration for - * TLS NSA Suite B Profile (RFC 6460). - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460) - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - optimized for low RAM usage - * - * Possible improvements: - * - if 128-bit security is enough, disable secp384r1 and SHA-512 - * - * To be used in conjunction with configs/config-suite-b.h. */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_384 1 -#define PSA_WANT_ALG_TLS12_PRF 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME - -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C - -/* For test certificates */ -#define MBEDTLS_BASE64_C -#define MBEDTLS_PEM_PARSE_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes - -/* Save RAM at the expense of speed, see ecp.h */ -#define MBEDTLS_ECP_WINDOW_SIZE 2 -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 - -/* Significant speed benefit at the expense of some ROM */ -#define MBEDTLS_ECP_NIST_OPTIM - -/* - * You should adjust this to the exact number of sources you're using: default - * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-symmetric-only.h b/configs/crypto-config-symmetric-only.h deleted file mode 100644 index dfe9e8125..000000000 --- a/configs/crypto-config-symmetric-only.h +++ /dev/null @@ -1,91 +0,0 @@ -/** - * \file crypto-config-symmetric-only.h - * - * \brief Crypto configuration without any asymmetric cryptography. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * To be used in conjunction with configs/config-symmetric-only.h. */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CBC_NO_PADDING 1 -#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_CFB 1 -#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define PSA_WANT_ALG_CMAC 1 -#define PSA_WANT_ALG_CTR 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_HKDF_EXTRACT 1 -#define PSA_WANT_ALG_HKDF_EXPAND 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_MD5 1 -#define PSA_WANT_ALG_OFB 1 -#define PSA_WANT_ALG_RIPEMD160 1 -#define PSA_WANT_ALG_SHA_1 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define PSA_WANT_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA3_224 1 -#define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 - -/* XTS is not yet supported via the PSA API in Mbed TLS. */ -//#define PSA_WANT_ALG_XTS 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ARIA 1 -#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -#define PSA_WANT_KEY_TYPE_CHACHA20 1 -#define PSA_WANT_KEY_TYPE_DES 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 - -#define MBEDTLS_SELF_TEST - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -//#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_HAVE_TIME_DATE - -#define MBEDTLS_FS_IO -#define MBEDTLS_ENTROPY_NV_SEED - -/* Mbed TLS modules */ -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_ERROR_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_NIST_KW_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_WRITE_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PKCS12_C -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PSA_CRYPTO_SE_C -#define MBEDTLS_PSA_CRYPTO_STORAGE_C -#define MBEDTLS_PSA_ITS_FILE_C - -//#define MBEDTLS_THREADING_C - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h deleted file mode 100644 index f71b1f079..000000000 --- a/configs/crypto-config-thread.h +++ /dev/null @@ -1,70 +0,0 @@ -/** - * \file crypto-config-thread.h - * - * \brief Minimal crypto configuration for using TLS as part of Thread - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * Minimal crypto configuration for using TLS as part of Thread - * http://threadgroup.org/ - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - no X.509 - * - support for experimental EC J-PAKE key exchange - * - support for PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching - * algorithm. - * - * To be used in conjunction with configs/config-thread.h. - * See README.txt for usage instructions. - */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_JPAKE 1 -#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -#define PSA_WANT_ECC_SECP_R1_256 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -#define MBEDTLS_HAVE_ASM - -#define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ECP_NIST_OPTIM - -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/ext/README.md b/configs/ext/README.md deleted file mode 100644 index b07cbc18c..000000000 --- a/configs/ext/README.md +++ /dev/null @@ -1,26 +0,0 @@ -Summary -------- - -The two files: - -* crypto_config_profile_medium.h -* tfm_mbedcrypto_config_profile_medium.h - -are copyright The Mbed TLS Contributors, and are distributed under the license normally -used by Mbed TLS: a dual Apache 2.0 or GPLv2-or-later license. - -Background ----------- - -The two files crypto_config_profile_medium.h and tfm_mbedcrypto_config_profile_medium.h -are taken verbatim from the TF-M source code here: - -https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcrypto/mbedcrypto_config - -In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top of the files. - -In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors. - -We only retain the note at the top of the files because the intent is to take these files verbatim, -for ease of maintenance. Currently however, they contain changes, showing how these configurations -will need to be adapted for 4.0. diff --git a/configs/ext/config_tfm.h b/configs/ext/config_tfm.h deleted file mode 100644 index 60d855ed5..000000000 --- a/configs/ext/config_tfm.h +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Empty placeholder - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * This file is intentionally empty. - * - * Having an empty file here allows us to build the TF-M config, which references this file, - * without making any changes to the TF-M config. - */ diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h deleted file mode 100644 index 67de4c0fd..000000000 --- a/configs/ext/crypto_config_profile_medium.h +++ /dev/null @@ -1,705 +0,0 @@ -/* - * Copyright (c) 2018-2023, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ -/** - * \file psa/crypto_config.h - * \brief PSA crypto configuration options (set of defines) - * - */ - -#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H -#define PROFILE_M_PSA_CRYPTO_CONFIG_H - -/** - * \name SECTION: Platform abstraction layer - * - * This section sets platform specific settings. - * \{ - */ - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other modules rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default Mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling #MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * An overview of how the value of mbedtls_calloc is determined: - * - * - if !MBEDTLS_PLATFORM_MEMORY - * - mbedtls_calloc = calloc - * - if MBEDTLS_PLATFORM_MEMORY - * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): - * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO - * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): - * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC. - * - How is MBEDTLS_PLATFORM_STD_CALLOC handled? - * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: - * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything; - * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present; - * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: - * - if MBEDTLS_PLATFORM_STD_CALLOC is present: - * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected; - * - if !MBEDTLS_PLATFORM_STD_CALLOC: - * - MBEDTLS_PLATFORM_STD_CALLOC = calloc - * - * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked. - * - if !MBEDTLS_PLATFORM_STD_CALLOC - * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc - * - * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC. - * - * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible. - * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time. - * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used, - * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases. - * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer. - * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -#define MBEDTLS_PLATFORM_PRINTF_ALT - -/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ - -#include - -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE -#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS - -#define MBEDTLS_PLATFORM_STD_MEM_HDR - -/** \} name SECTION: Platform abstraction layer */ - -/** - * \name SECTION: SECTION Cryptographic mechanism selection (PSA API) - * - * This section sets PSA API settings. - * \{ - */ -/* - * CBC-MAC is not yet supported via the PSA API in Mbed TLS. - */ -//#define PSA_WANT_ALG_CBC_MAC 1 -//#define PSA_WANT_ALG_CBC_NO_PADDING 1 -//#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -//#define PSA_WANT_ALG_CMAC 1 -//#define PSA_WANT_ALG_CFB 1 -//#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -//#define PSA_WANT_ALG_CTR 1 -//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -//#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_ECDSA 1 -//#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_HMAC 1 -//#define PSA_WANT_ALG_MD5 1 -//#define PSA_WANT_ALG_OFB 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_PBKDF2_HMAC 1 -//#define PSA_WANT_ALG_RIPEMD160 1 -//#define PSA_WANT_ALG_RSA_OAEP 1 -//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 -//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -//#define PSA_WANT_ALG_RSA_PSS 1 -//#define PSA_WANT_ALG_SHA_1 1 -#define PSA_WANT_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_256 1 -//#define PSA_WANT_ALG_SHA_384 1 -//#define PSA_WANT_ALG_SHA_512 1 -//#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_XTS 1 - -//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 -//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 -//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 -//#define PSA_WANT_ECC_MONTGOMERY_255 1 -//#define PSA_WANT_ECC_MONTGOMERY_448 1 -//#define PSA_WANT_ECC_SECP_K1_192 1 -/* - * SECP224K1 is buggy via the PSA API in Mbed TLS - * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by - * default. - */ -//#define PSA_WANT_ECC_SECP_K1_224 1 -//#define PSA_WANT_ECC_SECP_K1_256 1 -//#define PSA_WANT_ECC_SECP_R1_192 1 -//#define PSA_WANT_ECC_SECP_R1_224 1 -#define PSA_WANT_ECC_SECP_R1_256 1 -//#define PSA_WANT_ECC_SECP_R1_384 1 -//#define PSA_WANT_ECC_SECP_R1_521 1 - -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 -#define PSA_WANT_KEY_TYPE_AES 1 -//#define PSA_WANT_KEY_TYPE_ARIA 1 -//#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -//#define PSA_WANT_KEY_TYPE_CHACHA20 1 -//#define PSA_WANT_KEY_TYPE_DES 1 -//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ -//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 - -/* - * The following symbols extend and deprecate the legacy - * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in - * the name's suffix. "_USE" is the most generic and it can be used to describe - * a generic suport, whereas other ones add more features on top of that and - * they are more specific. - */ -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 - -/** \} name SECTION Cryptographic mechanism selection (PSA API) */ - -/** - * \name SECTION: PSA core - * - * This section sets PSA specific settings. - * \{ - */ - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Enable the non-volatile (NV) seed file-based entropy source. - * (Also enables the NV seed read/write functions in the platform layer) - * - * This is crucial (if not required) on systems that do not have a - * cryptographic entropy source (in hardware or kernel) available. - * - * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C - * - * \note The read/write functions that are used by the entropy source are - * determined in the platform layer, and can be modified at runtime and/or - * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. - * - * \note If you use the default implementation functions that read a seedfile - * with regular fopen(), please make sure you make a seedfile with the - * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at - * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! The default - * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE - * bytes from the file. - * - * \note The entropy collector will write to the seed file before entropy is - * given to an external source, to update it. - */ -#define MBEDTLS_ENTROPY_NV_SEED - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_PSA_CRYPTO_C - * - * Enable the Platform Security Architecture cryptography API. - * - * Module: library/psa_crypto.c - * - * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher - * is enabled in PSA (unless it's fully accelerated, see - * docs/driver-only-builds.md about that). - */ -#define MBEDTLS_PSA_CRYPTO_C - -/** - * \def MBEDTLS_PSA_CRYPTO_SPM - * - * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure - * Partition Manager) integration which separates the code into two parts: a - * NSPE (Non-Secure Process Environment) and an SPE (Secure Process - * Environment). - * - * If you enable this option, your build environment must include a header - * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS - * header files, or in another directory on the compiler's include search - * path). Alternatively, your platform may customize the header - * `psa/crypto_platform.h`, in which case it can skip or replace the - * inclusion of `"crypto_spe.h"`. - * - * Module: library/psa_crypto.c - * Requires: MBEDTLS_PSA_CRYPTO_C - * - */ -#define MBEDTLS_PSA_CRYPTO_SPM - -/** - * \def MBEDTLS_PSA_CRYPTO_STORAGE_C - * - * Enable the Platform Security Architecture persistent key storage. - * - * Module: library/psa_crypto_storage.c - * - * Requires: MBEDTLS_PSA_CRYPTO_C, - * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of - * the PSA ITS interface - */ -#define MBEDTLS_PSA_CRYPTO_STORAGE_C - -/** \} name SECTION: PSA core */ - -/** - * \name SECTION: Builtin drivers - * - * This section sets driver specific settings. - * \{ - */ - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Use precomputed AES tables stored in ROM. - * - * Uncomment this macro to use precomputed AES tables stored in ROM. - * Comment this macro to generate AES tables in RAM at runtime. - * - * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb - * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * initialization time before the first AES operation can be performed. - * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c - * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded - * performance if ROM access is slower than RAM access. - * - * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - */ -#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_AES_FEWER_TABLES - * - * Use less ROM/RAM for AES tables. - * - * Uncommenting this macro omits 75% of the AES tables from - * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) - * by computing their values on the fly during operations - * (the tables are entry-wise rotations of one another). - * - * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by ~6kb but at the cost of more arithmetic operations during - * runtime. Specifically, one has to compare 4 accesses within - * different tables to 4 accesses with additional arithmetic - * operations within the same table. The performance gain/loss - * depends on the system and memory details. - * - * This option is independent of \c MBEDTLS_AES_ROM_TABLES. - */ -#define MBEDTLS_AES_FEWER_TABLES - -/** - * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - * - * Use only 128-bit keys in AES operations to save ROM. - * - * Uncomment this macro to remove support for AES operations that use 192- - * or 256-bit keys. - * - * Uncommenting this macro reduces the size of AES code by ~300 bytes - * on v8-M/Thumb2. - * - * Module: library/aes.c - * - * Requires: MBEDTLS_AES_C - */ -#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/aesni.h - * library/aria.c - * library/bn_mul.h - * library/constant_time.c - * - * Required by: - * MBEDTLS_AESCE_C - * MBEDTLS_AESNI_C (on some platforms) - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * Uncomment to enable p256-m. This is an alternative implementation of - * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. - * Compared to the default implementation: - * - * - p256-m has a much smaller code size and RAM footprint. - * - p256-m is only available via the PSA API. This includes the pk module. - * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols - * over the core arithmetic, or deterministic derivation of keys. - * - * We recommend enabling this option if your application uses the PSA API - * and the only elliptic curve support it needs is ECDH and ECDSA over - * SECP256R1. - * - * If you enable this option, you do not need to enable any ECC-related - * MBEDTLS_xxx option. You do need to separately request support for the - * cryptographic mechanisms through the PSA API: - * - #MBEDTLS_PSA_CRYPTO_C for PSA-based configuration; - * - #PSA_WANT_ECC_SECP_R1_256; - * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; - * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. - * - * \note To benefit from the smaller code size of p256-m, make sure that you - * do not enable any ECC-related option not supported by p256-m: this - * would cause the built-in ECC implementation to be built as well, in - * order to provide the required option. - * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than - * SECP256R1 are disabled as they are not supported by this driver. - * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or - * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of - * the built-in ECC implementation, see docs/driver-only-builds.md. - */ -#define MBEDTLS_PSA_P256M_DRIVER_ENABLED - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -#define MBEDTLS_SHA256_SMALLER - -/* ECP options */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */ - -/** \} name SECTION: Builtin drivers */ - -/** - * \name SECTION: Legacy cryptography - * - * This section sets legacy settings. - * \{ - */ - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/cipher.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ccm.c - * library/cmac.c - * library/gcm.c - * library/nist_kw.c - * library/pkcs12.c - * library/pkcs5.c - * library/psa_crypto_aead.c - * library/psa_crypto_mac.c - * library/ssl_ciphersuites.c - * library/ssl_msg.c - * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled - * (see the documentation of that option for details). - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-based random generator. - * The CTR_DRBG generator uses AES-256 by default. - * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. - * - * AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA. - * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA - * is used. - * - * \warning When using PSA, the user should call `psa_crypto_init()` before - * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`). - * - * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. - * - * \note To achieve a 256-bit security strength with CTR_DRBG, - * you must use AES-256 *and* use sufficient entropy. - * See ctr_drbg.h for more details. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C or - * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and - * MBEDTLS_PSA_CRYPTO_C) - * - * This module provides the CTR_DRBG AES random number generator. - */ -#define MBEDTLS_CTR_DRBG_C -/** \} name SECTION: Legacy cryptography */ - -/***********************************************************/ -/* Tweak the configuration to remove dependencies on TF-M. */ -/***********************************************************/ - -/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ -#undef MBEDTLS_PSA_CRYPTO_SPM - -/* Disable buffer-based memory allocator. This isn't strictly required, - * but using the native allocator is faster and works better with - * memory management analysis frameworks such as ASan. */ -#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C - -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -#undef MBEDTLS_PSA_CRYPTO_STORAGE_C - -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -#undef MBEDTLS_ENTROPY_NV_SEED - -// These platform-related TF-M settings are not useful here. -#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#undef MBEDTLS_PLATFORM_STD_MEM_HDR -#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO -#undef MBEDTLS_PLATFORM_PRINTF_ALT -#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS -#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE - -/* - * In order to get an example config that works cleanly out-of-the-box - * for both baremetal and non-baremetal builds, we detect baremetal builds - * (either IAR, Arm compiler or __ARM_EABI__ defined), and adjust some - * variables accordingly. - */ -#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARMCC_VERSION) || defined(__ARM_EABI__) -#define MBEDTLS_NO_PLATFORM_ENTROPY -#else -/* Use built-in platform entropy functions (TF-M provides its own). */ -#undef MBEDTLS_NO_PLATFORM_ENTROPY -#endif - -/*********************************************************************** - * Local changes to crypto config below this delimiter - **********************************************************************/ - -// We expect TF-M to pick this up soon -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - -/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it - * does not need CIPHER_C to be enabled, so we can disable it in order - * to reduce code size further. */ -#undef MBEDTLS_CIPHER_C - -#if CRYPTO_NV_SEED -#include "tfm_mbedcrypto_config_extra_nv_seed.h" -#endif /* CRYPTO_NV_SEED */ - -#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) -#include "mbedtls_entropy_nv_seed_config.h" -#endif - -#ifdef CRYPTO_HW_ACCELERATOR -#include "crypto_accelerator_config.h" -#endif - -#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ diff --git a/configs/ext/mbedtls_entropy_nv_seed_config.h b/configs/ext/mbedtls_entropy_nv_seed_config.h deleted file mode 100644 index 60d855ed5..000000000 --- a/configs/ext/mbedtls_entropy_nv_seed_config.h +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Empty placeholder - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * This file is intentionally empty. - * - * Having an empty file here allows us to build the TF-M config, which references this file, - * without making any changes to the TF-M config. - */ diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h deleted file mode 100644 index ee62cf6e0..000000000 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ /dev/null @@ -1,85 +0,0 @@ -/** - * \file config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef PROFILE_M_MBEDTLS_CONFIG_H -#define PROFILE_M_MBEDTLS_CONFIG_H - -#include "config_tfm.h" - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -/** - * \name SECTION: General configuration options - * - * This section contains Mbed TLS build settings that are not associated - * with a particular module. - * - * \{ - */ - -/** - * \def MBEDTLS_CONFIG_FILE - * - * If defined, this is a header which will be included instead of - * `"mbedtls/mbedtls_config.h"`. - * This header file specifies the compile-time configuration of Mbed TLS. - * Unlike other configuration options, this one must be defined on the - * compiler command line: a definition in `mbedtls_config.h` would have - * no effect. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" - -/** - * \def MBEDTLS_USER_CONFIG_FILE - * - * If defined, this is a header which will be included after - * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. - * This allows you to modify the default configuration, including the ability - * to undefine options that are enabled by default. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" - -/** \} name SECTION: General configuration options */ - -#endif /* PROFILE_M_MBEDTLS_CONFIG_H */ diff --git a/dco.txt b/dco.txt deleted file mode 100644 index 8201f9921..000000000 --- a/dco.txt +++ /dev/null @@ -1,37 +0,0 @@ -Developer Certificate of Origin -Version 1.1 - -Copyright (C) 2004, 2006 The Linux Foundation and its contributors. -1 Letterman Drive -Suite D4700 -San Francisco, CA, 94129 - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - - -Developer's Certificate of Origin 1.1 - -By making a contribution to this project, I certify that: - -(a) The contribution was created in whole or in part by me and I - have the right to submit it under the open source license - indicated in the file; or - -(b) The contribution is based upon previous work that, to the best - of my knowledge, is covered under an appropriate open source - license and I have the right under that license to submit that - work with modifications, whether created in whole or in part - by me, under the same open source license (unless I am - permitted to submit under a different license), as indicated - in the file; or - -(c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified - it. - -(d) I understand and agree that this project and the contribution - are public and that a record of the contribution (including all - personal information I submit with it, including my sign-off) is - maintained indefinitely and may be redistributed consistent with - this project or the open source license(s) involved. diff --git a/docs/.gitignore b/docs/.gitignore deleted file mode 100644 index 11f197bc3..000000000 --- a/docs/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.html -*.pdf -_build/ -api/ diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md deleted file mode 100644 index 63a13ad87..000000000 --- a/docs/3.0-migration-guide.md +++ /dev/null @@ -1,1039 +0,0 @@ -# Migrating from Mbed TLS 2.x to Mbed TLS 3.0 - -This guide details the steps required to migrate from Mbed TLS version 2.x to -Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks -compatibility with previous versions, so users (and alt implementers) might -need to change their own code in order to make it work with Mbed TLS 3.0. - -Here's the list of breaking changes; each entry should help you answer these -two questions: (1) am I affected? (2) if yes, what's my migration path? - -The changes are detailed below, and include: - -- Removal of many insecure or obsolete features -- Tidying up of configuration options (including removing some less useful options). -- Changing function signatures, e.g. adding return codes, adding extra parameters, or making some arguments const. -- Removal of functions, macros, and types previously marked as deprecated. - -Much of the information needed to determine a migration path can be found in the Mbed TLS 2.x documentation. - - -## Accessing the Mbed TLS 2.x documentation - -For features previously marked as deprecated, Mbed TLS 2.x documentation may -explain how to upgrade, and should be referred to when migrating code. Where a -migration path is not provided in prior documentation, changes made and the -upgrade steps required will be explained later in this guide. - -It's best to use the latest version of Mbed TLS 2.x for this purpose, which is the 2.28 LTS release. -So to generate the documentation, checkout the `mbedtls-2.28` branch and follow -the instructions in the [Documentation section of the README](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-2.28/README.md#documentation). -Then browse `apidoc/deprecated.html` for guidance on upgrading deprecated code. - -For some deprecated functions, 2.x documentation will suggest using a variant -suffixed with `_ret`. In Mbed TLS 3.x, this change may not be required, as most -of these variants have been renamed without the suffix. The section -[Rename mbedtls_*_ret...](#rename-mbedtls__ret-cryptography-functions-whose-deprecated-variants-have-been-removed) -has further detail on which functions this applies to. - - -## General changes - -### Introduce a level of indirection and versioning in the config files - -`config.h` was split into `build_info.h` and `mbedtls_config.h`. - -* In code, use `#include `. Don't include `mbedtls/config.h` and don't refer to `MBEDTLS_CONFIG_FILE`. -* In build tools, edit `mbedtls_config.h`, or edit `MBEDTLS_CONFIG_FILE` as before. -* If you had a tool that parsed the library version from `include/mbedtls/version.h`, this has moved to `include/mbedtls/build_info.h`. From C code, both headers now define the `MBEDTLS_VERSION_xxx` macros. - -Also, if you have a custom configuration file: - -* Don't include `check_config.h` or `config_psa.h` anymore. -* Don't define `MBEDTLS_CONFIG_H` anymore. - -A config file version symbol, `MBEDTLS_CONFIG_VERSION` was introduced. -Defining it to a particular value will ensure that Mbed TLS interprets -the config file in a way that's compatible with the config file format -used by the Mbed TLS release whose `MBEDTLS_VERSION_NUMBER` has the same -value. -The only value supported by Mbed TLS 3.0.0 is `0x03000000`. - -### Most structure fields are now private - -Direct access to fields of structures (`struct` types) declared in public headers is no longer supported. In Mbed TLS 3, the layout of structures is not considered part of the stable API, and minor versions (3.1, 3.2, etc.) may add, remove, rename, reorder or change the type of structure fields. - -There is a small number of exceptions where some fields are guaranteed to remain stable throughout the lifetime of Mbed TLS 3.x. These fields are explicitly documented as public. Please note that even if all the fields of a structure are public, future versions may add new fields. Also, as before, some public fields should be considered read-only, since modifying them may make the structure inconsistent; check the documentation in each case. - -Attempting to access a private field directly will result in a compilation error. - -If you were accessing structure fields directly, and these fields are not documented as public, you need to change your code. If an accessor (getter/setter) function exists, use that. Direct accessor functions are usually called `mbedtls__{get,set}_` or `mbedtls___{get,set}_`. Accessor functions that change the format may use different verbs, for example `read`/`write` for functions that import/export data from/to a text or byte string. - -If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). - -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. - -### Move part of timing module out of the library - -The change affects users who use any of the following functions: -`mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`, -`mbedtls_timing_hardclock()` and `mbedtls_set_alarm()`. - -If you were relying on these functions, you'll now need to change to using your -platform's corresponding functions directly. - -### Deprecated net.h file was removed - -The file `include/mbedtls/net.h` was removed because its only function was to -include `mbedtls/net_sockets.h` which now should be included directly. - -### Remove `MBEDTLS_CHECK_PARAMS` option - -This change does not affect users who use the default configuration; it only -affects users who enabled that option. - -The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enabled certain kinds -of “parameter validation”. It covered two kinds of validations: - -- In some functions that require a valid pointer, “parameter validation” checks -that the pointer is non-null. With the feature disabled, a null pointer is not -treated differently from any other invalid pointer, and typically leads to a -runtime crash. 90% of the uses of the feature are of this kind. -- In some functions that take an enum-like argument, “parameter validation” -checks that the value is a valid one. With the feature disabled, an invalid -value causes a silent default to one of the valid values. - -The default reaction to a failed check was to call a function -`mbedtls_param_failed()` which the application had to provide. If this function -returned, its caller returned an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`. - -This feature was only used in some classic (non-PSA) cryptography modules. It was -not used in X.509, TLS or in PSA crypto, and it was not implemented in all -classic crypto modules. - -This feature has been removed. The library no longer checks for NULL pointers; -checks for enum-like arguments will be kept or re-introduced on a case-by-case -basis, but their presence will no longer be dependent on a compile-time option. - -Validation of enum-like values is somewhat useful, but not extremely important, -because the parameters concerned are usually constants in applications. - -For more information see issue #4313. - -### Remove the `MBEDTLS_TEST_NULL_ENTROPY` configuration option - -This does not affect users who use the default `mbedtls_config.h`, as this option was -already off by default. - -If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform -doesn't have any entropy source, you should use `MBEDTLS_ENTROPY_NV_SEED` -and make sure your device is provisioned with a strong random seed. -Alternatively, for testing purposes only, you can create and register a fake -entropy function. - -### Remove the HAVEGE module - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects users who called the HAVEGE modules directly (not -recommended), or users who used it through the entropy module but had it as the -only source of entropy. If you're in that case, please declare OS or hardware -RNG interfaces with `mbedtls_entropy_add_source()` and/or use an entropy seed -file created securely during device provisioning. See - for more -information. - -### Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0 - -This only affects people who've been using Mbed TLS since before version 2.0 -and still relied on `compat-1.3.h` in their code. - -Please use the new names directly in your code; `scripts/rename.pl` (from any -of the 2.x releases — no longer included in 3.0) might help you do that. - - -## Low-level crypto - -Please also refer to the section [High-level crypto](#high-level-crypto) for -changes that could sit in either category. - -### Deprecated functions were removed from bignum - -The function `mbedtls_mpi_is_prime()` was removed. Please use -`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the -number of Miller-Rabin rounds. - -### Deprecated functions were removed from DRBGs - -The functions `mbedtls_ctr_drbg_update_ret()` and `mbedtls_hmac_drbg_update_ret()` -were renamed to replace the corresponding functions without `_ret` appended. Please call -the name without `_ret` appended and check the return value. - -### Deprecated hex-encoded primes were removed from DHM - -The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, -`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`, -`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`, -`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were -removed. The primes from RFC 5114 are deprecated because their derivation is not -documented and therefore their usage constitutes a security risk; they are fully -removed from the library. Please use parameters from RFC 3526 (still in the -library, only in binary form) or RFC 7919 (also available in the library) or -other trusted sources instead. - -### Deprecated functions were removed from hashing modules - -Modules: MD5, SHA1, SHA256, SHA512, MD. - -- The functions `mbedtls_xxx_starts_ret()`, `mbedtls_xxx_update_ret()`, - `mbedtls_xxx_finish_ret()` and `mbedtls_xxx_ret()` were renamed to replace - the corresponding functions without `_ret` appended. Please call the name without `_ret` appended and check the return value. -- The function `mbedtls_md_init_ctx()` was removed; please use - `mbedtls_md_setup()` instead. -- The functions `mbedtls_xxx_process()` were removed. You normally don't need - to call that from application code. However if you do (or if you want to - provide your own version of that function), please use - `mbedtls_internal_xxx_process()` instead, and check the return value. - -### Change `MBEDTLS_ECP_FIXED_POINT_OPTIM` behavior - -The option `MBEDTLS_ECP_FIXED_POINT_OPTIM` now increases code size and it does -not increase peak RAM usage anymore. - -If you are limited by code size, you can define `MBEDTLS_ECP_FIXED_POINT_OPTIM` -to `0` in your config file. The impact depends on the number and size of -enabled curves. For example, for P-256 the difference is 1KB; see the documentation -of this option for details. - -### Separated `MBEDTLS_SHA224_C` and `MBEDTLS_SHA256_C` - -This does not affect users who use the default `mbedtls_config.h`. `MBEDTLS_SHA256_C` -was enabled by default. Now both `MBEDTLS_SHA256_C` and `MBEDTLS_SHA224_C` are -enabled. - -If you were using custom config file with `MBEDTLS_SHA256_C` enabled, then -you will need to add `#define MBEDTLS_SHA224_C` option to your config. -Current version of the library does not support enabling `MBEDTLS_SHA256_C` -without `MBEDTLS_SHA224_C`. - -### Replaced `MBEDTLS_SHA512_NO_SHA384` with `MBEDTLS_SHA384_C` - -This does not affect users who use the default `mbedtls_config.h`. -`MBEDTLS_SHA512_NO_SHA384` was disabled by default, now `MBEDTLS_SHA384_C` is -enabled by default. - -If you were using a config file with both `MBEDTLS_SHA512_C` and -MBEDTLS_SHA512_NO_SHA384, then just remove the `MBEDTLS_SHA512_NO_SHA384`. -If you were using a config file with `MBEDTLS_SHA512_C` and without -`MBEDTLS_SHA512_NO_SHA384` and you need the SHA-384 algorithm, then add -`#define MBEDTLS_SHA384_C` to your config file. - -### GCM multipart interface: application changes - -The GCM module now supports arbitrary chunked input in the multipart interface. -This changes the interface for applications using the GCM module directly for multipart operations. -Applications using one-shot GCM or using GCM via the `mbedtls_cipher_xxx` or `psa_aead_xxx` interfaces do not require any changes. - -* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). Call the new function `mbedtls_gcm_update_ad()` to pass the associated data. -* `mbedtls_gcm_update()` now takes an extra parameter to indicate the actual output length. In Mbed TLS 2.x, applications had to pass inputs consisting of whole 16-byte blocks except for the last block (this limitation has been lifted). In this case: - * As long as the input remains block-aligned, the output length is exactly the input length, as before. - * If the length of the last input is not a multiple of 16, alternative implementations may return the last partial block in the call to `mbedtls_gcm_finish()` instead of returning it in the last call to `mbedtls_gcm_update()`. -* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block. This is needed for alternative implementations that can only process a whole block at a time. - -### GCM interface changes: impact for alternative implementations - -The GCM multipart interface has changed as described in [“GCM multipart interface: application changes”](#gcm-multipart-interface-application-changes). The consequences for an alternative implementation of GCM (`MBEDTLS_GCM_ALT`) are as follows: - -* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). The new function `mbedtls_gcm_update_ad()` receives the associated data. It may be called multiple times. -* `mbedtls_gcm_update()` now allows arbitrary-length inputs, takes an extra parameter to indicate the actual output length. Alternative implementations may choose between two modes: - * Always return the partial output immediately, even if it does not consist of a whole number of blocks. - * Buffer the data for the last partial block, to be returned in the next call to `mbedtls_gcm_update()` or `mbedtls_gcm_finish()`. -* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block if needed. - -### The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed - -This doesn't affect users of the default configuration; it only affects people -who were explicitly setting this option. - -This was a trade-off between code size and countermeasures; it is no longer -relevant as the countermeasure is now always on at no cost in code size. - -### SHA-512 and SHA-256 output type change - -The output parameter of `mbedtls_sha256_finish()`, `mbedtls_sha256()`, `mbedtls_sha512_finish()`, `mbedtls_sha512()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer. - -This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. - -Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly. - -### Deprecated error codes for hardware failures were removed - -- The macros `MBEDTLS_ERR_xxx_FEATURE_UNAVAILABLE` from various crypto modules - were removed; `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used - instead. -- The macro `MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION` was removed; - `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used instead. -- The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules - were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead. - -### Deprecated error codes for invalid input data were removed - -- The macros `MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH` from ARIA and Camellia - modules were removed; `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` is now used instead. - -### Remove the mode parameter from RSA functions - -This affects all users who use the RSA encrypt, decrypt, sign and -verify APIs. - -The RSA module no longer supports private-key operations with the public key or -vice versa. As a consequence, RSA operation functions no longer have a mode -parameter. If you were calling RSA operations with the normal mode (public key -for verification or encryption, private key for signature or decryption), remove -the `MBEDTLS_RSA_PUBLIC` or `MBEDTLS_RSA_PRIVATE` argument. If you were calling -RSA operations with the wrong mode, which rarely makes sense from a security -perspective, this is no longer supported. - -### Deprecated functions were removed from AES - -The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were -removed. - -If you're simply using the AES module, you should be calling the higher-level -functions `mbedtls_aes_crypt_xxx()`. - -If you're providing an alternative implementation using -`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be -replacing the removed functions with `mbedtls_internal_aes_encrypt()` and -`mbedtls_internal_aes_decrypt()` respectively. - -### Deprecated functions were removed from ECDSA - -The functions `mbedtls_ecdsa_write_signature_det()` and -`mbedtls_ecdsa_sign_det()` were removed. They were superseded by -`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()` -respectively. - -### Rename `mbedtls_*_ret()` cryptography functions whose deprecated variants have been removed - -This change affects users who were using the `mbedtls_*_ret()` cryptography -functions. - -Those functions were created based on now-deprecated functions according to a -requirement that a function needs to return a value. This change brings back the -original names of those functions. The renamed functions are: - -| name before this change | after the change | -|--------------------------------|----------------------------| -| `mbedtls_ctr_drbg_update_ret` | `mbedtls_ctr_drbg_update` | -| `mbedtls_hmac_drbg_update_ret` | `mbedtls_hmac_drbg_update` | -| `mbedtls_md5_starts_ret` | `mbedtls_md5_starts` | -| `mbedtls_md5_update_ret` | `mbedtls_md5_update` | -| `mbedtls_md5_finish_ret` | `mbedtls_md5_finish` | -| `mbedtls_md5_ret` | `mbedtls_md5` | -| `mbedtls_ripemd160_starts_ret` | `mbedtls_ripemd160_starts` | -| `mbedtls_ripemd160_update_ret` | `mbedtls_ripemd160_update` | -| `mbedtls_ripemd160_finish_ret` | `mbedtls_ripemd160_finish` | -| `mbedtls_ripemd160_ret` | `mbedtls_ripemd160` | -| `mbedtls_sha1_starts_ret` | `mbedtls_sha1_starts` | -| `mbedtls_sha1_update_ret` | `mbedtls_sha1_update` | -| `mbedtls_sha1_finish_ret` | `mbedtls_sha1_finish` | -| `mbedtls_sha1_ret` | `mbedtls_sha1` | -| `mbedtls_sha256_starts_ret` | `mbedtls_sha256_starts` | -| `mbedtls_sha256_update_ret` | `mbedtls_sha256_update` | -| `mbedtls_sha256_finish_ret` | `mbedtls_sha256_finish` | -| `mbedtls_sha256_ret` | `mbedtls_sha256` | -| `mbedtls_sha512_starts_ret` | `mbedtls_sha512_starts` | -| `mbedtls_sha512_update_ret` | `mbedtls_sha512_update` | -| `mbedtls_sha512_finish_ret` | `mbedtls_sha512_finish` | -| `mbedtls_sha512_ret` | `mbedtls_sha512` | - -To migrate to the this change the user can keep the `*_ret` names in their code -and include the `compat_2.x.h` header file which holds macros with proper -renaming or to rename those functions in their code according to the list from -mentioned header file. - -### Remove the RNG parameter from RSA verify functions - -RSA verification functions also no longer take random generator arguments (this -was only needed when using a private key). This affects all applications using -the RSA verify functions. - -### Remove the padding parameters from `mbedtls_rsa_init()` - -This affects all users who use the RSA encrypt, decrypt, sign and -verify APIs. - -The function `mbedtls_rsa_init()` no longer supports selecting the PKCS#1 v2.1 -encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If -you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call -to `mbedtls_rsa_init()`, to call `mbedtls_rsa_set_padding()` to set it. - -To choose the padding type when initializing a context, instead of - -```C - mbedtls_rsa_init(ctx, padding, hash_id); -``` - -use - -```C - mbedtls_rsa_init(ctx); - mbedtls_rsa_set_padding(ctx, padding, hash_id); -``` - -To use PKCS#1 v1.5 padding, instead of - -```C - mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, ); -``` - -just use - -```C - mbedtls_rsa_init(ctx); -``` - - -## High-level crypto - -Please also refer to the section [Low-level crypto](#low-level-crypto) for -changes that could sit in either category. - -### Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations - -This only affects people who use the cipher module to perform AEAD operations -using the multi-part API. - -Previously, the documentation didn't state explicitly if it was OK to call -`mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after -the last call to `mbedtls_cipher_update()` — that is, without calling -`mbedtls_cipher_finish()` in-between. If you code was missing that call, -please add it and be prepared to get as much as 15 bytes of output. - -Currently the output is always 0 bytes, but it may be more when alternative -implementations of the underlying primitives are in use, or with future -versions of the library. - -### Remove MD2, MD4, RC4, Blowfish and XTEA algorithms - -This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms. - -They are already niche or obsolete and most of them are weak or broken. For -those reasons possible users should consider switching to modern and safe -alternatives to be found in literature. - -### Deprecated functions were removed from cipher - -The functions `mbedtls_cipher_auth_encrypt()` and -`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by -`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()` -respectively which additionally support key wrapping algorithms such as -NIST_KW. - -### Extra parameter for the output buffer size - -The following functions now take an extra parameter indicating the size of the output buffer: - -* `mbedtls_ecdsa_write_signature()`, `mbedtls_ecdsa_write_signature_restartable()` -* `mbedtls_pk_sign()`, `mbedtls_pk_sign_restartable()` - -The requirements for the output buffer have not changed, but passing a buffer that is too small now reliably causes the functions to return an error, rather than overflowing the buffer. - -### Signature functions now require the hash length to match the expected value - -This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected. - -All the functions in the RSA module that accept a `hashlen` parameter used to -ignore it unless the `md_alg` parameter was `MBEDTLS_MD_NONE`, indicating raw -data was signed. The `hashlen` parameter is now always the size that is read -from the `hash` input buffer. This length must be equal to the output size of -the hash algorithm used when signing a hash. (The requirements when signing -raw data are unchanged.) This affects the following functions: - -* `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_pkcs1_verify` -* `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_verify` -* `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_verify` -* `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify_ext` - -The signature functions in the PK module no longer accept 0 as the `hash_len` parameter. The `hash_len` parameter is now always the size that is read from the `hash` input buffer. This affects the following functions: - -* `mbedtls_pk_sign`, `mbedtls_pk_verify` -* `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable` -* `mbedtls_pk_verify_ext` - -The migration path is to pass the correct value to those functions. - -### Some function parameters were made const - -Various functions in the PK and ASN.1 modules had a `const` qualifier added to -some of their parameters. - -This normally doesn't affect your code, unless you use pointers to reference -those functions. In this case, you'll need to update the type of your pointers -in order to match the new signature. - -### The RNG parameter is now mandatory for all functions that accept one - -This change affects all users who called a function accepting a `f_rng` -parameter with `NULL` as the value of this argument; this is no longer -supported. - -The changed functions are: the X.509 CRT and CSR writing functions; the PK and -RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM -and ECDH that compute the shared secret; the scalar multiplication functions in -ECP. - -You now need to pass a properly seeded, cryptographically secure RNG to all -functions that accept a `f_rng` parameter. It is of course still possible to -pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a -context. - -Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` -configuration options) may have their own internal and are free to ignore the -`f_rng` argument but must allow users to pass one anyway. - -### Some functions gained an RNG parameter - -This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, -`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and -`mbedtls_pk_parse_keyfile()`. - -You now need to pass a properly seeded, cryptographically secure RNG when -calling these functions. It is used for blinding, a countermeasure against -side-channel attacks. - - -## PSA - -### Deprecated names for PSA constants and types were removed - -Some constants and types that were present in beta versions of the PSA Crypto -API were removed from version 1.0 of specification. Please switch to the new -names provided by the 1.0 specification instead. - - -## Changes that only affect alternative implementations - -### Internal / alt-focused headers were moved to a private location - -This shouldn't affect users who took care not to include headers that -were documented as internal, despite being in the public include directory. - -If you're providing alt implementations of ECP or RSA, you'll need to add our -`library` directory to your include path when building your alt -implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been -renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively. - -If you're a library user and used to rely on having access to a structure or -function that's now in a private header, please reach out on the mailing list -and explain your need; we'll consider adding a new API in a future version. - -### CCM interface changes: impact for alternative implementations - -The CCM interface has changed with the addition of support for -multi-part operations. Five new API functions have been defined: - `mbedtls_ccm_starts()`, `mbedtls_ccm_set_lengths()`, - `mbedtls_ccm_update_ad()`, `mbedtls_ccm_update()` and `mbedtls_ccm_finish()`. -Alternative implementations of CCM (`MBEDTLS_CCM_ALT`) have now to -implement those additional five API functions. - - -## X.509 - -### Remove the certs module from the library - -This should not affect production use of the library, as the certificates and -keys included there were never suitable for production use. - -However it might affect you if you relied on them for testing purposes. In -that case, please embed your own test certificates in your test code; now that -`certs.c` is out of the library there is no longer any stability guaranteed -and it may change in incompatible ways at any time. - -### Change the API to allow adding critical extensions to CSRs - -This affects applications that call the `mbedtls_x509write_csr_set_extension` -function. - -The API is changed to include the parameter `critical` which enables marking an -extension included in a CSR as critical. To get the previous behavior pass 0. - -### Remove the config option `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` - -This change does not affect users of the default configuration; it only affects -users who enable this option. - -The X.509 standard says that implementations must reject critical extensions that -they don't recognize, and this is what Mbed TLS does by default. This option -allowed to continue parsing those certificates but didn't provide a convenient -way to handle those extensions. - -The migration path from that option is to use the -`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally -equivalent to `mbedtls_x509_crt_parse_der()`, and/or -`mbedtls_x509_crt_parse_der_nocopy()` but it calls the callback with every -unsupported certificate extension and additionally the "certificate policies" -extension if it contains any unsupported certificate policies. - -### Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h` - -This change affects users who have chosen the configuration options to disable the -library's verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 -certificates. - -The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE` -configuration options are removed and the X.509 code now behaves as if they were -always enabled. It is consequently not possible anymore to disable at compile -time the verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 -certificates. - -The verification of the `keyUsage` and `extendedKeyUsage` fields is important, -disabling it can cause security issues and it is thus not recommended. If the -verification is for some reason undesirable, it can still be disabled by means -of the verification callback function passed to `mbedtls_x509_crt_verify()` (see -the documentation of this function for more information). - -### Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option - -This change does not affect users who were using the default configuration, as -this option was already disabled by default. Also, it does not affect users who -are working with current V3 X.509 certificates. - -Extensions were added in V3 of the X.509 specification, so pre-V3 certificates -containing extensions were never compliant. Mbed TLS now rejects them with a -parsing error in all configurations, as it did previously in the default -configuration. - -If you are working with the pre-V3 certificates you need to switch to the -current ones. - -### Strengthen default algorithm selection for X.509 - -This is described in the section [Strengthen default algorithm selection for X.509 and TLS](#strengthen-default-algorithm-selection-for-x.509-and-tls). - -### Remove wrapper for libpkcs11-helper - -This doesn't affect people using the default configuration as it was already -disabled by default. - -If you used to rely on this module in order to store your private keys -securely, please have a look at the key management facilities provided by the -PSA crypto API. If you have a use case that's not covered yet by this API, -please reach out on the mailing list. - - -## SSL - -### Remove support for TLS 1.0, 1.1 and DTLS 1.0 - -This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols. - -These versions have been deprecated by RFC 8996. -Keeping them in the library creates opportunities for misconfiguration -and possibly downgrade attacks. More generally, more code means a larger attack -surface, even if the code is supposedly not used. - -The migration path is to adopt the latest versions of the protocol. - -As a consequence of removing TLS 1.0, support for CBC record splitting was -also removed, as it was a work-around for a weakness in this particular -version. There is no migration path since the feature is no longer relevant. - -As a consequence of currently supporting only one version of (D)TLS (and in the -future 1.3 which will have a different version negotiation mechanism), support -for fallback SCSV (RFC 7507) was also removed. There is no migration path as -it's no longer useful with TLS 1.2 and later. - -As a consequence of currently supporting only one version of (D)TLS (and in the -future 1.3 which will have a different concept of ciphersuites), support for -configuring ciphersuites separately for each version via -`mbedtls_ssl_conf_ciphersuites_for_version()` was removed. Use -`mbedtls_ssl_conf_ciphersuites()` to configure ciphersuites to use with (D)TLS -1.2; in the future a different API will be added for (D)TLS 1.3. - -### Remove support for SSL 3.0 - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who explicitly enabled `MBEDTLS_SSL_PROTO_SSL3` -and relied on that version in order to communicate with peers that are not up -to date. If one of your peers is in that case, please try contacting them and -encouraging them to upgrade their software. - -### Remove support for parsing SSLv2 ClientHello - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS servers that have clients who send an SSLv2 ClientHello. -These days clients are very unlikely to do that. If you have a client that -does, please try contacting them and encouraging them to upgrade their -software. - -### Remove support for truncated HMAC - -This affects users of truncated HMAC, that is, users who called -`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`, -regardless of whether the standard version was used or compatibility version -(`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). - -The recommended migration path for people who want minimal overhead is to use a -CCM-8 ciphersuite. - -### Remove support for TLS record-level compression - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who enabled `MBEDTLS_ZLIB_SUPPORT`. This will not -cause any failures however if you used to enable TLS record-level compression -you may find that your bandwidth usage increases without compression. There's -no general solution to this problem; application protocols might have their -own compression mechanisms and are in a better position than the TLS stack to -avoid variants of the CRIME and BREACH attacks. - -### Remove support for TLS RC4-based ciphersuites - -This does not affect people who used the default `mbedtls_config.h` and the default -list of ciphersuites, as RC4-based ciphersuites were already not negotiated in -that case. - -Please switch to any of the modern, recommended ciphersuites (based on -AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support -any, encourage them to upgrade their software. - -### Remove support for TLS single-DES ciphersuites - -This doesn't affect people using the default configuration as it was already -disabled by default. - -Please switch to any of the modern, recommended ciphersuites (based on -AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support -any, encourage them to upgrade their software. - -### Remove support for TLS record-level hardware acceleration - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This feature had been broken for a while so we doubt anyone still used it. -However if you did, please reach out on the mailing list and let us know about -your use case. - -### Remove config option `MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME` - -This doesn't affect people using the default configuration. - -This option has not had any effect for a long time. Please use the `lifetime` -parameter of `mbedtls_ssl_ticket_setup()` instead. - -### Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options - -This change affects users who modified the default `mbedtls_config.h` padding granularity -settings, i.e. enabled at least one of the options. - -The `mbedtls_config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and -`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because -they used exactly the same padding mechanism and hence their respective padding -granularities can be used in exactly the same way. This change simplifies the -code maintenance. - -The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used -for both DTLS-CID and TLS 1.3. - -### TLS now favors faster curves over larger curves - -The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves. - -If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuring a TLS connection. - -### SSL key export interface change - -This affects users of the SSL key export APIs: -``` - mbedtls_ssl_conf_export_keys_cb() - mbedtls_ssl_conf_export_keys_ext_cb() -``` - -Those APIs have been removed and replaced by the new API -`mbedtls_ssl_set_export_keys_cb()`. This API differs from -the previous key export API in the following ways: - -- It is no longer bound to an SSL configuration, but to an - SSL context. This allows users to more easily identify the - connection an exported key belongs to. -- It no longer exports raw keys and IV. -- A secret type parameter has been added to identify which key - is being exported. For TLS 1.2, only the master secret is - exported, but upcoming TLS 1.3 support will add other kinds of keys. -- The callback now specifies a void return type, rather than - returning an error code. It is the responsibility of the application - to handle failures in the key export callback, for example by - shutting down the TLS connection. - -For users which do not rely on raw keys and IV, adjusting to the new -callback type should be straightforward — see the example programs -`programs/ssl/ssl_client2` and `programs/ssl/ssl_server2` for callbacks -for NSSKeylog, EAP-TLS and DTLS-SRTP. - -Users which require access to the raw keys used to secure application -traffic may derive those by hand based on the master secret and the -handshake transcript hashes which can be obtained from the raw data -on the wire. Such users are also encouraged to reach out to the -Mbed TLS team on the mailing list, to let the team know about their -use case. - -### Remove MaximumFragmentLength (MFL) query API - -This affects users which use the MFL query APIs -`mbedtls_ssl_get_{input,output}_max_frag_len()` to -infer upper bounds on the plaintext size of incoming and -outgoing record. - -Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()` -instead, which also provides such upper bounds but takes more factors -than just the MFL configuration into account. - -### Relaxed semantics for PSK configuration - -This affects users which call the PSK configuration APIs -`mbedtls_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()` -multiple times on the same SSL configuration. - -In Mbed TLS 2.x, users would observe later calls overwriting -the effect of earlier calls, with the prevailing PSK being -the one that has been configured last. In Mbed TLS 3.0, -calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times -will return an error, leaving the first PSK intact. - -To achieve equivalent functionality when migrating to Mbed TLS 3.0, -users calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times should -remove all but the last call, so that only one call to _either_ -`mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()` -remains. - -### Remove the configuration to enable weak ciphersuites in SSL / TLS - -This does not affect users who use the default `mbedtls_config.h`, as this option was -already off by default. - -If you were using a weak cipher, please switch to any of the modern, -recommended ciphersuites (based on AES-GCM, AES-CCM or ChachaPoly for example) -and if your peer doesn't support any, encourage them to upgrade their software. - -If you were using a ciphersuite without encryption, you just have to -enable `MBEDTLS_CIPHER_NULL_CIPHER` now. - -### Remove the `MBEDTLS_SSL_MAX_CONTENT_LEN` configuration option - -This affects users who use the `MBEDTLS_SSL_MAX_CONTENT_LEN` option to -set the maximum length of incoming and outgoing plaintext fragments, -which can save memory by reducing the size of the TLS I/O buffers. - -This option is replaced by the more fine-grained options -`MBEDTLS_SSL_IN_CONTENT_LEN` and `MBEDTLS_SSL_OUT_CONTENT_LEN` that set -the maximum incoming and outgoing plaintext fragment lengths, respectively. - -### Remove the SSL API `mbedtls_ssl_get_session_pointer()` - -This affects two classes of users: - -1. Users who manually inspect parts of the current session through - direct structure field access. - -2. Users of session resumption who query the current session - via `mbedtls_ssl_get_session_pointer()` prior to saving or exporting - it via `mbedtls_ssl_session_copy()` or `mbedtls_ssl_session_save()`, - respectively. - -Migration paths: - -1. Mbed TLS 3.0 does not offer a migration path for the use case 1: Like many - other Mbed TLS structures, the structure of `mbedtls_ssl_session` is no - longer part of the public API in Mbed TLS 3.0, and direct structure field - access is no longer supported. Please see the [section on private structure fields](#most-structure-fields-are-now-private) for more details. - -2. Users should replace calls to `mbedtls_ssl_get_session_pointer()` by - calls to `mbedtls_ssl_get_session()` as demonstrated in the example - program `programs/ssl/ssl_client2.c`. - -### Remove `MBEDTLS_SSL_DTLS_BADMAC_LIMIT` option - -This change does not affect users who used the default `mbedtls_config.h`, as the option -`MBEDTLS_SSL_DTLS_BADMAC_LIMIT` was already on by default. - -This option was a trade-off between functionality and code size: it allowed -users who didn't need that feature to avoid paying the cost in code size, by -disabling it. - -This option is no longer present, but its functionality is now always enabled. - -### Deprecated functions were removed from SSL - -The function `mbedtls_ssl_conf_dh_param()` was removed. Please use -`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead. - -The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use -`mbedtls_ssl_get_max_out_record_payload()` and -`mbedtls_ssl_get_max_in_record_payload()` -instead. - -### Remove `MBEDTLS_SSL_RECORD_CHECKING` option and enable its action by default - -This change does not affect users who use the default `mbedtls_config.h`, as the -option `MBEDTLS_SSL_RECORD_CHECKING` was already on by default. - -This option was added only to control compilation of one function, - `mbedtls_ssl_check_record()`, which is only useful in some specific cases, so it -was made optional to allow users who don't need it to save some code space. -However, the same effect can be achieved by using link-time garbage collection. - -Users who changed the default setting of the option need to change the config/ -build system to remove that change. - -### Session Cache API Change - -This affects users who use `mbedtls_ssl_conf_session_cache()` -to configure a custom session cache implementation different -from the one Mbed TLS implements in `library/ssl_cache.c`. - -Those users will need to modify the API of their session cache -implementation to that of a key-value store with keys being -session IDs and values being instances of `mbedtls_ssl_session`: - -```C -typedef int mbedtls_ssl_cache_get_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session ); -typedef int mbedtls_ssl_cache_set_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session ); -``` - -Since the structure of `mbedtls_ssl_session` is no longer public from 3.0 -onwards, portable session cache implementations must not access fields of -`mbedtls_ssl_session`. See the corresponding migration guide. Users that -find themselves unable to migrate their session cache functionality without -accessing fields of `mbedtls_ssl_session` should describe their use case -on the Mbed TLS mailing list. - -### Changes in the SSL error code space - -This affects users manually checking for the following error codes: - -- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` -- `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` -- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` -- `MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN` -- `MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE` -- `MBEDTLS_ERR_SSL_BAD_HS_XXX` - -Migration paths: -- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and - `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate - is too large to fit into the output buffers. - - Users should check for `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially - compare the size of their own certificate against the configured size of the output buffer to - understand if the error is due to an overly large certificate. - -- `MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN` and `MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE` have been - replaced by `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE`. - -- All codes of the form `MBEDTLS_ERR_SSL_BAD_HS_XXX` have been replaced by various alternatives, which give more information about the type of error raised. - - Users should check for the newly introduced generic error codes - - * `MBEDTLS_ERR_SSL_DECODE_ERROR` - * `MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER`, - * `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` - * `MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION` - * `MBEDTLS_ERR_SSL_BAD_CERTIFICATE` - * `MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME` - * `MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION` - * `MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL` - - and the pre-existing generic error codes - - * `MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE` - * `MBEDTLS_ERR_SSL_INTERNAL_ERROR` - - instead. - -### Modified semantics of `mbedtls_ssl_{get,set}_session()` - -This affects users who call `mbedtls_ssl_get_session()` or -`mbedtls_ssl_set_session()` multiple times on the same SSL context -representing an established TLS 1.2 connection. -Those users will now observe the second call to fail with -`MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`. - -Migration path: -- Exporting the same TLS 1.2 connection multiple times via - `mbedtls_ssl_get_session()` leads to multiple copies of - the same session. This use of `mbedtls_ssl_get_session()` - is discouraged, and the following should be considered: - * If the various session copies are later loaded into - fresh SSL contexts via `mbedtls_ssl_set_session()`, - export via `mbedtls_ssl_get_session()` only once and - load the same session into different contexts via - `mbedtls_ssl_set_session()`. Since `mbedtls_ssl_set_session()` - makes a copy of the session that's being loaded, this - is functionally equivalent. - * If the various session copies are later serialized - via `mbedtls_ssl_session_save()`, export and serialize - the session only once via `mbedtls_ssl_get_session()` and - `mbedtls_ssl_session_save()` and make copies of the raw - data instead. -- Calling `mbedtls_ssl_set_session()` multiple times in Mbed TLS 2.x - is not useful since subsequent calls overwrite the effect of previous - calls. Applications achieve equivalent functional behavior by - issuing only the very last call to `mbedtls_ssl_set_session()`. - -### Turn `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` configuration option into a runtime option - -This change affects users who were enabling `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` -option in the `mbedtls_config.h` - -This option has been removed and a new function with similar functionality has -been introduced into the SSL API. - -This new function `mbedtls_ssl_conf_preference_order()` can be used to -change the preferred order of ciphersuites on the server to those used on the client, -e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)` -has the same effect as enabling the removed option. The default state is to use -the server order of suites. - -### Strengthen default algorithm selection for X.509 and TLS - -The default X.509 verification profile (`mbedtls_x509_crt_profile_default`) and the default curve and hash selection in TLS have changed. They are now aligned, except that the X.509 profile only lists curves that support signature verification. - -Hashes and curves weaker than 255 bits (security strength less than 128 bits) are no longer accepted by default. The following hashes have been removed: SHA-1 (formerly only accepted for key exchanges but not for certificate signatures), SHA-224 (weaker hashes were already not accepted). The following curves have been removed: secp192r1, secp224r1, secp192k1, secp224k1. - -The compile-time options `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` and `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` are no longer available. - -The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing. - -If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224: -```C -mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; -my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); -``` - -If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists. - -### Remove 3DES ciphersuites - -This change does not affect users using default settings for 3DES in `mbedtls_config.h` -because the 3DES ciphersuites were disabled by that. - -3DES has weaknesses/limitations and there are better alternatives, and more and -more standard bodies are recommending against its use in TLS. - -The migration path here is to chose from the alternatives recommended in the -literature, such as AES. diff --git a/docs/Makefile b/docs/Makefile deleted file mode 100644 index 47510f984..000000000 --- a/docs/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# Minimal makefile for Sphinx documentation -# - -# You can set these variables from the command line, and also -# from the environment for the first two. -SPHINXOPTS ?= -SPHINXBUILD ?= sphinx-build -SOURCEDIR = . -BUILDDIR = _build - -# Put it first so that "make" without argument is like "make help". -help: - @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) - -.PHONY: help clean apidoc breathe_apidoc Makefile - -# Intercept the 'clean' target so we can do the right thing for apidoc as well -clean: - @# Clean the apidoc - $(MAKE) -C .. apidoc_clean - @# Clean the breathe-apidoc generated files - rm -rf ./api - @# Clean the sphinx docs - @$(SPHINXBUILD) -M clean "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) - -apidoc: - @# Generate doxygen from source using the main Makefile - $(MAKE) -C .. apidoc - -breathe_apidoc: apidoc - @# Remove existing files - breathe-apidoc skips them if they're present - rm -rf ./api - @# Generate RST file structure with breathe-apidoc - breathe-apidoc -o ./api ../apidoc/xml - -# Catch-all target: route all unknown targets to Sphinx using the new -# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). -%: Makefile breathe_apidoc - @# Build the relevant target with sphinx - @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile deleted file mode 100644 index 5bee504c2..000000000 --- a/docs/architecture/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -PANDOC = pandoc - -default: all - -all_markdown = $(wildcard *.md */*.md) - -html: $(all_markdown:.md=.html) -pdf: $(all_markdown:.md=.pdf) -all: html pdf - -.SUFFIXES: -.SUFFIXES: .md .html .pdf - -.md.html: - $(PANDOC) -o $@ $< -.md.pdf: - $(PANDOC) -o $@ $< - -clean: - rm -f *.html *.pdf - rm -f testing/*.html testing/*.pdf diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh deleted file mode 100755 index e1a5f0999..000000000 --- a/docs/architecture/psa-migration/outcome-analysis.sh +++ /dev/null @@ -1,139 +0,0 @@ -#!/bin/sh - -# This script runs tests before and after a PR and analyzes the results in -# order to highlight any difference in the set of tests skipped. -# -# It can be used to check for unintended consequences when making non-trivial -# changes to compile time guards: the sets of tests skipped in the default -# config and the full config must be the same before and after the PR. -# -# USAGE: -# - First, commit any uncommited changes. (Also, see warning below.) -# - Then launch --> [SKIP_SSL_OPT=1] docs/architecture/psa-migration/outcome-analysis.sh -# - SKIP_SSL_OPT=1 can optionally be set to skip ssl-opt.sh tests -# -# WARNING: this script checks out a commit other than the head of the current -# branch; it checks out the current branch again when running successfully, -# but while the script is running, or if it terminates early in error, you -# should be aware that you might be at a different commit than expected. -# -# NOTE: you can comment out parts that don't need to be re-done when -# re-running this script (for example "get numbers before this PR"). - -set -eu - -: ${SKIP_SSL_OPT:=0} - -cleanup() { - make clean - git checkout -- include/mbedtls/mbedtls_config.h tf-psa-crypto/include/psa/crypto_config.h -} - -record() { - export MBEDTLS_TEST_OUTCOME_FILE="$PWD/outcome-$1.csv" - rm -f $MBEDTLS_TEST_OUTCOME_FILE - - make check - - if [ $SKIP_SSL_OPT -eq 0 ]; then - make -C programs ssl/ssl_server2 ssl/ssl_client2 \ - test/udp_proxy test/query_compile_time_config - tests/ssl-opt.sh - fi -} - -# save current HEAD. -# Note: this can optionally be updated to -# HEAD=$(git branch --show-current) -# when using a Git version above 2.22 -HEAD=$(git rev-parse --abbrev-ref HEAD) - -# get the numbers before this PR for default and full -cleanup -git checkout $(git merge-base HEAD development) - -record "before-default" - -cleanup - -scripts/config.py full -record "before-full" - -# get the numbers now for default and full -cleanup -git checkout $HEAD - -record "after-default" - -cleanup - -scripts/config.py full -record "after-full" - -cleanup - -# analysis - -populate_suites () { - SUITES='' - make generated_files >/dev/null - data_files=$(cd tests/suites && echo *.data) - for data in $data_files; do - suite=${data%.data} - SUITES="$SUITES $suite" - done - make neat - - if [ $SKIP_SSL_OPT -eq 0 ]; then - SUITES="$SUITES ssl-opt" - extra_files=$(cd tests/opt-testcases && echo *.sh) - for extra in $extra_files; do - suite=${extra%.sh} - SUITES="$SUITES $suite" - done - fi -} - -compare_suite () { - ref="outcome-$1.csv" - new="outcome-$2.csv" - suite="$3" - - pattern_suite=";$suite;" - total=$(grep -c "$pattern_suite" "$ref") - sed_cmd="s/^.*$pattern_suite\(.*\);SKIP.*/\1/p" - sed -n "$sed_cmd" "$ref" > skipped-ref - sed -n "$sed_cmd" "$new" > skipped-new - nb_ref=$(wc -l %4d\n" \ - $name $total $nb_ref $nb_new - if diff skipped-ref skipped-new | grep '^> '; then - ret=1 - else - ret=0 - fi - rm skipped-ref skipped-new - return $ret -} - -compare_builds () { - printf "\n*** Comparing $1 -> $2 ***\n" - failed='' - for suite in $SUITES; do - if compare_suite "$1" "$2" "$suite"; then :; else - failed="$failed $suite" - fi - done - if [ -z "$failed" ]; then - printf "No coverage gap found.\n" - else - printf "Suites with less coverage:%s\n" "$failed" - fi -} - -populate_suites -compare_builds before-default after-default -compare_builds before-full after-full diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md deleted file mode 100644 index 8f6b606db..000000000 --- a/docs/architecture/psa-migration/psa-limitations.md +++ /dev/null @@ -1,338 +0,0 @@ -This document lists current limitations of the PSA Crypto API (as of version -1.1) that may impact our ability to (1) use it for all crypto operations in -TLS and X.509 and (2) support isolation of all long-term secrets in TLS (that -is, goals G1 and G2 in -[strategy.md](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/architecture/psa-migration/strategy.md)). - -This is supposed to be a complete list, based on a exhaustive review of crypto -operations done in TLS and X.509 code, but of course it's still possible that -subtle-but-important issues have been missed. The only way to be really sure -is, of course, to actually do the migration work. - -Limitations relevant for G1 (performing crypto operations) -========================================================== - -Restartable (aka interruptible) ECC operations ----------------------------------------------- - -Support for interruptible ECDSA sign/verify was added to PSA in Mbed TLS 3.4. -However, support for interruptible ECDH is not present yet. Also, PK, X.509 and -TLS have not yet been adapted to take advantage of the new PSA APIs. See: -- ; -- ; -- . - -Currently, when `MBEDTLS_ECP_RESTARTABLE` is enabled, some operations that -should be restartable are not (ECDH in TLS 1.2 clients using ECDHE-ECDSA), as -they are using PSA instead, and some operations that should use PSA do not -(signature generation & verification) as they use the legacy API instead, in -order to get restartable behaviour. - -Things that are in the API but not implemented yet --------------------------------------------------- - -PSA Crypto has an API for FFDH, but it's not implemented in Mbed TLS yet. -(Regarding FFDH, see the next section as well.) See issue [3261][ffdh] on -github. - -[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261 - -Arbitrary parameters for FFDH ------------------------------ - -(See also the first paragraph in the previous section.) - -Currently, the PSA Crypto API can only perform FFDH with a limited set of -well-known parameters (some of them defined in the spec, but implementations -are free to extend that set). - -TLS 1.2 (and earlier) on the other hand have the server send explicit -parameters (P and G) in its ServerKeyExchange message. This has been found to -be suboptimal for security, as it is prohibitively hard for the client to -verify the strength of these parameters. This led to the development of RFC -7919 which allows use of named groups in TLS 1.2 - however as this is only an -extension, servers can still send custom parameters if they don't support the -extension. - -In TLS 1.3 the situation will be simpler: named groups are the only -option, so the current PSA Crypto API is a good match for that. (Not -coincidentally, all the groups used by RFC 7919 and TLS 1.3 are included -in the PSA specification.) - -There are several options here: - -1. Implement support for custom FFDH parameters in PSA Crypto: this would pose - non-trivial API design problem, but most importantly seems backwards, as -the crypto community is moving away from custom FFDH parameters. (Could be -done any time.) -2. Drop the DHE-RSA and DHE-PSK key exchanges in TLS 1.2 when moving to PSA. - (For people who want some algorithmic variety in case ECC collapses, FFDH -would still be available in TLS 1.3, just not in 1.2.) (Can only be done in -4.0 or another major version.) -3. Variant of the precedent: only drop client-side support. Server-side is - easy to support in terms of API/protocol, as the server picks the -parameters: we just need remove the existing `mbedtls_ssl_conf_dh_param_xxx()` -APIs and tell people to use `mbedtls_ssl_conf_groups()` instead. (Can only be -done in 4.0 or another major version.) -4. Implement RFC 7919, support DHE-RSA and DHE-PSK only in conjunction with it - when moving to PSA. Server-side would work as above; unfortunately -client-side the only option is to offer named groups and break the handshake -if the server didn't take on our offer. This is not fully satisfying, but is -perhaps the least unsatisfying option in terms of result; it's also probably -the one that requires the most work, but it would deliver value beyond PSA -migration by implementing RFC 7919. (Implementing RFC 7919 could be done any -time; making it mandatory can only be done in 4.0 or another major version.) - -As of early 2023, the plan is to go with option 2 in Mbed TLS 4.0, which has -been announced on the mailing-list and got no push-back, see -. - -RSA-PSS parameters ------------------- - -RSA-PSS signatures are defined by PKCS#1 v2, re-published as RFC 8017 -(previously RFC 3447). - -As standardized, the signature scheme takes several parameters, in addition to -the hash algorithm potentially used to hash the message being signed: -- a hash algorithm used for the encoding function -- a mask generation function - - most commonly MGF1, which in turn is parametrized by a hash algorithm -- a salt length -- a trailer field - the value is fixed to 0xBC by PKCS#1 v2.1, but was left - configurable in the original scheme; 0xBC is used everywhere in practice. - -Both the existing `mbedtls_` API and the PSA API support only MGF1 as the -generation function (and only 0xBC as the trailer field), but there are -discrepancies in handling the salt length and which of the various hash -algorithms can differ from each other. - -### API comparison - -- RSA: - - signature: `mbedtls_rsa_rsassa_pss_sign()` - - message hashed externally - - encoding hash = MGF1 hash (from context, or argument = message hash) - - salt length: always using the maximum legal value - - signature: `mbedtls_rsa_rsassa_pss_sign_ext()` - - message hashed externally - - encoding hash = MGF1 hash (from context, or argument = message hash) - - salt length: specified explicitly - - verification: `mbedtls_rsassa_pss_verify()` - - message hashed externally - - encoding hash = MGF1 hash (from context, or argument = message hash) - - salt length: any valid length accepted - - verification: `mbedtls_rsassa_pss_verify_ext()` - - message hashed externally - - encoding hash = MGF1 hash from dedicated argument - - expected salt length: specified explicitly, can specify "ANY" -- PK: - - signature: not supported - - verification: `mbedtls_pk_verify_ext()` - - message hashed externally - - encoding hash = MGF1 hash, specified explicitly - - expected salt length: specified explicitly, can specify "ANY" -- PSA: - - algorithm specification: - - hash alg used for message hashing, encoding and MGF1 - - salt length can be either "standard" (<= hashlen, see note) or "any" - - signature generation: - - salt length: always <= hashlen (see note) and random salt - - verification: - - salt length: either <= hashlen (see note), or any depending on algorithm - -Note: above, "<= hashlen" means that hashlen is used if possible, but if it -doesn't fit because the key is too short, then the maximum length that fits is -used. - -The RSA/PK API is in principle more flexible than the PSA Crypto API. The -following sub-sections study whether and how this matters in practice. - -### Use in X.509 - -RFC 4055 Section 3.1 defines the encoding of RSA-PSS that's used in X.509. -It allows independently specifying the message hash (also used for encoding -hash), the MGF (and its hash if MGF1 is used), and the salt length (plus an -extra parameter "trailer field" that doesn't vary in practice"). These can be -encoded as part of the key, and of the signature. If both encoding are -presents, all values must match except possibly for the salt length, where the -value from the signature parameters is used. - -In Mbed TLS, RSA-PSS parameters can be parsed and displayed for various -objects (certificates, CRLs, CSRs). During parsing, the following properties -are enforced: -- the extra "trailer field" parameter must have its default value -- the mask generation function is MGF1 -- encoding hash = message hashing algorithm (may differ from MGF1 hash) - -When it comes to cryptographic operations, only two things are supported: -- verifying the signature on a certificate from its parent; -- verifying the signature on a CRL from the issuing CA. - -The verification is done using `mbedtls_pk_verify_ext()`. - -Note: since X.509 parsing ensures that message hash = encoding hash, and -`mbedtls_pk_verify_ext()` uses encoding hash = mgf1 hash, it looks like all -three hash algorithms must be equal, which would be good news as it would -match a limitation of the PSA API. - -It is unclear what parameters people use in practice. It looks like by default -OpenSSL picks saltlen = keylen - hashlen - 2 (tested with openssl 1.1.1f). -The `certtool` command provided by GnuTLS seems to be picking saltlen = hashlen -by default (tested with GnuTLS 3.6.13). FIPS 186-4 requires 0 <= saltlen <= -hashlen. - -### Use in TLS - -In TLS 1.2 (or lower), RSA-PSS signatures are never used, except via X.509. - -In TLS 1.3, RSA-PSS signatures can be used directly in the protocol (in -addition to indirect use via X.509). It has two sets of three signature -algorithm identifiers (for SHA-256, SHA-384 and SHA-512), depending of what -the OID of the public key is (rsaEncryption or RSASSA-PSS). - -In both cases, it specifies that: -- the mask generation function is MGF1 -- all three hashes are equal -- the length of the salt MUST be equal to the length of the digest algorithm - -When signing, the salt length picked by PSA is the one required by TLS 1.3 -(unless the key is unreasonably small). - -When verifying signatures, PSA will by default enforce the salt len is the one -required by TLS 1.3. - -### Current testing - X509 - -All test files use the default trailer field of 0xBC, as enforced by our -parser. (There's a negative test for that using the -`x509_parse_rsassa_pss_params` test function and hex data.) - -Files with "bad" in the name are expected to be invalid and rejected in tests. - -**Test certificates:** - -server9-bad-mgfhash.crt (announcing mgf1(sha224), signed with another mgf) - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0xDE -server9-bad-saltlen.crt (announcing saltlen = 0xDE, signed with another len) - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0xDE -server9-badsign.crt (one bit flipped in the signature) - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -server9-defaults.crt - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0x14 (default) -server9-sha224.crt - Hash Algorithm: sha224 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0xE2 -server9-sha256.crt - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0xDE -server9-sha384.crt - Hash Algorithm: sha384 - Mask Algorithm: mgf1 with sha384 - Salt Length: 0xCE -server9-sha512.crt - Hash Algorithm: sha512 - Mask Algorithm: mgf1 with sha512 - Salt Length: 0xBE -server9-with-ca.crt - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -server9.crt - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA - -These certificates are signed with a 2048-bit key. It appears that they are -all using saltlen = keylen - hashlen - 2, except for server9-defaults which is -using saltlen = hashlen. - -**Test CRLs:** - -crl-rsa-pss-sha1-badsign.pem - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -crl-rsa-pss-sha1.pem - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -crl-rsa-pss-sha224.pem - Hash Algorithm: sha224 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0xE2 -crl-rsa-pss-sha256.pem - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0xDE -crl-rsa-pss-sha384.pem - Hash Algorithm: sha384 - Mask Algorithm: mgf1 with sha384 - Salt Length: 0xCE -crl-rsa-pss-sha512.pem - Hash Algorithm: sha512 - Mask Algorithm: mgf1 with sha512 - Salt Length: 0xBE - -These CRLs are signed with a 2048-bit key. It appears that they are -all using saltlen = keylen - hashlen - 2. - -**Test CSRs:** - -server9.req.sha1 - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0x6A -server9.req.sha224 - Hash Algorithm: sha224 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0x62 -server9.req.sha256 - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0x5E -server9.req.sha384 - Hash Algorithm: sha384 - Mask Algorithm: mgf1 with sha384 - Salt Length: 0x4E -server9.req.sha512 - Hash Algorithm: sha512 - Mask Algorithm: mgf1 with sha512 - Salt Length: 0x3E - -These CSRs are signed with a 2048-bit key. It appears that they are -all using saltlen = keylen - hashlen - 2. - -### Possible courses of action - -There's no question about what to do with TLS (any version); the only question -is about X.509 signature verification. Options include: - -1. Doing all verifications with `PSA_ALG_RSA_PSS_ANY_SALT` - while this - wouldn't cause a concrete security issue, this would be non-compliant. -2. Doing verifications with `PSA_ALG_RSA_PSS` when we're lucky and the encoded - saltlen happens to match hashlen, and falling back to `ANY_SALT` otherwise. -Same issue as with the previous point, except more contained. -3. Reject all certificates with saltlen != hashlen. This includes all - certificates generated with OpenSSL using the default parameters, so it's -probably not acceptable. -4. Request an extension to the PSA Crypto API and use one of the above options - in the meantime. Such an extension seems inconvenient and not motivated by -strong security arguments, so it's unclear whether it would be accepted. - -Since Mbed TLS 3.4, option 1 is implemented. - -Limitations relevant for G2 (isolation of long-term secrets) -============================================================ - -Currently none. diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh deleted file mode 100755 index 0fc55dd8c..000000000 --- a/docs/architecture/psa-migration/syms.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Show external links in built libraries (X509 or TLS) or modules. This is -# usually done to list Crypto dependencies or to check modules' -# interdependencies. -# -# Usage: -# - build the library with debug symbols and the config you're interested in -# (default, full, etc.) -# - launch this script with 1 or more arguments depending on the analysis' goal: -# - if only 1 argument is used (which is the name of the used config, -# ex: full), then the analysis is done on libmbedx509 and libmbedtls -# libraries by default -# - if multiple arguments are provided, then modules' names (ex: pk, -# pkparse, pkwrite, etc) are expected after the 1st one and the analysis -# will be done on those modules instead of the libraries. - -set -eu - -# list mbedtls_ symbols of a given type in a static library -syms() { - TYPE="$1" - FILE="$2" - - nm "$FILE" | sed -n "s/[0-9a-f ]*${TYPE} \(mbedtls_.*\)/\1/p" | sort -u -} - -# Check if the provided name refers to a module or library and return the -# same path with proper extension -get_file_with_extension() { - BASE=$1 - if [ -f $BASE.o ]; then - echo $BASE.o - elif [ -f $BASE.a ]; then - echo $BASE.a - fi -} - -# create listings for the given library -list() { - NAME="$1" - FILE=$(get_file_with_extension "library/${NAME}") - PREF="${CONFIG}-$NAME" - - syms '[TRrD]' $FILE > ${PREF}-defined - syms U $FILE > ${PREF}-unresolved - - diff ${PREF}-defined ${PREF}-unresolved \ - | sed -n 's/^> //p' > ${PREF}-external - sed 's/mbedtls_\([^_]*\).*/\1/' ${PREF}-external \ - | uniq -c | sort -rn > ${PREF}-modules - - rm ${PREF}-defined ${PREF}-unresolved -} - -CONFIG="${1:-unknown}" - -# List of modules to check is provided as parameters -if [ $# -gt 1 ]; then - shift 1 - ITEMS_TO_CHECK="$@" -else - ITEMS_TO_CHECK="libmbedx509 libmbedtls" -fi - -for ITEM in $ITEMS_TO_CHECK; do - list $ITEM -done diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md deleted file mode 100644 index 464f7611f..000000000 --- a/docs/architecture/testing/invasive-testing.md +++ /dev/null @@ -1,367 +0,0 @@ -# Mbed TLS invasive testing strategy - -## Introduction - -In Mbed TLS, we use black-box testing as much as possible: test the documented behavior of the product, in a realistic environment. However this is not always sufficient. - -The goal of this document is to identify areas where black-box testing is insufficient and to propose solutions. - -This is a test strategy document, not a test plan. A description of exactly what is tested is out of scope. - -This document is structured as follows: - -* [“Rules”](#rules) gives general rules and is written for brevity. -* [“Requirements”](#requirements) explores the reasons why invasive testing is needed and how it should be done. -* [“Possible approaches”](#possible-approaches) discusses some general methods for non-black-box testing. -* [“Solutions”](#solutions) explains how we currently solve, or intend to solve, specific problems. - -### TLS - -This document currently focuses on data structure manipulation and storage, which is what the crypto/keystore and X.509 parts of the library are about. More work is needed to fully take TLS into account. - -## Rules - -Always follow these rules unless you have a good reason not to. If you deviate, document the rationale somewhere. - -See the section [“Possible approaches”](#possible-approaches) for a rationale. - -### Interface design for testing - -Do not add test-specific interfaces if there's a practical way of doing it another way. All public interfaces should be useful in at least some configurations. Features with a significant impact on the code size or attack surface should have a compile-time guard. - -### Reliance on internal details - -In unit tests and in test programs, it's ok to include internal header files from `library/`. Do not define non-public interfaces in public headers. In contrast, sample programs must not include header files from `library/`. - -Sometimes it makes sense to have unit tests on functions that aren't part of the public API. Declare such functions in `library/*.h` and include the corresponding header in the test code. If the function should be `static` for optimization but can't be `static` for testing, declare it as `MBEDTLS_STATIC_TESTABLE`, and make the tests that use it depend on `MBEDTLS_TEST_HOOKS` (see [“rules for compile-time options”](#rules-for-compile-time-options)). - -If test code or test data depends on internal details of the library and not just on its documented behavior, add a comment in the code that explains the dependency. For example: - -> ``` -> /* This test file is specific to the ITS implementation in PSA Crypto -> * on top of stdio. It expects to know what the stdio name of a file is -> * based on its keystore name. -> */ -> ``` - -> ``` -> # This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes -> # and not expected to be raised any time soon) is less than the maximum -> # output from HKDF-SHA512 (255*64 = 16320 bytes). -> ``` - -### Rules for compile-time options - -If the most practical way to test something is to add code to the product that is only useful for testing, do so, but obey the following rules. For more information, see the [rationale](#guidelines-for-compile-time-options). - -* **Only use test-specific code when necessary.** Anything that can be tested through the documented API must be tested through the documented API. -* **Test-specific code must be guarded by `#if defined(MBEDTLS_TEST_HOOKS)`**. Do not create fine-grained guards for test-specific code. -* **Do not use `MBEDTLS_TEST_HOOKS` for security checks or assertions.** Security checks belong in the product. -* **Merely defining `MBEDTLS_TEST_HOOKS` must not change the behavior**. It may define extra functions. It may add fields to structures, but if so, make it very clear that these fields have no impact on non-test-specific fields. -* **Where tests must be able to change the behavior, do it by function substitution.** See [“rules for function substitution”](#rules-for-function-substitution) for more details. - -#### Rules for function substitution - -This section explains how to replace a library function `mbedtls_foo()` by alternative code for test purposes. That is, library code calls `mbedtls_foo()`, and there is a mechanism to arrange for these calls to invoke different code. - -Often `mbedtls_foo` is a macro which is defined to be a system function (like `mbedtls_calloc` or `mbedtls_fopen`), which we replace to mock or wrap the system function. This is useful to simulate I/O failure, for example. Note that if the macro can be replaced at compile time to support alternative platforms, the test code should be compatible with this compile-time configuration so that it works on these alternative platforms as well. - -Sometimes the substitutable function is a `static inline` function that does nothing (not a macro, to avoid accidentally skipping side effects in its parameters), to provide a hook for test code; such functions should have a name that starts with the prefix `mbedtls_test_hook_`. In such cases, the function should generally not modify its parameters, so any pointer argument should be const. The function should return void. - -With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in the `library` directory such as `psa_crypto_invasive.h`. This is similar to the platform function configuration mechanism with `MBEDTLS_PLATFORM_xxx_ALT`. - -In unit test code that needs to modify the internal behavior: - -* The test function (or the whole test file) must depend on `MBEDTLS_TEST_HOOKS`. -* At the beginning of the test function, set the global function pointers to the desired value. -* In the test function's cleanup code, restore the global function pointers to their default value. - -## Requirements - -### General goals - -We need to balance the following goals, which are sometimes contradictory. - -* Coverage: we need to test behaviors which are not easy to trigger by using the API or which cannot be triggered deterministically, for example I/O failures. -* Correctness: we want to test the actual product, not a modified version, since conclusions drawn from a test of a modified product may not apply to the real product. -* Effacement: the product should not include features that are solely present for test purposes, since these increase the attack surface and the code size. -* Portability: tests should work on every platform. Skipping tests on certain platforms may hide errors that are only apparent on such platforms. -* Maintainability: tests should only enforce the documented behavior of the product, to avoid extra work when the product's internal or implementation-specific behavior changes. We should also not give the impression that whatever the tests check is guaranteed behavior of the product which cannot change in future versions. - -Where those goals conflict, we should at least mitigate the goals that cannot be fulfilled, and document the architectural choices and their rationale. - -### Problem areas - -#### Allocation - -Resource allocation can fail, but rarely does so in a typical test environment. How does the product cope if some allocations fail? - -Resources include: - -* Memory. -* Files in storage (PSA API only — in the Mbed TLS API, black-box unit tests are sufficient). -* Key slots (PSA API only). -* Key slots in a secure element (PSA SE HAL). -* Communication handles (PSA crypto service only). - -#### Storage - -Storage can fail, either due to hardware errors or to active attacks on trusted storage. How does the code cope if some storage accesses fail? - -We also need to test resilience: if the system is reset during an operation, does it restart in a correct state? - -#### Cleanup - -When code should clean up resources, how do we know that they have truly been cleaned up? - -* Zeroization of confidential data after use. -* Freeing memory. -* Freeing key slots. -* Freeing key slots in a secure element. -* Deleting files in storage (PSA API only). - -#### Internal data - -Sometimes it is useful to peek or poke internal data. - -* Check consistency of internal data (e.g. output of key generation). -* Check the format of files (which matters so that the product can still read old files after an upgrade). -* Inject faults and test corruption checks inside the product. - -## Possible approaches - -Key to requirement tables: - -* ++ requirement is fully met -* \+ requirement is mostly met -* ~ requirement is partially met but there are limitations -* ! requirement is somewhat problematic -* !! requirement is very problematic - -### Fine-grained public interfaces - -We can include all the features we want to test in the public interface. Then the tests can be truly black-box. The limitation of this approach is that this requires adding a lot of interfaces that are not useful in production. These interfaces have costs: they increase the code size, the attack surface, and the testing burden (exponentially, because we need to test all these interfaces in combination). - -As a rule, we do not add public interfaces solely for testing purposes. We only add public interfaces if they are also useful in production, at least sometimes. For example, the main purpose of `mbedtls_psa_crypto_free` is to clean up all resources in tests, but this is also useful in production in some applications that only want to use PSA Crypto during part of their lifetime. - -Mbed TLS traditionally has very fine-grained public interfaces, with many platform functions that can be substituted (`MBEDTLS_PLATFORM_xxx` macros). PSA Crypto has more opacity and less platform substitution macros. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Many useful tests are not reasonably achievable | -| Correctness | ++ Ideal | -| Effacement | !! Requires adding many otherwise-useless interfaces | -| Portability | ++ Ideal; the additional interfaces may be useful for portability beyond testing | -| Maintainability | !! Combinatorial explosion on the testing burden | -| | ! Public interfaces must remain for backward compatibility even if the test architecture changes | - -### Fine-grained undocumented interfaces - -We can include all the features we want to test in undocumented interfaces. Undocumented interfaces are described in public headers for the sake of the C compiler, but are described as “do not use” in comments (or not described at all) and are not included in Doxygen-rendered documentation. This mitigates some of the downsides of [fine-grained public interfaces](#fine-grained-public-interfaces), but not all. In particular, the extra interfaces do increase the code size, the attack surface and the test surface. - -Mbed TLS traditionally has a few internal interfaces, mostly intended for cross-module abstraction leakage rather than for testing. For the PSA API, we favor [internal interfaces](#internal-interfaces). - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Many useful tests are not reasonably achievable | -| Correctness | ++ Ideal | -| Effacement | !! Requires adding many otherwise-useless interfaces | -| Portability | ++ Ideal; the additional interfaces may be useful for portability beyond testing | -| Maintainability | ! Combinatorial explosion on the testing burden | - -### Internal interfaces - -We can write tests that call internal functions that are not exposed in the public interfaces. This is nice when it works, because it lets us test the unchanged product without compromising the design of the public interface. - -A limitation is that these interfaces must exist in the first place. If they don't, this has mostly the same downside as public interfaces: the extra interfaces increase the code size and the attack surface for no direct benefit to the product. - -Another limitation is that internal interfaces need to be used correctly. We may accidentally rely on internal details in the tests that are not necessarily always true (for example that are platform-specific). We may accidentally use these internal interfaces in ways that don't correspond to the actual product. - -This approach is mostly portable since it only relies on C interfaces. A limitation is that the test-only interfaces must not be hidden at link time (but link-time hiding is not something we currently do). Another limitation is that this approach does not work for users who patch the library by replacing some modules; this is a secondary concern since we do not officially offer this as a feature. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Many useful tests require additional internal interfaces | -| Correctness | + Does not require a product change | -| | ~ The tests may call internal functions in a way that does not reflect actual usage inside the product | -| Effacement | ++ Fine as long as the internal interfaces aren't added solely for test purposes | -| Portability | + Fine as long as we control how the tests are linked | -| | ~ Doesn't work if the users rewrite an internal module | -| Maintainability | + Tests interfaces that are documented; dependencies in the tests are easily noticed when changing these interfaces | - -### Static analysis - -If we guarantee certain properties through static analysis, we don't need to test them. This puts some constraints on the properties: - -* We need to have confidence in the specification (but we can gain this confidence by evaluating the specification on test data). -* This does not work for platform-dependent properties unless we have a formal model of the platform. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Good for platform-independent properties, if we can guarantee them statically | -| Correctness | + Good as long as we have confidence in the specification | -| Effacement | ++ Zero impact on the code | -| Portability | ++ Zero runtime burden | -| Maintainability | ~ Static analysis is hard, but it's also helpful | - -### Compile-time options - -If there's code that we want to have in the product for testing, but not in production, we can add a compile-time option to enable it. This is very powerful and usually easy to use, but comes with a major downside: we aren't testing the same code anymore. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ++ Most things can be tested that way | -| Correctness | ! Difficult to ensure that what we test is what we run | -| Effacement | ++ No impact on the product when built normally or on the documentation, if done right | -| | ! Risk of getting “no impact” wrong | -| Portability | ++ It's just C code so it works everywhere | -| | ~ Doesn't work if the users rewrite an internal module | -| Maintainability | + Test interfaces impact the product source code, but at least they're clearly marked as such in the code | - -#### Guidelines for compile-time options - -* **Minimize the number of compile-time options.**
- Either we're testing or we're not. Fine-grained options for testing would require more test builds, especially if combinatorics enters the play. -* **Merely enabling the compile-time option should not change the behavior.**
- When building in test mode, the code should have exactly the same behavior. Changing the behavior should require some action at runtime (calling a function or changing a variable). -* **Minimize the impact on code**.
- We should not have test-specific conditional compilation littered through the code, as that makes the code hard to read. - -### Runtime instrumentation - -Some properties can be tested through runtime instrumentation: have the compiler or a similar tool inject something into the binary. - -* Sanitizers check for certain bad usage patterns (ASan, MSan, UBSan, Valgrind). -* We can inject external libraries at link time. This can be a way to make system functions fail. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ! Limited scope | -| Correctness | + Instrumentation generally does not affect the program's functional behavior | -| Effacement | ++ Zero impact on the code | -| Portability | ~ Depends on the method | -| Maintainability | ~ Depending on the instrumentation, this may require additional builds and scripts | -| | + Many properties come for free, but some require effort (e.g. the test code itself must be leak-free to avoid false positives in a leak detector) | - -### Debugger-based testing - -If we want to do something in a test that the product isn't capable of doing, we can use a debugger to read or modify the memory, or hook into the code at arbitrary points. - -This is a very powerful approach, but it comes with limitations: - -* The debugger may introduce behavior changes (e.g. timing). If we modify data structures in memory, we may do so in a way that the code doesn't expect. -* Due to compiler optimizations, the memory may not have the layout that we expect. -* Writing reliable debugger scripts is hard. We need to have confidence that we're testing what we mean to test, even in the face of compiler optimizations. Languages such as gdb make it hard to automate even relatively simple things such as finding the place(s) in the binary corresponding to some place in the source code. -* Debugger scripts are very much non-portable. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ++ The sky is the limit | -| Correctness | ++ The code is unmodified, and tested as compiled (so we even detect compiler-induced bugs) | -| | ! Compiler optimizations may hinder | -| | ~ Modifying the execution may introduce divergence | -| Effacement | ++ Zero impact on the code | -| Portability | !! Not all environments have a debugger, and even if they do, we'd need completely different scripts for every debugger | -| Maintainability | ! Writing reliable debugger scripts is hard | -| | !! Very tight coupling with the details of the source code and even with the compiler | - -## Solutions - -This section lists some strategies that are currently used for invasive testing, or planned to be used. This list is not intended to be exhaustive. - -### Memory management - -#### Zeroization testing - -Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. - -Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`. - -Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. - -#### Memory cleanup - -Goal: test the absence of memory leaks. - -Solution ([instrumentation](#runtime-instrumentation)): run tests with ASan. (We also use Valgrind, but it's slower than ASan, so we favor ASan.) - -Since we run many test jobs with a memory leak detector, each test function or test program must clean up after itself. Use the cleanup code (after the `exit` label in test functions) to free any memory that the function may have allocated. - -#### Robustness against memory allocation failure - -Solution: TODO. We don't test this at all at this point. - -#### PSA key store memory cleanup - -Goal: test the absence of resource leaks in the PSA key store code, in particular that `psa_close_key` and `psa_destroy_key` work correctly. - -Solution ([internal interface](#internal-interfaces)): in most tests involving PSA functions, the cleanup code explicitly calls `PSA_DONE()` instead of `mbedtls_psa_crypto_free()`. `PSA_DONE` fails the test if the key store in memory is not empty. - -Note there must also be tests that call `mbedtls_psa_crypto_free` with keys still open, to verify that it does close all keys. - -`PSA_DONE` is a macro defined in `psa_crypto_helpers.h` which uses `mbedtls_psa_get_stats()` to get information about the keystore content before calling `mbedtls_psa_crypto_free()`. This feature is mostly but not exclusively useful for testing, and may be moved under `MBEDTLS_TEST_HOOKS`. - -### PSA storage - -#### PSA storage cleanup on success - -Goal: test that no stray files are left over in the key store after a test that succeeded. - -Solution: TODO. Currently the various test suites do it differently. - -#### PSA storage cleanup on failure - -Goal: ensure that no stray files are left over in the key store even if a test has failed (as that could cause other tests to fail). - -Solution: TODO. Currently the various test suites do it differently. - -#### PSA storage resilience - -Goal: test the resilience of PSA storage against power failures. - -Solution: TODO. - -See the [secure element driver interface test strategy](driver-interface-test-strategy.html) for more information. - -#### Corrupted storage - -Goal: test the robustness against corrupted storage. - -Solution ([internal interface](#internal-interfaces)): call `psa_its` functions to modify the storage. - -#### Storage read failure - -Goal: test the robustness against read errors. - -Solution: TODO - -#### Storage write failure - -Goal: test the robustness against write errors (`STORAGE_FAILURE` or `INSUFFICIENT_STORAGE`). - -Solution: TODO - -#### Storage format stability - -Goal: test that the storage format does not change between versions (or if it does, an upgrade path must be provided). - -Solution ([internal interface](#internal-interfaces)): call internal functions to inspect the content of the file. - -Note that the storage format is defined not only by the general layout, but also by the numerical values of encodings for key types and other metadata. For numerical values, there is a risk that we would accidentally modify a single value or a few values, so the tests should be exhaustive. This probably requires some compile-time analysis (perhaps the automation for `psa_constant_names` can be used here). TODO - -### Other fault injection - -#### PSA crypto init failure - -Goal: test the failure of `psa_crypto_init`. - -Solution ([compile-time option](#compile-time-options)): replace entropy initialization functions by functions that can fail. This is the only failure point for `psa_crypto_init` that is present in all builds. - -When we implement the PSA entropy driver interface, this should be reworked to use the entropy driver interface. - -#### PSA crypto data corruption - -The PSA crypto subsystem has a few checks to detect corrupted data in memory. We currently don't have a way to exercise those checks. - -Solution: TODO. To corrupt a multipart operation structure, we can do it by looking inside the structure content, but only when running without isolation. To corrupt the key store, we would need to add a function to the library or to use a debugger. - diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md deleted file mode 100644 index a9e3dac47..000000000 --- a/docs/architecture/testing/test-framework.md +++ /dev/null @@ -1,64 +0,0 @@ -# Mbed TLS test framework - -This document is an overview of the Mbed TLS test framework and test tools. - -This document is incomplete. You can help by expanding it. - -## Unit tests - -See - -### Unit test descriptions - -Each test case has a description which succinctly describes for a human audience what the test does. The first non-comment line of each paragraph in a `.data` file is the test description. The following rules and guidelines apply: - -* Test descriptions may not contain semicolons, line breaks and other control characters, or non-ASCII characters.
- Rationale: keep the tools that process test descriptions (`generate_test_code.py`, [outcome file](#outcome-file) tools) simple. -* Test descriptions must be unique within a `.data` file. If you can't think of a better description, the convention is to append `#1`, `#2`, etc.
- Rationale: make it easy to relate a failure log to the test data. Avoid confusion between cases in the [outcome file](#outcome-file). -* Test descriptions should be a maximum of **66 characters**.
- Rationale: 66 characters is what our various tools assume (leaving room for 14 more characters on an 80-column line). Longer descriptions may be truncated or may break a visual alignment.
- We have a lot of test cases with longer descriptions, but they should be avoided. At least please make sure that the first 66 characters describe the test uniquely. -* Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0_len` for the name of a variable used to compute the - length in bytes of the vector, where is the name of the - vector as defined in the TLS 1.3 specification. - - - Use `p__len` for the name of a variable intended to hold - the address of the first byte of the vector length. - - - Use `` for the name of a variable intended to hold the - address of the first byte of the vector value. - - - Use `_end` for the name of a variable intended to hold - the address of the first byte past the vector value. - - Those idioms should lower the risk of mis-using one of the address in place - of another one which could potentially lead to some nasty issues. - - Example: `cipher_suites` vector of ClientHello in - `ssl_tls13_write_client_hello_cipher_suites()` - ``` - size_t cipher_suites_len; - unsigned char *p_cipher_suites_len; - unsigned char *cipher_suites; - ``` - - - Where applicable, use: - - the macros to extract a byte from a multi-byte integer MBEDTLS_BYTE_{0-8}. - - the macros to write in memory in big-endian order a multi-byte integer - MBEDTLS_PUT_UINT{8|16|32|64}_BE. - - the macros to read from memory a multi-byte integer in big-endian order - MBEDTLS_GET_UINT{8|16|32|64}_BE. - - the macro to check for space when writing into an output buffer - `MBEDTLS_SSL_CHK_BUF_PTR`. - - the macro to check for data when reading from an input buffer - `MBEDTLS_SSL_CHK_BUF_READ_PTR`. - - The three first types, MBEDTLS_BYTE_{0-8}, MBEDTLS_PUT_UINT{8|16|32|64}_BE - and MBEDTLS_GET_UINT{8|16|32|64}_BE improve the readability of the code and - reduce the risk of writing or reading bytes in the wrong order. - - The two last types, `MBEDTLS_SSL_CHK_BUF_PTR` and - `MBEDTLS_SSL_CHK_BUF_READ_PTR`, improve the readability of the code and - reduce the risk of error in the non-completely-trivial arithmetic to - check that we do not write or read past the end of a data buffer. The - usage of those macros combined with the following rule mitigate the risk - to read/write past the end of a data buffer. - - Examples: - ``` - hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len ); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); - ``` - - - To mitigate what happened here - (https://github.com/Mbed-TLS/mbedtls/pull/4882#discussion_r701704527) from - happening again, use always a local variable named `p` for the reading - pointer in functions parsing TLS 1.3 data, and for the writing pointer in - functions writing data into an output buffer and only that variable. The - name `p` has been chosen as it was already widely used in TLS code. - - - When an TLS 1.3 structure is written or read by a function or as part of - a function, provide as documentation the definition of the structure as - it is in the TLS 1.3 specification. - -General coding rules: - - - We prefer grouping "related statement lines" by not adding blank lines - between them. - - Example 1: - ``` - ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len ); - if( ret != 0 ) - return( ret ); - buf += output_len; - ``` - - Example 2: - ``` - MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 ); - MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 ); - cipher_suites_iter += 2; - ``` - - - Use macros for constants that are used in different functions, different - places in the code. When a constant is used only locally in a function - (like the length in bytes of the vector lengths in functions reading and - writing TLS handshake message) there is no need to define a macro for it. - - Example: `#define CLIENT_HELLO_RANDOM_LEN 32` - - - When declaring a pointer the dereferencing operator should be prepended to - the pointer name not appended to the pointer type: - - Example: `mbedtls_ssl_context *ssl;` - - - Maximum line length is 80 characters. - - Exceptions: - - - string literals can extend beyond 80 characters as we do not want to - split them to ease their search in the code base. - - - A line can be more than 80 characters by a few characters if just looking - at the 80 first characters is enough to fully understand the line. For - example it is generally fine if some closure characters like ";" or ")" - are beyond the 80 characters limit. - - If a line becomes too long due to a refactoring (for example renaming a - function to a longer name, or indenting a block more), avoid rewrapping - lines in the same commit: it makes the review harder. Make one commit with - the longer lines and another commit with just the rewrapping. - - - When in successive lines, functions and macros parameters should be aligned - vertically. - - Example: - ``` - int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buf_len ); - ``` - - - When a function's parameters span several lines, group related parameters - together if possible. - - For example, prefer: - - ``` - mbedtls_ssl_start_handshake_msg( ssl, hs_type, - buf, buf_len ); - ``` - over - ``` - mbedtls_ssl_start_handshake_msg( ssl, hs_type, buf, - buf_len ); - ``` - even if it fits. - - -Overview of handshake code organization ---------------------------------------- - -The TLS 1.3 handshake protocol is implemented as a state machine. The -functions `mbedtls_ssl_tls13_handshake_{client,server}_step` are the top level -functions of that implementation. They are implemented as a switch over all the -possible states of the state machine. - -Most of the states are either dedicated to the processing or writing of an -handshake message. - -The implementation does not go systematically through all states as this would -result in too many checks of whether something needs to be done or not in a -given state to be duplicated across several state handlers. For example, on -client side, the states related to certificate parsing and validation are -bypassed if the handshake is based on a pre-shared key and thus does not -involve certificates. - -On the contrary, the implementation goes systematically though some states -even if they could be bypassed if it helps in minimizing when and where inbound -and outbound keys are updated. The `MBEDTLS_SSL_CLIENT_CERTIFICATE` state on -client side is a example of that. - -The names of the handlers processing/writing an handshake message are -prefixed with `(mbedtls_)ssl_tls13_{process,write}`. To ease the maintenance and -reduce the risk of bugs, the code of the message processing and writing -handlers is split into a sequence of stages. - -The sending of data to the peer only occurs in `mbedtls_ssl_handshake_step` -between the calls to the handlers and as a consequence handlers do not have to -care about the MBEDTLS_ERR_SSL_WANT_WRITE error code. Furthermore, all pending -data are flushed before to call the next handler. That way, handlers do not -have to worry about pending data when changing outbound keys. - -### Message processing handlers -For message processing handlers, the stages are: - -* coordination stage: check if the state should be bypassed. This stage is -optional. The check is either purely based on the reading of the value of some -fields of the SSL context or based on the reading of the type of the next -message. The latter occurs when it is not known what the next handshake message -will be, an example of that on client side being if we are going to receive a -CertificateRequest message or not. The intent is, apart from the next record -reading to not modify the SSL context as this stage may be repeated if the -next handshake message has not been received yet. - -* fetching stage: at this stage we are sure of the type of the handshake -message we must receive next and we try to fetch it. If we did not go through -a coordination stage involving the next record type reading, the next -handshake message may not have been received yet, the handler returns with -`MBEDTLS_ERR_SSL_WANT_READ` without changing the current state and it will be -called again later. - -* pre-processing stage: prepare the SSL context for the message parsing. This -stage is optional. Any processing that must be done before the parsing of the -message or that can be done to simplify the parsing code. Some simple and -partial parsing of the handshake message may append at that stage like in the -ServerHello message pre-processing. - -* parsing stage: parse the message and restrict as much as possible any -update of the SSL context. The idea of the pre-processing/parsing/post-processing -organization is to concentrate solely on the parsing in the parsing function to -reduce the size of its code and to simplify it. - -* post-processing stage: following the parsing, further update of the SSL -context to prepare for the next incoming and outgoing messages. This stage is -optional. For example, secret and key computations occur at this stage, as well -as handshake messages checksum update. - -* state change: the state change is done in the main state handler to ease the -navigation of the state machine transitions. - - -### Message writing handlers -For message writing handlers, the stages are: - -* coordination stage: check if the state should be bypassed. This stage is -optional. The check is based on the value of some fields of the SSL context. - -* preparation stage: prepare for the message writing. This stage is optional. -Any processing that must be done before the writing of the message or that can -be done to simplify the writing code. - -* writing stage: write the message and restrict as much as possible any update -of the SSL context. The idea of the preparation/writing/finalization -organization is to concentrate solely on the writing in the writing function to -reduce the size of its code and simplify it. - -* finalization stage: following the writing, further update of the SSL -context to prepare for the next incoming and outgoing messages. This stage is -optional. For example, handshake secret and key computation occur at that -stage (ServerHello writing finalization), switching to handshake keys for -outbound message on server side as well. - -* state change: the state change is done in the main state handler to ease -the navigation of the state machine transitions. diff --git a/docs/conf.py b/docs/conf.py deleted file mode 100644 index 41c50c7f2..000000000 --- a/docs/conf.py +++ /dev/null @@ -1,34 +0,0 @@ -# Configuration file for the Sphinx documentation builder. -# -# For the full list of built-in configuration values, see the documentation: -# https://www.sphinx-doc.org/en/master/usage/configuration.html - -# -- Project information ----------------------------------------------------- -# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information -import glob - -project = 'Mbed TLS Versioned' -copyright = '2023, Mbed TLS Contributors' -author = 'Mbed TLS Contributors' - -# -- General configuration --------------------------------------------------- -# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration - -extensions = ['breathe', 'sphinx.ext.graphviz'] - -templates_path = ['_templates'] -exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] - -breathe_projects = { - 'mbedtls-versioned': '../apidoc/xml' -} -breathe_default_project = 'mbedtls-versioned' - -primary_domain = 'c' -highlight_language = 'c' - -# -- Options for HTML output ------------------------------------------------- -# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output - -html_theme = 'sphinx_rtd_theme' -html_static_path = ['_static'] diff --git a/docs/index.rst b/docs/index.rst deleted file mode 100644 index 33a97223d..000000000 --- a/docs/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -.. Mbed TLS Versioned documentation master file, created by - sphinx-quickstart on Thu Feb 23 18:13:44 2023. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -Mbed TLS API documentation -========================== - -.. doxygenpage:: index - :project: mbedtls-versioned - -.. toctree:: - :caption: Contents - :maxdepth: 1 - - Home - api/grouplist.rst - api/filelist.rst - api/structlist.rst - api/unionlist.rst diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile deleted file mode 100644 index b9f6e24f7..000000000 --- a/docs/proposed/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -PANDOC = pandoc - -default: all - -all_markdown = \ - config-split.md \ - # This line is intentionally left blank - -html: $(all_markdown:.md=.html) -pdf: $(all_markdown:.md=.pdf) -all: html pdf - -.SUFFIXES: -.SUFFIXES: .md .html .pdf - -.md.html: - $(PANDOC) -o $@ $< -.md.pdf: - $(PANDOC) -o $@ $< - -clean: - rm -f *.html *.pdf diff --git a/docs/proposed/README b/docs/proposed/README deleted file mode 100644 index 09eae9aec..000000000 --- a/docs/proposed/README +++ /dev/null @@ -1,4 +0,0 @@ -The documents in this directory are proposed specifications for Mbed -TLS features. They are not implemented yet, or only partially -implemented. Please follow activity on the `development` branch of -Mbed TLS if you are interested in these features. diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md deleted file mode 100644 index 1baab356b..000000000 --- a/docs/proposed/config-split.md +++ /dev/null @@ -1,469 +0,0 @@ -Configuration file split -======================== - -## Why split the configuration file? - -The objective of the repository split is to reach the point where in Mbed TLS -all the cryptography code and its tests are located in a `tf-psa-crypto` -directory that just contains the TF-PSA-Crypto repository as a submodule. -The cryptography APIs exposed by Mbed TLS are just the TF-PSA-Crypto ones. -Mbed TLS relies solely on the TF-PSA-Crypto build system to build its -cryptography library and its tests. - -The TF-PSA-Crypto configuration file `tf_psa_crypto_config.h` configures -entirely the cryptography interface exposed by Mbed TLS through TF-PSA-Crypto. -Mbed TLS configuration is split in two files: `mbedtls_config.h` for TLS and -x509, `tf_psa_crypto_config.h` for the cryptography. - -## How do we split the configuration file? - -We extend the so-called PSA cryptographic configuration scheme based on -`mbedtls_config.h` and `crypto_config.h`. The configuration file `crypto_config.h` -is extended to become the TF-PSA-Crypto configuration file, `mbedtls_config.h` -becomes the configuration file for the TLS and x509 libraries. All the options -to select the cryptographic mechanisms and to configure their implementation -are moved from `mbedtls_config.h` to `(tf_psa_)crypto_config.h`. - -The configuration options that are relevant to both Mbed TLS and TF-PSA-Crypto -like platform or system ones are moved to `(tf_psa_)crypto_config.h`. That way -they are available in both repositories (as Mbed TLS includes -`tf_psa_crypto_config.h`) without duplication. Later, we may duplicate or -create aliases for some of them to align with the naming conventions of the -repositories. - -The cryptographic configuration options in `tf_psa_crypto_config.h` are -organized into sections that are different from the ones in the pre-split -`mbedtls_config.h` (see below). This is first to take into account the -specifics of TF-PSA-Crypto, for example a specific section for the -configuration of builtin drivers. We also get rid of the grouping of non -boolean options into a dedicated section: related boolean and non boolean -configuration options are rather grouped together into the same section. - -Finally, for consistency, the sections in `mbedtls_config.h` are reorganized -to be better aligned with the `tf_psa_crypto_config.h` ones. - - -## Configuration files and `config.py` - -Each repository contains a `config.py` script to create and modify -configurations. - -In Mbed TLS, `config.py` handles both `mbedtls_config.h` and -`tf_psa_crypto_config.h`. It can set or unset TLS, x509 and cryptographic -configuration options without having to specify the configuration file the -options belong to. Commands like full and baremetal affect both configuration -files. - -In TF-PSA-Crypto, `config.py` addresses only `tf_psa_crypto_config.h`. - -## Sections in `tf_psa_crypto_config.h` - -The `tf_psa_crypto_config.h` configuration file is organized into eight -sections. - -The pre-split `mbedtls_config.h` configuration file contains configuration -options that apply to the whole code base (TLS, x509, crypto and tests) mostly -related to the platform abstraction layer and testing. In -`tf_psa_crypto_config.h` these configurations options are organized into two -sections, one for the platform abstraction layer options and one for the others, -respectively named ["Platform abstraction layer"](#section-platform-abstraction-layer) -and ["General and test configuration options"](#section-general-and-test-configuration-options). - -Then, the ["Cryptographic mechanism selection (PSA API)"](#section-cryptographic-mechanism-selection-PSA-API) -section is the equivalent of the pre-split `crypto_config.h` configuration file -containing the PSA_WANT_ prefixed macros. - -The following section named -["Cryptographic mechanism selection (extended API)"](#section-cryptographic-mechanism-selection-extended-API) -contains the configuration options for the cryptography mechanisms that are not -yet part of the PSA cryptography API (like LMS or PK). - -It is followed by the ["Data format support"](#section-data-format-support) -section that contains configuration options of utilities related to various data -formats (like Base64 or ASN.1 APIs). These utilities aim to facilitate the -usage of the PSA cryptography API in other cryptography projects. - -Compared to Mbed TLS, the cryptography code in TF-PSA-Crypto is not located -in a single directory but split between the PSA core (core directory) and the -PSA builtin drivers (drivers/builtin/src directory). This is reflected in -`tf_psa_crypto_config.h` with two sections respectively named ["PSA core"](#section-psa-core) -and ["Builtin drivers"](#section-builtin-drivers). - -Finally, the last section named ["Legacy cryptography"](#section-legacy-cryptography) -contains the configuration options that will eventually be removed as duplicates -of PSA_WANT_\* and MBEDTLS_PSA_ACCEL_\* configuration options. - -## Sections in `mbedtls_config.h` - -The sections in `mbedtls_config.h` are reorganized to be better aligned with -the ones in `tf_psa_crypto_config.h`. The main change is the reorganization -of the "Mbed TLS modules", "Mbed TLS feature support" and -"Module configuration options" sections into the -["TLS feature selection"](#section-tls-feature-selection) and -["X.509 feature selection"](#section-x-509-feature-selection) sections. That -way all TLS/x509 options are grouped into one section and there is no -section dedicated to non boolean configuration options anymore. - - -## Repartition of the configuration options - -### In `tf_psa_crypto_config.h`, we have: -#### SECTION Platform abstraction layer -``` -#define MBEDTLS_FS_IO -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_HAVE_TIME_DATE -//#define MBEDTLS_MEMORY_BACKTRACE -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -//#define MBEDTLS_MEMORY_DEBUG -#define MBEDTLS_PLATFORM_C -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT -//#define MBEDTLS_PLATFORM_MEMORY -//#define MBEDTLS_PLATFORM_MS_TIME_ALT -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SETBUF_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT -//#define MBEDTLS_THREADING_ALT -//#define MBEDTLS_THREADING_C -//#define MBEDTLS_THREADING_PTHREAD - -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit -//#define MBEDTLS_PLATFORM_FREE_MACRO free -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf -//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf -//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc -//#define MBEDTLS_PLATFORM_STD_EXIT exit -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf -//#define MBEDTLS_PLATFORM_STD_FREE free -//#define MBEDTLS_PLATFORM_STD_MEM_HDR -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write -//#define MBEDTLS_PLATFORM_STD_PRINTF printf -//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf -//#define MBEDTLS_PLATFORM_STD_TIME time -//#define MBEDTLS_PLATFORM_TIME_MACRO time -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t -//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf -//#define MBEDTLS_PRINTF_MS_TIME PRId64 -``` - -#### SECTION General and test configuration options -Note: for consistency with the configuration file name change from -`crypto_config.h` to `tf_psa_crypto_config.h`, the configuration options -`MBEDTLS_PSA_CRYPTO_CONFIG_FILE` and `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE` are -respectively renamed `TF_PSA_CRYPTO_CONFIG_FILE` and -`TF_PSA_CRYPTO_USER_CONFIG_FILE`. These are the only configuration options -renamed by this document. -``` -//#define MBEDTLS_CHECK_RETURN_WARNING -//#define MBEDTLS_DEPRECATED_REMOVED -//#define MBEDTLS_DEPRECATED_WARNING -#define MBEDTLS_SELF_TEST -//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN -//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND -//#define MBEDTLS_TEST_HOOKS - -//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) -//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) -//#define TF_PSA_CRYPTO_CONFIG_FILE "psa/tf_psa_crypto_config.h" -//#define TF_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" -``` - -#### SECTION Cryptographic mechanism selection (PSA API) -PSA_WANT_\* macros as in current `crypto_config.h`. - - -#### SECTION Cryptographic mechanism selection (extended API) -``` -#define MBEDTLS_LMS_C -//#define MBEDTLS_LMS_PRIVATE -#define MBEDTLS_MD_C -#define MBEDTLS_NIST_KW_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PKCS12_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_PARSE_EC_COMPRESSED -#define MBEDTLS_PK_PARSE_EC_EXTENDED -#define MBEDTLS_PK_RSA_ALT_SUPPORT -#define MBEDTLS_PK_WRITE_C - -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 -//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 -``` - - -#### SECTION Data format support -``` -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_WRITE_C -``` - - -#### SECTION PSA core -``` -#define MBEDTLS_ENTROPY_C -//#define MBEDTLS_ENTROPY_FORCE_SHA256 -//#define MBEDTLS_ENTROPY_HARDWARE_ALT -//#define MBEDTLS_ENTROPY_NV_SEED -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -//#define MBEDTLS_NO_PLATFORM_ENTROPY -//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS -//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS -#define MBEDTLS_PSA_CRYPTO_C -//#define MBEDTLS_PSA_CRYPTO_CLIENT -//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG -//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER -//#define MBEDTLS_PSA_CRYPTO_SPM -#define MBEDTLS_PSA_CRYPTO_STORAGE_C -//#define MBEDTLS_PSA_INJECT_ENTROPY -#define MBEDTLS_PSA_ITS_FILE_C -#define MBEDTLS_PSA_KEY_STORE_DYNAMIC -//#define MBEDTLS_PSA_STATIC_KEY_SLOTS - -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 -//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" -//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" -//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 -//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 -``` - -#### SECTION Builtin drivers -``` -#define MBEDTLS_AESCE_C -#define MBEDTLS_AESNI_C -//#define MBEDTLS_AES_FEWER_TABLES -//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -//#define MBEDTLS_AES_ROM_TABLES -//#define MBEDTLS_AES_USE_HARDWARE_ONLY -//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY -//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -//#define MBEDTLS_ECP_RESTARTABLE -//#define MBEDTLS_ECP_WITH_MPI_UINT -//#define MBEDTLS_GCM_LARGE_TABLE -#define MBEDTLS_HAVE_ASM -//#define MBEDTLS_HAVE_SSE2 -//#define MBEDTLS_NO_UDBL_DIVISION -//#define MBEDTLS_NO_64BIT_MULTIPLICATION -//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED -//#define MBEDTLS_RSA_NO_CRT -//#define MBEDTLS_SHA256_SMALLER -//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT -//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY -//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT -//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY -//#define MBEDTLS_SHA512_SMALLER -//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT -//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY - -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -//#define MBEDTLS_ECP_WINDOW_SIZE 4 -//#define MBEDTLS_MPI_MAX_SIZE 1024 -//#define MBEDTLS_MPI_WINDOW_SIZE 2 -//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 -``` - - -#### SECTION Legacy cryptography -``` -#define MBEDTLS_AES_C -#define MBEDTLS_ARIA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CAMELLIA_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CHACHA20_C -#define MBEDTLS_CHACHAPOLY_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_MODE_CFB -#define MBEDTLS_CIPHER_MODE_CTR -#define MBEDTLS_CIPHER_MODE_OFB -#define MBEDTLS_CIPHER_MODE_XTS -//#define MBEDTLS_CIPHER_NULL_CIPHER -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CMAC_C -#define MBEDTLS_CTR_DRBG_C -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -#define MBEDTLS_DES_C -#define MBEDTLS_DHM_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_ECJPAKE_C -#define MBEDTLS_GCM_C -#define MBEDTLS_GENPRIME -#define MBEDTLS_HKDF_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD5_C -#define MBEDTLS_PADLOCK_C -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_PKCS1_V21 -#define MBEDTLS_POLY1305_C -//#define MBEDTLS_PSA_CRYPTO_SE_C -#define MBEDTLS_RIPEMD160_C -#define MBEDTLS_RSA_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA3_C -#define MBEDTLS_SHA512_C -``` - - -### In `mbedtls_config.h`, we have: -#### SECTION Platform abstraction layer -``` -#define MBEDTLS_NET_C -//#define MBEDTLS_TIMING_ALT -#define MBEDTLS_TIMING_C -``` - - -#### SECTION General configuration options -``` -#define MBEDTLS_ERROR_C -#define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_VERSION_C -#define MBEDTLS_VERSION_FEATURES - -//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" -//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" -``` - - -#### SECTION TLS feature selection -``` -#define MBEDTLS_DEBUG_C -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#define MBEDTLS_SSL_ALPN -//#define MBEDTLS_SSL_ASYNC_PRIVATE -#define MBEDTLS_SSL_CACHE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_CONTEXT_SERIALIZATION -#define MBEDTLS_SSL_COOKIE_C -//#define MBEDTLS_SSL_DEBUG_ALL -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#define MBEDTLS_SSL_DTLS_CONNECTION_ID -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -//#define MBEDTLS_SSL_DTLS_SRTP -//#define MBEDTLS_SSL_EARLY_DATA -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_TLS1_3 -//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT -#define MBEDTLS_SSL_RENEGOTIATION -#define MBEDTLS_SSL_SERVER_NAME_INDICATION -#define MBEDTLS_SSL_SESSION_TICKETS -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TICKET_C -#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#define MBEDTLS_SSL_TLS_C -//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - -//#define MBEDTLS_PSK_MAX_LEN 32 -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 -//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 -//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 -//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 -//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 -//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 -//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 -``` - - -#### SECTION X.509 feature selection -``` -#define MBEDTLS_PKCS7_C -#define MBEDTLS_X509_CREATE_C -#define MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRT_WRITE_C -#define MBEDTLS_X509_CSR_PARSE_C -#define MBEDTLS_X509_CSR_WRITE_C -//#define MBEDTLS_X509_REMOVE_INFO -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT -//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -#define MBEDTLS_X509_USE_C - -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 -``` diff --git a/docs/psa-transition.md b/docs/psa-transition.md deleted file mode 100644 index 0758061f8..000000000 --- a/docs/psa-transition.md +++ /dev/null @@ -1,1318 +0,0 @@ -# Transitioning to the PSA API - -> I have code written for `mbedtls_` cryptography APIs. How do I migrate to `psa_` APIs? - -## Introduction - -Mbed TLS is gradually moving from legacy `mbedtls_xxx` APIs to newer `psa_xxx` APIs for cryptography. Note that this only concerns cryptography APIs, not X.509 or SSL/TLS APIs. - -This guide is intended to help migrate existing applications that use Mbed TLS for cryptography. It aims to cover common use cases, but cannot cover all possible scenarios. - -### Suggested reading - -This document is long, but you probably don't need to read all of it. You should start with the following sections: - -1. [Where can I find documentation?](#where-can-i-find-documentation) -2. [General considerations](#general-considerations) - -Then use the [summary of API modules](#summary-of-api-modules), the table of contents or a text search to locate the sections that interest you, based on what legacy interfaces your code is currently using. - -### Where can I find documentation? - -**Tutorial**: See the [getting started guide](https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/). - -**Reference**: The [PSA Crypto API specification](https://arm-software.github.io/psa-api/crypto/) is available online. Mbed TLS implements a large subset of the specification which is documented in the [`psa/crypto*.h` headers](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto_8h/). - -### Additional resources - -* [Mbed TLS open issues](https://github.com/Mbed-TLS/mbedtls/issues) -* [PSA API open issues](https://github.com/ARM-software/psa-api/issues) (not just cryptography APIs) -* [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/) - -### Why change the API? - -* Mbed TLS APIs are traditionally very transparent: the caller can access internal fields of operations. This is less true in the 3.x major version than before, but still the case to some extent. This offers applications some flexibility, but it removes flexibility from the implementation. For example, it is hard to support hardware acceleration, because the API constrains how the data must be represented. PSA APIs were designed to be more opaque, giving more freedom to the implementation. -* Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto API natively supports operations on keys stored in an external [location](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html#c.psa_key_location_t) (secure enclave, secure element, HSM, etc.). -* PSA APIs have [consistent conventions](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked. -* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without an RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem. - -### Migration timeline - -* Mbed TLS 2.15.0 (Nov 2018): first release with a draft implementation of the PSA API. -* Mbed TLS 2.18.0 (Jun 2019): The PSA API is available in the default build. -* Mbed TLS 3.1.0 (Dec 2021): TLS 1.3 support is the first major feature that requires the PSA API. -* Mbed TLS 4.0.0 (2024?): X.509 and TLS require the PSA API. Removal of some legacy crypto APIs. -* Mbed TLS 5.0.0 (??): Removal of the remaining non-PSA crypto APIs. - -## General considerations - -### Configuration of the PSA subsystem - -To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.) - -By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. - -### Header files - -Applications only need to include a single header file: -``` -#include -``` - -### General application layout - -Before any cryptographic operation, call [`psa_crypto_init`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__initialization/#group__initialization_1ga2de150803fc2f7dc6101d5af7e921dd9) and check that it succeeds. (A failure indicates an abnormal system state from which most applications cannot recover.) - -If you wish to free all resources associated with PSA cryptography, call [`mbedtls_psa_crypto_free`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#_CPPv423mbedtls_psa_crypto_freev). - -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and an `mbedtls_xxx_drbg_context`). - -### Error codes - -Mbed TLS functions return a status of type `int`: 0 for success (or occasionally a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error. - -PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error. - -### Memory management - -Apart from keys, as described in “[Key management](#key-management)” below, APIs that need to preserve state between function calls store this state in a structure allocated by the calling code. For example, multipart operations store state in a multipart operation object. - -All PSA operation objects must be zero-initialized (or equivalently, initialized with the provided `PSA_XXX_INIT` macro or `psa_xxx_init()` function) before calling any API function. - -Functions that output data require an output buffer of sufficient size. For all PSA crypto API functions that have an output buffer, there is a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size for the output buffer, given the relevant parameters. In some cases, there may be macros with less precision which can be resolved at compile time. For example, for the size of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a specific hash algorithm, or `PSA_HASH_MAX_SIZE` for a buffer that is long enough for any supported hash. See the relevant sections of this document and of the reference documentation for more details. - -#### Key management - -One of the major differences between the legacy API and the PSA API is that in the PSA API, access to keys is indirect. Operations that require a key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t), which is an identifier for the key. This allows the API to be used with keys that are not directly accessible to the application, for example because they are stored in a secure environment that does not allow the key material to be exported. - -To use a key: - -1. First create a key object with a key creation function. The two most common ones are [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) if you have the key material available and [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to create a random key. The key creation function has the key identifier as an output parameter. -2. Use the key as desired, passing the key identifier obtained during the key creation. -3. Finally destroy the key object with [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2). - -See “[Cipher key management](#cipher-key-management)”, “[MAC key management](#mac-key-management)”, “[Key lifecycle for asymmetric cryptography](#key-lifecycle-for-asymmetric-cryptography)”, “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” and “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)” for more details about key management in specific workflows, including information about choosing the key's attributes. - -If you need access to the key material, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If you need the public key corresponding to a key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). - -Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroyed or the application exits. (This is not true for persistent keys, which instead consume disk space. Since persistent keys have no analog in the legacy API, we will not discuss them further in this document.) - -## Summary of API modules - -| Header | Function prefix | PSA equivalent | -| ------ | --------------- | -------------- | -| `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | -| `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | -| `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `bignum.h` | `mbedtls_mpi_` | None (no low-level arithmetic) | -| `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | -| `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) | -| `ccm.h` | `mbedtls_ccm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `chacha20.h` | `mbedtls_chacha20_` | [Symmetric encryption](#symmetric-encryption) | -| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `check_config.h` | N/A | No public APIs (internal support header) | -| `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | -| `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | -| `compat-2.x.h` | various | None (transitional APIs) | -| `config_psa.h` | N/A | No public APIs (internal support header) | -| `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | -| `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `debug.h` | `mbedtls_debug_` | No change (not a crypto API) | -| `des.h` | `mbedtls_des_` | [Symmetric encryption](#symmetric-encryption) | -| `dhm.h` | `mbedtls_dhm_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecdh.h` | `mbedtls_ecdh_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecdsa.h` | `mbedtls_ecdsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecjpake.h` | `mbedtls_ecjpake_` | [EC-JPAKE](#ec-jpake) | -| `ecp.h` | `mbedtls_ecp_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `entropy.h` | `mbedtls_entropy_` | [Random generation interface](#random-generation-interface), [Entropy sources](#entropy-sources) | -| `error.h` | `mbedtls_*err*` | [Error messages](#error-messages) | -| `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) | -| `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `lms.h` | `mbedtls_lms_` | No change ([LMS signatures](#lms-signatures)) | -| `mbedtls_config.h` | `MBEDTLS_` | [Compile-time configuration](#compile-time-configuration) | -| `md.h` | `mbedtls_md_` | [Hashes and MAC](#hashes-and-mac) | -| `md5.h` | `mbedtls_md5_` | [Hashes and MAC](#hashes-and-mac) | -| `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) | -| `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) | -| `nist_kw.h` | `mbedtls_nist_kw_` | Migration path not yet defined | -| `oid.h` | `mbedtls_oid_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `pem.h` | `mbedtls_pem_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `pk.h` | `mbedtls_pk_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `pkcs5.h` | `mbedtls_pkcs5_` | [PKCS#5 module](#pkcs5-module) | -| `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) | -| `pkcs12.h` | `mbedtls_pkcs12_` | [PKCS#12 module](#pkcs12-module) | -| `platform.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `platform_time.h` | `mbedtls_*time*` | No change (not a crypto API) | -| `platform_util.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `poly1305.h` | `mbedtls_poly1305_` | None (but there is Chacha20-Poly1305 [AEAD](#symmetric-encryption)) | -| `private_access.h` | N/A | No public APIs (internal support header) | -| `psa_util.h` | N/A | No public APIs (internal support header) | -| `ripemd160.h` | `mbedtls_ripemd160_` | [Hashes and MAC](#hashes-and-mac) | -| `rsa.h` | `mbedtls_rsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `sha1.h` | `mbedtls_sha1_` | [Hashes and MAC](#hashes-and-mac) | -| `sha3.h` | `mbedtls_sha3_` | [Hashes and MAC](#hashes-and-mac) | -| `sha256.h` | `mbedtls_sha256_` | [Hashes and MAC](#hashes-and-mac) | -| `sha512.h` | `mbedtls_sha512_` | [Hashes and MAC](#hashes-and-mac) | -| `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) | -| `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) | -| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuite_` | No change (not a crypto API) | -| `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) | -| `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) | -| `threading.h` | `mbedtls_threading_` | No change (not a crypto API) | -| `timing.h` | `mbedtls_timing_` | No change (not a crypto API) | -| `version.h` | `mbedtls_version_` | No change (not a crypto API) | -| `x509.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_crl.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_crt.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_csr.h` | `mbedtls_x509` | No change (not a crypto API) | - -## Compile-time configuration - -### Cryptographic mechanism availability - -The cryptographic mechanisms available through the PSA API are determined by the contents of the header file `"psa/crypto_config.h"`. You can override the file location with the macro [`MBEDTLS_PSA_CRYPTO_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a25f7e358caa101570cb9519705c2b873), and you can set [`MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1abd1870cc0d2681183a3018a7247cb137) to the path of an additional file (similar to `MBEDTLS_CONFIG_FILE` and `MBEDTLS_USER_CONFIG_FILE` for legacy configuration symbols). - -The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern: - -* To make `PSA_ALG_aaa` available, enable `PSA_WANT_ALG_aaa`. - For parametrized algorithms, there is a `PSA_WANT_` symbol both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`. - -* To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`. - - As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix: - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options are enabled. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of that type. - - Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key. - -* To make `PSA_ECC_FAMILY_fff` available for size sss, enable `PSA_WANT_ECC_fff_sss`. - -Note that all `PSA_WANT_xxx` symbols must be set to a non-zero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently. - -For example, the following configuration enables hashing with SHA-256, AEAD with AES-GCM, signature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated key as well as the corresponding verification, and ECDH key exchange on secp256r1 and Curve25519. - -``` -#define PSA_WANT_ALG_SHA_256 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_ALG_GCM 1 - -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -// ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead -// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -#define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH) -#define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH) -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_ECDH -``` - -If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will normally not include it. This allows builds that use few features to have a small code size. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested. - -Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. - -### Optimization options - -When PSA Crypto mechanisms are implemented by the built-in code from Mbed TLS, the legacy optimization options (e.g. `MBEDTLS_SHA256_SMALLER`, `MBEDTLS_ECP_WINDOW_SIZE`, etc.) apply to the PSA implementation as well (they invoke the same code under the hood). - -The PSA Crypto API may use accelerator drivers. In this case any options controlling the driver behavior are driver-specific. - -### Alternative implementations (`MBEDTLS_xxx_ALT` options) - -In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library. - -The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/driver-only-builds.md) for more information. - -### Self-tests - -There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`. - -## Miscellaneous support modules - -### Error messages - -At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to a programmer-friendly representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application. - -``` -$ programs/psa/psa_constant_names error -138 -PSA_ERROR_BUFFER_TOO_SMALL -$ programs/psa/psa_constant_names type 0x7112 -PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) -$ programs/psa/psa_constant_names alg 0x06000609 -PSA_ALG_ECDSA(PSA_ALG_SHA_256) -``` - -The other functions in `error.h` are specific to the construction of Mbed TLS error code and are not relevant to the PSA API. PSA error codes are never the combination of multiple codes. - -### Constant-time functions - -The PSA API does not have an equivalent to the timing-side-channel-resistance utility functions in `constant_time.h`. Continue using `constant_time.h` as needed. - -Note that the PSA API does include features that reduce the need for `mbedtls_ct_memcmp`: - -* To compare a MAC with a reference value, use `psa_mac_verify` rather than `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”. -* The AEAD decryption functions take care of verifying the tag. See “[Authenticated cipher operations](#authenticated-cipher-operations)”. - -## Symmetric encryption - -All PSA APIs have algorithm agility, where the functions depend only on the nature of the operation and the choice of a specific algorithm comes from an argument. There is no special API for a particular block cipher (`aes.h`, `aria.h`, `camellia.h`, `des.h`), a particular block cipher mode (`ccm.h`, `gcm.h`) or a particular stream cipher (`chacha20.h`, `chachapoly.h`). To migrate code using those low-level modules, please follow the recommendations in the following sections, using the same principles as the corresponding `cipher.h` API. - -### Cipher mechanism selection - -Instead of `mbedtls_cipher_id_t` (`MBEDTLS_CIPHER_ID_xxx` constants), `mbedtls_cipher_type_t` (`MBEDTLS_CIPHER_base_size_mode` constants), `mbedtls_cipher_mode_t` (`MBEDTLS_CIPHER_MODE_xxx` constants) and `mbedtls_cipher_padding_t` (`MBEDTLS_CIPHER_PADDING_xxx` constants), use the [`PSA_KEY_TYPE_xxx` and `PSA_ALG_xxx` constants](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/). - -For modes that are based on a block cipher, the key type encodes the choice of block cipher: -[`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), -[`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), -[`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81), -[`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). -The algorithm encodes the mode and if relevant the padding type: - -* Unauthenticated cipher modes: - [`PSA_ALG_CTR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad318309706a769cffdc64e4c7e06b2e9), - [`PSA_ALG_CFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0088c933e01d671f263a9a1f177cb5bc), - [`PSA_ALG_OFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gae96bb421fa634c6fa8f571f0112f1ddb), - [`PSA_ALG_XTS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa722c0e426a797fd6d99623f59748125), - [`PSA_ALG_ECB_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab8f0609cd0f12cccc9c950fd5a81a0e3), - [`PSA_ALG_CBC_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gacb332d72716958880ee7f97d8365ae66), - [`PSA_ALG_CBC_PKCS7`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaef50d2e9716eb6d476046608e4e0c78c), - [`PSA_ALG_CCM_STAR_NO_TAG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga89627bb27ec3ce642853ab8554a88572). -* Other padding modes, which are obsolete, are not available in the PSA API. If you need them, handle the padding in your application code and use the `NO_PADDING` algorithm. -* AEAD modes: - [`PSA_ALG_CCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2c0e7d21f1b2df5e76bcb4a8f84273c), - [`PSA_ALG_GCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0d7d02b15aaae490d38277d99f1c637c). -* KW/KWP modes are not available in the PSA API at the time of writing. - -For the ChaCha20 unauthenticated cipher, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_STREAM_CIPHER`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad98c105198f7428f7d1dffcb2cd398cd). -For the Chacha20+Poly1305 AEAD, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_CHACHA20_POLY1305`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1fec55093541640a71bdd022d4adfb9c) - -### Cipher mechanism availability - -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported. - -For example, to test if AES-CBC-PKCS7 is supported, in the legacy API, you could write: -``` -#if defined(MBEDTLS_AES_C) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CBC_PKCS7 -``` - -### Cipher metadata - -Both APIs express key sizes in bits. Note however that in the PSA API, the size of a _buffer_ is always expressed in bytes, even if that buffer contains a key. - -The following table lists corresponding PSA macros for maximum-size macros that take all supported algorithms into account. - -| Legacy macro | PSA macro | -| ------------ | --------- | -| `MBEDTLS_MAX_IV_LENGTH` | [`PSA_CIPHER_IV_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_MAX_SIZE), [`PSA_AEAD_NONCE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ac2a332765ba4ccfc24935d6f7f48fcc7) | -| `MBEDTLS_MAX_BLOCK_LENGTH` | [`PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) | -| `MBEDTLS_MAX_KEY_LENGTH` | no equivalent| - -There is no equivalent to the type `mbedtls_cipher_info_t` and the functions `mbedtls_cipher_info_from_type` and `mbedtls_cipher_info_from_values` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -| Legacy function | PSA macro | -| --------------- | --------- | -| `mbedtls_cipher_info_get_iv_size` | [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH), [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH) | -| `mbedtls_cipher_info_get_block_size` | not available (use specific macros for the IV, nonce or tag length) | - -The following features have no PSA equivalent: - -* `mbedtls_cipher_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. -* `mbedtls_cipher_info_has_variable_key_bitlen`, `mbedtls_cipher_info_has_variable_iv_size`: the PSA API does not currently have such mechanism for high-level metadata information. -* `mbedtls_cipher_info_from_string`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. - -### Cipher key management - -The legacy API and the PSA API have a different organization of operations in several respects: - -* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. -* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. -* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_ENCRYPT) or [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DECRYPT), depending on which direction you want to use the key in. To allow both directions, use the flag mask `PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT`. The same policy flags cover authenticated and non-authenticated encryption/decryption. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### Unauthenticated cipher operations - -Recall the workflow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API: - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. -3. Set the IV with `mbedtls_cipher_set_iv` (except for ECB which does not use an IV). -4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call `mbedtls_cipher_update` as many times as necessary followed by `mbedtls_cipher_finish`. -5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent workflow with the PSA API is to call a single function: - -* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -For a multi-part operation, the equivalent workflow with the PSA API is as follows: - -1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro). -2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction. -3. When encrypting with a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga29fd7d32a5729226a2f73e7b6487bd8a). When encrypting with a chosen IV, or when decrypting, set the IV with [`psa_cipher_set_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga9caddac1a429a5032d6d4a907fb70ba1). Skip this step with ECB since it does not use an IV. -4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine a sufficient size for the output buffer. -5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4). - -### Authenticated cipher operations - -Recall the workflow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar workflows in the `chachapoly`, `ccm` and `gcm` modules): - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. -3. Set the nonce with `mbedtls_cipher_set_iv` (or the `starts` function for low-level modules). For CCM, which requires direct use of the `ccm` module, also call `mbedtls_ccm_set_lengths` to set the length of the additional data and of the plaintext. -4. Call `mbedtls_cipher_update_ad` to pass the unencrypted additional data. -5. Call `mbedtls_cipher_update` as many times as necessary to pass the input plaintext or ciphertext. -6. Call `mbedtls_cipher_finish` to obtain the last part of the output. Then call `mbedtls_cipher_write_tag` (when encrypting) or `mbedtls_cipher_check_tag` (when decrypting) to process the authentication tag. -7. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -Steps 3–6 can be replaced by a single call to `mbedtls_cipher_auth_encrypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-shot operation (where the whole plaintext or ciphertext is passed as a single input). - -For a one-shot operation, the PSA API allows you to call a single function: - -* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -For a multi-part operation, the equivalent workflow with the PSA API is as follows: - -1. Create an operation object of type [`psa_aead_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga14f6a01afbaa8c5b3d8c5d345cbaa3ed) and zero-initialize it (or use the corresponding `INIT` macro). -2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction. -3. When encrypting with a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga5799df1c555efd35970b65be51cb07d1). When encrypting with a chosen nonce, or when decrypting, set the nonce with [`psa_aead_set_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga59132751a6f843d038924cb217b5e13b). If the algorithm is CCM, you must also call [`psa_aead_set_lengths`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gad3431e28d05002c2a7b0760610176050) before or after setting the nonce (for other algorithms, this is permitted but not needed). -4. Call [`psa_aead_update_ad`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga6d0eed03f832e5c9c91cb8adf2882569) as many times as needed. -5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -6. Finally: - * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). - -### Miscellaneous cipher operation management - -The equivalent of `mbedtls_cipher_reset` is to call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4) or [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). Note that you must set the key again with a setup function: the PSA API does not have a special way to reuse an operation object with the same key. - -There is no equivalent for the `mbedtls_cipher_get_xxx` functions to extract information from an ongoing PSA cipher or AEAD operation. Applications that need this information will need to save it from the key and operation parameters. - -## Hashes and MAC - -The PSA API groups functions by purpose rather than by underlying primitive: there is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to `md.h` for hashing). There is no special API for a particular hash algorithm (`md5.h`, `sha1.h`, `sha256.h`, `sha512.h`, `sha3.h`). To migrate code using those low-level modules, please follow the recommendations in the following section, using the same principles as the corresponding `md.h` API. - -The PSA API does not have a direct interface for the AES-CMAC-PRF-128 algorithm from RFC 4615 calculated by `mbedtls_aes_cmac_prf_128` at the time of writing. You can implement it using the MAC interface with an AES key and the CMAC algorithm. - -### Hash mechanism selection - -The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently. - -| Mbed TLS constant | PSA constant | -| ---------------------- | ------------------- | -| `MBEDTLS_MD_MD5` | `PSA_ALG_MD5` | -| `MBEDTLS_MD_SHA1` | `PSA_ALG_SHA_1` | -| `MBEDTLS_MD_SHA224` | `PSA_ALG_SHA_224` | -| `MBEDTLS_MD_SHA256` | `PSA_ALG_SHA_256` | -| `MBEDTLS_MD_SHA384` | `PSA_ALG_SHA_384` | -| `MBEDTLS_MD_SHA512` | `PSA_ALG_SHA_512` | -| `MBEDTLS_MD_RIPEMD160` | `PSA_ALG_RIPEMD160` | -| `MBEDTLS_MD_SHA3_224` | `PSA_ALG_SHA3_224` | -| `MBEDTLS_MD_SHA3_256` | `PSA_ALG_SHA3_256` | -| `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | -| `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | - -The following helper functions can be used to convert between the 2 types: -- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`. -- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`. - -### MAC mechanism selection - -PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). - -* For HMAC, the algorithm is [`PSA_ALG_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga70f397425684b3efcde1e0e34c28261f)`(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”), - for example `PSA_ALG_HMAC(PSA_ALG_SHA_256)` for HMAC-SHA-256. - The key type is [`PSA_KEY_TYPE_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_KEY_TYPE_HMAC) regardless of the hash algorithm. -* For CMAC, the algorithm is [`PSA_ALG_CMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_CMAC) regardless of the underlying block cipher. The key type determines the block cipher: - [`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), - [`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), - [`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81) or - [`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). - -### Hash and MAC mechanism availability - -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.) - -For example, to test if HMAC-SHA-256 is supported, in the legacy API, you could write: -``` -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_HMAC && PSA_WANT_ALG_HMAC && PSA_WANT_ALG_SHA_256 -``` - -To test if AES-CMAC is supported, in the legacy API, you could write: -``` -if defined(MBEDTLS_AES_C) && defined(MBEDTLS_CMAC_C) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CMAC -``` - -### Hash algorithm metadata - -There is no equivalent to the type `mbedtls_md_info_t` and the functions `mbedtls_md_info_from_type` and `mbedtls_md_get_type` in the PSA API because it is unnecessary. All macros and functions operate directly on algorithm (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -| Legacy macro | PSA macro | -| ------------ | --------- | -| `MBEDTLS_MD_MAX_SIZE` | [`PSA_HASH_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_MAX_SIZE) | -| `MBEDTLS_MD_MAX_BLOCK_SIZE` | [`PSA_HMAC_MAX_HASH_BLOCK_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HMAC_MAX_HASH_BLOCK_SIZE) | -| `mbedtls_md_get_size` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | -| `mbedtls_md_get_size_from_type` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | - -The following features have no PSA equivalent: - -* `mbedtls_md_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. -* `mbedtls_md_info_from_ctx` -* `mbedtls_cipher_info_from_string`, `mbedtls_md_get_name`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. - -### Hash calculation - -The equivalent of `mbedtls_md` for a one-shot hash calculation is [`psa_hash_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gac69f7f19d96a56c28cf3799d11b12156). In addition, to compare the hash of a message with an expected value, you can call [`psa_hash_compare`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga0c08f4797bec96b886c8c8d7acc2a553) instead of `mbedtls_md` followed by `memcmp` or a constant-time equivalent. - -For a multi-part hash calculation, the legacy process is as follows: - -1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. -2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=0`. Then call `mbedtls_md_starts` to start the hash operation. -3. Call `mbedtls_md_update` as many times as necessary. -4. Call `mbedtls_md_finish`. If verifying the hash against an expected value, compare the result with the expected value. -5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. - -The equivalent process in the PSA API is as follows: - -1. Create an operation object of type [`psa_hash_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga3c4205d2ce66c4095fc5c78c25273fab) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_hash_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga8d72896cf70fc4d514c5c6b978912515) to specify the algorithm. -3. Call [`psa_hash_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga65b16ef97d7f650899b7db4b7d1112ff) as many times as necessary. -4. To obtain the hash, call [`psa_hash_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga4795fd06a0067b0adcd92e9627b8c97e). Alternatively, to verify the hash against an expected value, call [`psa_hash_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga7be923c5700c9c70ef77ee9b76d1a5c0). - -If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928). - -There is no equivalent to `mbedtls_md_file` in the PSA API. Load the file data and calculate its hash. - -### MAC key management - -The legacy API and the PSA API have a different organization of operations in several respects: - -* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. -* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. -* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_SIGN_MESSAGE) to calculate a MAC or [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_VERIFY_MESSAGE) to verify the MAC of a message. To allow both directions, use the flag mask `PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE`. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### MAC calculation - -The process for a HMAC operation in the legacy API is as follows: - -1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. -2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=1`. Then call `mbedtls_md_hmac_starts` to set the key. -3. Call `mbedtls_md_hmac_update` as many times as necessary. -4. Call `mbedtls_md_hmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. -5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. - -The process for a CMAC operation in the legacy API is as follows: - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Call `mbedtls_cipher_setup` to select the block cipher. Then call `mbedtls_md_cmac_starts` to set the key. -3. Call `mbedtls_cipher_cmac_update` as many times as necessary. -4. Call `mbedtls_cipher_cmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. -5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -The process in the PSA API to calculate a MAC is as follows: - -1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_mac_sign_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga03bc3e3c0b7e55b20d2a238e418d46cd) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. -3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. -4. To obtain the MAC, call [`psa_mac_sign_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac22bc0125580c96724a09226cfbc97f2). - -To verify a MAC against an expected value, use the following process instead: - -1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_mac_verify_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga08ae327fcbc5f8e201172fe11e536984) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. -3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. -4. To verify the MAC against an expected value, call [`psa_mac_verify_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac92b2930d6728e1be4d011c05d485822). - -If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). - -The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac` and `mbedtls_md_hmac`: - -* [`psa_mac_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory. -* [`psa_mac_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory against an expected value. - -In both cases, see “[MAC key management](#mac-key-management)” for how to obtain a key identifier. - -### Miscellaneous hash or MAC operation management - -The equivalent of `mbedtls_md_reset`, `mbedtls_md_hmac_reset` or `mbedtls_cmac_reset` is to call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928) or [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). Note that you must call a setup function to specify the algorithm and the key (for MAC) again, and they can be different ones. - -The equivalent of `mbedtls_md_clone` to clone a hash operation is [`psa_hash_clone`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga39673348f3302b4646bd780034a5aeda). A PSA MAC operation cannot be cloned. - -## Key derivation - -### HKDF - -PSA Crypto provides access to HKDF, HKDF-Extract and HKDF-Expand via its [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/). This is a generic interface using an operation object with one function call for each input and one function call for each output. - -1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For HKDF and variants, use one of the macros [`PSA_ALG_HKDF`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF), [`PSA_ALG_HKDF_EXTRACT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXTRACT) or [`PSA_ALG_HKDF_EXPAND`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXPAND) with the [hash algorithm](#hash-mechanism-selection) passed as an argument. For example `PSA_ALG_HKDF(PSA_ALG_SHA_256)` selects HKDF-SHA-256. -3. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: - 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. Omit this step for HKDF-Expand. For HKDF, you may omit this step if the salt is empty. - 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the secret input. - 3. [`PSA_KEY_DERIVATION_INPUT_INFO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gacef8df989e09c769233f4b779acb5b7d) for the info string used during the expansion step. Omit this step for HKDF-Extract. -4. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. -5. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. - -### PKCS#5 module - -Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2. This is a generic interface using an operation object with one function call for each input and one function call for each output. - -1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”). -3. Call `psa_key_derivation_input_cost` with the step `PSA_KEY_DERIVATION_INPUT_COST` to select the iteration count. -4. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: - 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. You may repeat this step to pass the salt in pieces (for example a salt and a pepper). - 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password. -5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. - Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. - If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. (Note that the `verify` functions are not yet present in the 3.5 release of Mbed TLS. They are expected to be released in version 3.6.0.) -6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. - -The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. - -### PKCS#12 module - -The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbe` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent. - -## Random generation - -### Random generation interface - -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.h` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation). - -The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - -If your application mixes uses of the PSA crypto API and the mbedtls API and you need to pass an RNG argument to a legacy or X.509/TLS function, include the header file `` and use: - -* [`mbedtls_psa_get_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#_CPPv422mbedtls_psa_get_randomPvPh6size_t) as the `f_rng` argument; -* [`MBEDTLS_PSA_RANDOM_STATE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#c.MBEDTLS_PSA_RANDOM_STATE) as the `p_rng` argument. - -You can remove the Mbed TLS RNG boilerplate (`mbedtls_entropy_init`, `mbedtls_ctr_drbg_init`, `mbedtls_ctr_drbg_seed`, `mbedtls_ctr_drbg_random`, `mbedtls_ctr_drbg_free`, `mbedtls_entropy_free` — or `hmac_drbg` equivalents of the `ctr_drbg` functions) once you have finished replacing the references to `mbedtls_ctr_drbg_random` (or `mbedtls_hmac_drbg_random`) by `mbedtls_psa_get_random`. - -### Entropy sources - -Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`. - -A future version of Mbed TLS will include a PSA interface for configuring entropy sources. This is likely to replace the legacy interface in Mbed TLS 4.0. - -### Deterministic pseudorandom generation - -The PSA API does not have a dedicated interface for pseudorandom generation. The [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) can serve a similar purpose in some applications, but it does not offer CTR\_DRBG or HMAC\_DRBG. If you need these algorithms, keep using `ctr_drbg.h` and `hmac_drbg.h`, but note that they may be removed from the public API in Mbed TLS 4.0. - -## Asymmetric cryptography - -The PSA API supports RSA (see “[RSA mechanism selection](#rsa-mechanism-selection)”), elliptic curve cryptography (see “[ECC mechanism selection](#elliptic-curve-mechanism-selection)” and “[EC-JPAKE](#ec-jpake)”) and finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - -### Key lifecycle for asymmetric cryptography - -In the PSA API, keys are referenced by an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t). -(Some documentation references [`mbedtls_svc_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv420mbedtls_svc_key_id_t); the two types are identical except when the library is configured for use in a multi-client cryptography service.) -The PSA key identifier tends to play the same role as an `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API. However, there are major differences in the way the two APIs can be used to create keys or to obtain information about a key. - -Here is an overview of the lifecycle of a PSA key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's conceptual size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the permitted algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”). - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable the desired usage types (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### Public-key cryptography policies - -A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what operations are permitted (usage flags). - -The following table lists the relevant usage flags for asymmetric cryptography. You can pass those flags (combined with bitwise-or) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de). - -| Usage | Flag | -| ----- | ---- | -| export public key | 0 (always permitted) | -| export private key | [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) | -| Sign a message directly | [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | -| Sign an already-calculated hash | at least one of [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) or [`PSA_KEY_USAGE_SIGN_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | -| Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) | -| Verify an already-calculated hash | at least one of [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) or [`PSA_KEY_USAGE_VERIFY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gafadf131ef2182045e3483d03aadaa1bd) | -| Encryption | [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) | -| Decryption | [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) | -| Key agreement | [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gaf19022acc5ef23cf12477f632b48a0b2) | - -The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement. - -* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithms in each operation. -* In addition to the algorithm (or wildcard) selected with [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98), you can use [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to permit a second algorithm (or wildcard). This is intended for scenarios where a key is normally used with a single algorithm, but needs to be used with a different algorithm for enrollment (such as an ECDH key for which an ECDSA proof-of-possession is also required). - -### Asymmetric cryptographic mechanisms - -#### RSA mechanism selection - -The PK types `MBEDTLS_PK_RSA`, `MBEDTLS_PK_RSASSA_PSS` and `MBEDTLS_PK_RSA_ALT` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. -See “[RSA-ALT interface](#rsa-alt-interface)” for more information about `MBEDTLS_PK_RSA_ALT`. - -The PSA API uses policies and algorithm parameters rather than key types to distinguish between RSA-based mechanisms. The PSA algorithm selection corresponds to the `mbedtls_pk_type_t` value passed to `mbedtls_pk_{sign,verify}_ext`. It also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information. - -An RSA public key has the type [`PSA_KEY_TYPE_RSA_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9ba0878f56c8bcd1995ac017a74f513b). - -An RSA key pair has the type [`PSA_KEY_TYPE_RSA_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11745b110166e927e2abeabc7d532051). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). -You can always use a private key for operations on the corresponding public key (as long as the policy permits it). - -The following cryptographic algorithms work with RSA keys: - -* PKCS#1v1.5 RSA signature: [`PSA_ALG_RSA_PKCS1V15_SIGN`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af), [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817). -* PKCS#1v1.5 RSA encryption: [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). -* PKCS#1 RSASSA-PSS signature: [`PSA_ALG_RSA_PSS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d), [`PSA_ALG_RSA_PSS_ANY_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). -* PKCS#1 RSAES-OAEP encryption: [`PSA_ALG_RSA_OAEP`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76). - -#### Elliptic curve mechanism selection - -The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to elliptic-curve key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types. - -An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identifier. - -An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). -You can always use a private key for operations on the corresponding public key (as long as the policy permits it). - -A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations: -- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size. -- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier. - -The following table gives the correspondence between legacy and PSA elliptic curve designations. - -| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size | -| -------------------------------- | ---------------- | -------------- | -| `MBEDTLS_ECP_DP_SECP192R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 224 | -| `MBEDTLS_ECP_DP_SECP256R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | -| `MBEDTLS_ECP_DP_SECP384R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 384 | -| `MBEDTLS_ECP_DP_SECP521R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 521 | -| `MBEDTLS_ECP_DP_BP256R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 256 | -| `MBEDTLS_ECP_DP_BP384R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 384 | -| `MBEDTLS_ECP_DP_BP512R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 512 | -| `MBEDTLS_ECP_DP_CURVE25519` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 255 | -| `MBEDTLS_ECP_DP_SECP192K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224K1` | not supported | N/A | -| `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | -| `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | - -The following cryptographic algorithms work with ECC keys: - -* ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). -* ECDSA: [`PSA_ALG_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3), [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4), [`PSA_ALG_DETERMINISTIC_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03). -* EC-JPAKE (see “[EC-JPAKE](#ec-jpake)”. - -#### Diffie-Hellman mechanism selection - -A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) where `group` is a group family as explained below. - -A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c) where `group` is a group family as explained below. Due to the design of the API, there is rarely a need to use Diffie-Hellman public key objects. - -The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a group family identifier and the public key size in bits. - -| Mbed TLS DH group P value | PSA DH group family | Bit-size | -| ------------------------- | ------------------- | -------- | -| `MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 2048 | -| `MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 3072 | -| `MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 4096 | -| `MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 6144 | -| `MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 8192 | - -A finite-field Diffie-Hellman key can be used for key agreement with the algorithm [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4). - -### Creating keys for asymmetric cryptography - -The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). Compared with the low-level functions from the legacy API (`mbedtls_rsa_gen_key`, `mbedtls_ecp_gen_privkey`, `mbedtls_ecp_gen_keypair`, `mbedtls_ecp_gen_keypair_base`, `mbedtls_ecdsa_genkey`), this directly creates an object that can be used with high-level APIs, but removes some of the flexibility. Note that if you want to export the generated private key, you must pass the flag [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de); exporting the public key with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) is always permitted. - -For RSA keys, `psa_generate_key` uses 65537 as the public exponent. You can use [`psa_generate_key_custom`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#ga0415617443afe42a712027bbb8ad89f0) to select a different public exponent. As of Mbed TLS 3.6.1, selecting a different public exponent is only supported with the built-in RSA implementation, not with PSA drivers. - -To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). This function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), but only supports a single format that just contains the number(s) that make up the key, with very little metadata. The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details. - -| Key type | PSA import/export format | -| -------- | ------------------------ | -| RSA key pair | PKCS#1 RSAPrivateKey DER encoding (including both private exponent and CRT parameters) | -| RSA public key | PKCS#1 RSAPublicKey DER encoding | -| ECC key pair | Fixed-length private value (not containing the public key) | -| ECC public key (Weierstrass curve) | Fixed-length uncompressed point | -| ECC public key (Montgomery curve) | Fixed-length public value | -| FFDH key pair | Fixed-length private value (not containing the public key) | -| FFDH public key | Fixed-length public value | - -There is no equivalent of `mbedtls_pk_parse_keyfile` and `mbedtls_pk_parse_public_keyfile`. Either call the legacy function or load the file data manually. - -A future extension of the PSA API will support other import formats. Until those are implemented, see the following subsection for how to use the PK module for key parsing and construct a PSA key object from the PK object. - -### Creating a PSA key via PK - -You can use the PK module as an intermediate step to create an RSA or ECC key for use with PSA. This is useful for use cases that the PSA API does not currently cover, such as: - -* Parsing a key in a format with metadata without knowing its type ahead of time. -* Parsing a key in a format that the PK module supports, but `psa_import_key` doesn't. -* Importing a key which you have in the form of a list of numbers, rather than the binary encoding required by `psa_import_key`. -* Importing a key with less information than what the PSA API needs, for example an ECC public key in a compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters. - -For such use cases: - -1. First create a PK object with the desired key material. -2. Call [`mbedtls_pk_get_psa_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a7aa7b33cffb6981d95d1632631de9244) to fill PSA attributes corresponding to the PK key. Pass one of the following values as the `usage` parameter: - * `PSA_KEY_USAGE_SIGN_HASH` or `PSA_KEY_USAGE_SIGN_MESSAGE` for a key pair used for signing. - * `PSA_KEY_USAGE_DECRYPT` for a key pair used for decryption. - * `PSA_KEY_USAGE_DERIVE` for a key pair used for key agreement. - * `PSA_KEY_USAGE_VERIFY_HASH` or `PSA_KEY_USAGE_VERIFY_MESSAGE` for a public key pair used for signature verification. - * `PSA_KEY_USAGE_ENCRYPT` for a key pair used for encryption. -3. Optionally, tweak the attributes (this is rarely necessary). For example: - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de), [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) and/or [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to change the key's policy (by default, it allows what can be done through the PK module). - · Call [`psa_set_key_id`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae48fcfdc72a23e7499957d7f54ff5a64) and perhaps [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to create a PSA persistent key. -4. Call [`mbedtls_pk_import_into_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ad59835d14832daf0f4b4bd0a4555abb9) to import the key into the PSA key store. -5. You can now free the PK object with `mbedtls_pk_free`. - -Here is some sample code illustrating the above process, with error checking omitted. - -``` -mbedtls_pk_context pk; -mbedtls_pk_init(&pk); -mbedtls_pk_parse_key(&pk, key_buffer, key_buffer_length, NULL, 0, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes); -psa_key_id_t key_id; -mbedtls_pk_import_into_psa(&pk, &attributes, &key_id); -mbedtls_pk_free(&pk); -psa_sign_hash(key_id, ...); -``` - -#### Importing an elliptic curve key from ECP - -This section explains how to use the `ecp.h` API to create an elliptic curve key in a format suitable for `psa_import_key`. - -You can use this, for example, to import an ECC key in the form of a compressed point by calling `mbedtls_ecp_point_read_binary` then following the process below. - -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. (This includes `mbedtls_ecdsa_keypair` objects since that is just a type alias.) Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764). - -``` -mbedtls_ecp_keypair ec; -mbedtls_ecp_keypair_init(&ec); -// Omitted: fill ec with key material -// (the public key will not be used and does not need to be set) -unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; -size_t length; -mbedtls_ecp_write_key_ext(&ec, &length, buf, sizeof(buf)); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); -psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); -psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); -psa_key_id_t key_id = 0; -psa_import_key(&attributes, buf, length, &key_id); -mbedtls_ecp_keypair_free(&ec); -``` -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity. - -``` -mbedtls_ecp_group grp; -mbedtls_ecp_group_init(&grp); -mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_...); -mbedtls_ecp_point pt; -mbedtls_ecp_point_init(&pt); -// Omitted: fill pt with key material -unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_PUBLIC_KEY_MAX_SIZE)]; -size_t length; -mbedtls_ecp_point_write_binary(&grp, &pt, &length, buf, sizeof(buf)); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); -psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); -psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); -psa_key_id_t key_id = 0; -psa_import_key(&attributes, buf, length, &key_id); -mbedtls_ecp_point_free(&pt); -mbedtls_ecp_group_free(&grp); -``` - -### Key pair and public key metadata - -There is no equivalent to the type `mbedtls_pk_info_t` and the functions `mbedtls_pk_info_from_type` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) to populate a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain a key's type (`PSA_KEY_TYPE_xxx` value) and size (nominal size in bits). - -The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as `mbedtls_pk_get_len` or `mbedtls_rsa_get_len` do, you can use the macro `PSA_BITS_TO_BYTES`. However, note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. - -Most code that calls `mbedtls_pk_get_type` or `mbedtls_pk_can_do` only requires the key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). For code that uses both `mbedtls_pk_context` objects and PSA metadata encoding, [`mbedtls_pk_can_do_ext`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a256d3e8d4323a45aafa7d2b6c59a36f6) checks the compatibility between a key object and a mechanism. If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. - -### Exporting a public key or a key pair - -To export a PSA key pair or public key, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). - -To export a PSA public key or to export the public key of a PSA key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy. - -The export format is the same format used for `psa_import_key`, described in “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” above. - -A future extension of the PSA API will support other export formats. Until those are implemented, see “[Exposing a PSA key via PK](#exposing-a-psa-key-via-pk)” for ways to use the PK module to format a PSA key. - -#### Exposing a PSA key via PK - -This section discusses how to use a PSA key in a context that requires a PK object, such as PK formatting functions (`mbedtls_pk_write_key_der`, `mbedtls_pk_write_pubkey_der`, `mbedtls_pk_write_pubkey_pem`, `mbedtls_pk_write_key_pem` or `mbedtls_pk_write_pubkey`), Mbed TLS X.509 functions, Mbed TLS SSL functions, or another API that involves `mbedtls_pk_context` objects. The PSA key must be an RSA or ECC key since the PK module does not support DH keys. Three functions from `pk.h` help with that: - -* [`mbedtls_pk_copy_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ab8e88836fd9ee344ffe630c40447bd08) copies a PSA key into a PK object. The PSA key must be exportable. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_copy_public_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a2a50247a528889c12ea0ddddb8b15a4e) copies the public part of a PSA key into a PK object. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive. - -Here is some sample code illustrating how to use the PK module to format a PSA public key or the public key of a PSA key pair. -``` -int write_psa_pubkey(psa_key_id_t key_id, - unsigned char *buf, size_t size, size_t *len) { - mbedtls_pk_context pk; - mbedtls_pk_init(&pk); - int ret = mbedtls_pk_copy_public_from_psa(key_id, &pk); - if (ret != 0) goto exit; - ret = mbedtls_pk_write_pubkey_der(&pk, buf, size); - if (ret < 0) goto exit; - *len = ret; - memmove(buf, buf + size - ret, ret); - ret = 0; -exit: - mbedtls_pk_free(&pk); -} -``` - -### Signature operations - -The equivalent of `mbedtls_pk_sign` or `mbedtls_pk_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). -The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine a sufficient size for the output buffer. -This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. - -The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). -The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_verify`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`, `mbedtls_rsa_rsassa_pss_verify`, `mbedtls_rsa_rsassa_pss_verify_ext`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. - -Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs). - -See also “[Restartable ECDSA signature](#restartable-ecdsa-signature)” for a restartable variant of this API. - -The PSA API also has functions [`psa_sign_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga963ecadae9c38c85826f9a13cf1529b9) and [`psa_verify_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga01c11f480b185a4268bebd013df7c14c). These functions combine the hash calculation with the signature calculation or verification. -For `psa_sign_message`, either the usage flag `PSA_KEY_USAGE_SIGN_MESSAGE` or `PSA_KEY_USAGE_SIGN_HASH` is sufficient. -For `psa_verify_message`, either the usage flag `PSA_KEY_USAGE_VERIFY_MESSAGE` or `PSA_KEY_USAGE_VERIFY_HASH` is sufficient. - -Most signature algorithms involve a hash algorithm. See “[Hash mechanism selection](#hash-mechanism-selection)”. - -The following subsections describe the PSA signature mechanisms that correspond to legacy Mbed TLS mechanisms. - -#### ECDSA signature - -**Note: in the PSA API, the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. To convert between the two formats, use [`mbedtls_ecdsa_raw_to_der`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#group__psa__tls__helpers_1ga9295799b5437bdff8ce8abd524c5ef2e) or [`mbedtls_ecdsa_der_to_raw`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#group__psa__tls__helpers_1ga33b3cf65d5992ccc724b7ee00186ae61). - - - -ECDSA is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. - -The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification. - -* [`PSA_ALG_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3) is a randomized ECDSA signature of a hash calculated with the algorithm `hash`. -* [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4) is equivalent to `PSA_ALG_ECDSA`, but does not require specifying a hash as part of the algorithm. It can only be used with `psa_sign_hash` and `psa_verify_hash`, with no constraint on the length of the hash. -* [`PSA_ALG_DETERMINISTIC_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03) is a deterministic ECDSA signature of a hash calculated with the algorithm `hash`. This is the same as the functionality offered by `MBEDTLS_ECDSA_DETERMINISTIC` in the legacy API. - * For `psa_sign_message` with `PSA_ALG_DETERMINISTIC_ECDSA`, the same hash algorithm is used to hash the message and to parametrize the deterministic signature generation. - -Unlike the legacy API, where `mbedtls_pk_sign` and `mbedtls_ecdsa_write_signature` automatically select deterministic ECDSA if both are available, the PSA API requires the application to select the preferred variant. ECDSA verification cannot distinguish between randomized and deterministic ECDSA (except in so far as if the same message is signed twice and the signatures are different, then at least one of the signatures is not the determinstic variant), so in most cases switching between the two is a compatible change. - -#### Restartable ECDSA signature - -The legacy API includes an API for “restartable” ECC operations: the operation returns after doing partial computation, and can be resumed. This is intended for highly constrained devices where long cryptographic calculations need to be broken up to poll some inputs, where interrupt-based scheduling is not desired. The legacy API consists of the functions `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`, as well as several configuration and data manipulation functions. - -The PSA API offers similar functionality via “interruptible” public-key operations. As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API. This will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms. - -The flow of operations for an interruptible signature operation is as follows: - -1. Create an operation object of type [`psa_sign_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6948d4653175b1b530a265540066a7e7) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_sign_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga441988da830205182b3e791352537fac) with the private key object and the hash to verify. -3. Call [`psa_sign_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga79849aaa7004a85d2ffbc4b658a333dd) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. - -The flow of operations for an interruptible signature verification operation is as follows: - -1. Create an operation object of type [`psa_verify_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga537054cf4909ad1426331ae4ce7148bb) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_verify_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga912eb51fb94056858f451f276ee289cb) with the private key object and the hash and signature to verify. -3. Call [`psa_verify_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. - -If you need to cancel the operation after calling the start function without waiting for the loop calling the complete function to finish, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). - -Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. You can retrieve the current value with [`psa_interruptible_get_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga73e66a6d93f2690b626fcea20ada62b2). The value is [`PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible/#group__interruptible_1gad19c1da7f6b7d59d5873d5b68eb943d4) if operations are not restartable, which corresponds to `mbedtls_ecp_restart_is_enabled()` being false. - -#### PKCS#1 v1.5 RSA signature - -This mechanism corresponds to `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` for an RSA key, unless PSS has been selected with `mbedtls_rsa_set_padding` on the underlying RSA key context. This mechanism also corresponds to `mbedtls_rsa_rsassa_pkcs1_v15_sign` and `mbedtls_rsa_rsassa_pkcs1_v15_verify`. - -The PSA API has two algorithm constructors: - -* [`PSA_ALG_RSA_PKCS1V15_SIGN(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af) formats the hash as specified in PKCS#1. The hash algorithm corresponds to the `md_alg` parameter of the legacy functions. -* [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817) uses the “hash” input in lieu of a DigestInfo structure. This is the same as calling the legacy functions with `md_alg=MBEDTLS_MD_NONE`. - -#### PKCS#1 RSASSA-PSS signature - -This mechanism corresponds to `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext` for an RSA key, as well as `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` if PSS has been selected on the underlying RSA context with `mbedlts_rsa_set_padding`. -It also corresponds to `mbedtls_rsa_rsassa_pss_sign` and `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify` and `mbedtls_rsa_rsassa_pss_verify_ext`. - -The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). They differ only for verification, and have exactly the same behavior for signature. The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes. - -With respect to the salt length: - -* When signing, the salt is random, and the salt length is the largest possible salt length up to the hash length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. -* When verifying, `PSA_ALG_RSA_PSS` requires the the salt length to the largest possible salt length up to the hash length (i.e. the same that would be used for signing). -* When verifying, `PSA_ALG_RSA_PSS_ANY_SALT` accepts any salt length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. - -### Asymmetric encryption and decryption - -The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290). -The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. - -The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7). -The key must be a key pair allowing the usage `PSA_KEY_USAGE_DECRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use the macro [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a61a246f3eac41989821d982e56fea6c1) or [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. - -The following subsections describe the PSA asymmetric encryption mechanisms that correspond to legacy Mbed TLS mechanisms. - -#### RSA PKCS#1v1.5 encryption - -This is the mechanism used by the PK functions and by `mbedtls_rsa_pkcs1_{encrypt,decrypt}` unless `mbedtls_rsa_set_padding` has been called on the underlying RSA key context. -This is also the mechanism used by `mbedtls_rsa_rsaes_pkcs1_v15_{encrypt,decrypt}`. - -The PSA algorithm is [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). - -Beware that PKCS#1v1.5 decryption is subject to padding oracle attacks. Revealing when `psa_asymmetric_decrypt` returns `PSA_ERROR_INVALID_PADDING` may allow an adversary to decrypt arbitrary ciphertexts. - -#### RSA RSAES-OAEP - -This is the mechanism used by `mbedtls_rsa_rsaes_oaep_{encrypt,decrypt}`. - -The PSA algorithm is [`PSA_ALG_RSA_OAEP(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76) where `hash` is a hash algorithm value (`PSA_ALG_xxx`, see “[Hash mechanism selection](#hash-mechanism-selection)”). - -As with the PK API, the mask generation is MGF1, the label is empty, and the same hash algorithm is used for MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a different hash algorithm for the label. - -### Private-public key consistency - -There is no direct equivalent of the functions `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`. The PSA API performs some basic checks when it imports a key, and may perform additional checks before performing an operation if needed, so it will never perform an operation on a key that does not satisfy these checks, but the details of when the check is performed may change between versions of the library. - -The legacy API provides functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical. - -* Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). -* Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). -* Export both public keys with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) (this is possible regardless of the usage policies on the keys) and compare the output. - ``` - // Error checking omitted - unsigned char pub1[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - unsigned char pub2[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t length1, length2; - psa_export_public_key(key1, pub1, sizeof(pub1), &length1); - psa_export_public_key(key2, pub2, sizeof(pub2), &length2); - if (length1 == length2 && !memcmp(pub1, pub2, length1)) - puts("The keys match"); - else - puts("The keys do not match"); - ``` - -### PK functionality with no PSA equivalent - -There is no PSA equivalent of the debug functionality provided by `mbedtls_pk_debug`. Use `psa_export_key` to export the key if desired. - -There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedtls_pk_get_name`. - -### Key agreement - -The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. - - - -#### Diffie-Hellman key pair management - -The PSA API manipulates keys as such, rather than via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then perform the key exchange, then destroy the key. There is no equivalent to the types `mbedtls_ecdh_context` and `mbedtls_dhm_context`. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value: - * [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) for finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - * [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) for elliptic-curve Diffie-Hellman (see “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the private key size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to select the appropriate algorithm: - * [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43) or [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4) for a raw key agreement. - * [`PSA_ALG_KEY_AGREEMENT(ka, kdf)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga78bb81cffb87a635c247725eeb2a2682) if the key will be used as part of a key derivation, where: - * `ka` is either `PSA_ALG_ECDH` or `PSA_ALG_FFDH`. - * `kdf` is a key derivation algorithm. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DERIVE). See “[Public-key cryptography policies](#public-key-cryptography-policies)” for more information. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to generate a random key. This is normally the case for a Diffie-Hellman key. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is derived deterministically from other material, use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -#### Performing a key agreement - -Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain the public key that needs to be sent to the other party. -Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine a sufficient size for the output buffer. - -Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to calculate the shared secret from your private key and the other party's public key. -Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface. - -#### Translating a legacy key agreement contextless workflow - -A typical workflow for ECDH using the legacy API without a context object is: - -1. Initialize objects: - * `mbedtls_ecp_group grp` for the curve; - * `mbedtls_mpi our_priv` for our private key; - * `mbedtls_ecp_point our_pub` for our public key; - * `mbedtls_ecp_point their_pub` for their public key (this may be the same variable as `our_pub` if the application does not need to hold both at the same time); - * `mbedtls_mpi z` for the shared secret (this may be the same variable as `our_priv` when doing ephemeral ECDH). -2. Call `mbedtls_ecp_group_load` on `grp` to select the curve. -3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key. -4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. Use the raw shared secret `z`, typically, to construct a shared key. -6. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. - -The corresponding workflow with the PSA API is as follows: - -1. Initialize objects: - * `psa_key_id_t our_key`: a handle to our key pair; - * `psa_key_attributes_t attributes`: key attributes used in steps 2–3;; - * `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) (where `key_type` is the value passed to `psa_set_key_size` in step 2) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to hold our key. - * `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub` if the application does not need to hold both at the same time; - * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation). -2. Prepare an attribute structure as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. -3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key. -4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers. - -Steps 4–6 are only performed once for a "true" ephemeral Diffie-Hellman. They may be repeated multiple times for a "fake ephemeral" Diffie-Hellman where the same private key is used for multiple key exchanges, but it not saved. - -#### Translating a legacy ephemeral key agreement TLS server workflow - -The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 server. The PSA version of this workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. - -1. Setup phase: - 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. - 2. Call `mbedtls_ecdh_setup` or `mbedtls_dhm_set_group` to select the curve or group. - 3. Call `mbedtls_ecdh_make_params` or `mbedtls_dhm_make_params` to generate our key pair and obtain a TLS ServerKeyExchange message encoding the selected curve/group and our public key. -2. Send the ServerKeyExchange message to the peer. -3. Retrieve the peer's public key. -4. Call `mbedtls_ecdh_read_public` or `mbedtls_dhm_read_public` on the peer's public key, then call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. -5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. - -The corresponding workflow with the PSA API is as follows: - -1. Setup phase: - 1. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. - 2. Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. - 3. Format a ServerKeyExchange message containing the curve/group selection and our public key. -2. Send the ServerKeyExchange message to the peer. -3. Retrieve the peer's public key. -4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. - -#### Translating a legacy ephemeral key agreement TLS client workflow - -The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 client. The PSA version of this workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. - -1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. - 2. Call `mbedtls_ecdh_read_params` or `mbedtls_dhm_read_params` to input the data from the ServerKeyExchange message. -2. Call `mbedtls_ecdh_make_public` or `mbedtls_dh_make_public` to generate our private key and export our public key. -3. Send our public key to the peer. -4. Call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. -5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. - -The corresponding workflow with the PSA API is as follows: - -1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Decode the selected curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. -2. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. - Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. -3. Send our public key to the peer. -4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. - -#### ECDH and DHM metadata functions - -You can obtain data and metadata from an ECDH key agreement through the PSA API as follows: - -* With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key. -* Accessing our public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* Accessing our private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* Accessing the peer's public key: there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. - -The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_get_value` allow the caller to obtain metadata about the keys used for the key exchange. The PSA equivalents access the key identifier: - -* `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len`: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the PSA key identifier, then [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_X` (our private key): call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GY` (peer's public key): the there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_K` (shared secret): this is the value calculated by `psa_raw_key_agreement` or `psa_key_derivation_key_agreement`. If you need to use it multiple times (for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_P` or `MBEDTLS_DHM_PARAM_G` (group parameters): [there is no PSA API to retrieve these values](https://github.com/Mbed-TLS/mbedtls/issues/7780). - -The PSA API for finite-field Diffie-Hellman only supports predefined groups. Therefore there is no equivalent to `mbedtls_dhm_parse_dhm`, `mbedtls_dhm_parse_dhmfile`, and the `MBEDTLS_DHM_xxx_BIN` macros. - -#### Restartable key agreement - -Restartable key agreement (enabled by `mbedtls_ecdh_enable_restart`) is not yet available through the PSA API. It will be added under the name “interruptible key agreement” in a future version of the library, with an interface that's similar to the interruptible signature interface described in “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. - -### Additional information about Elliptic-curve cryptography - -#### Information about a curve - -The legacy API identifies a curve by an `MBEDTLS_ECP_DP_xxx` value of type `mbedtls_ecp_group_id`. The PSA API identifies a curve by a `PSA_ECC_FAMILY_xxx` value and the private value's bit-size. See “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” for the correspondence between the two sets of values. - -There is no PSA equivalent of the `mbedtls_ecp_group` data structure (and so no equivalent to `mbedtls_ecp_group_init`, `mbedtls_ecp_group_load`, `mbedtls_ecp_group_copy` and `mbedtls_ecp_group_free`) or of the `mbedtls_ecp_curve_info` data structure (and so no equivalent to `mbedtls_ecp_curve_info_from_grp_id`) because they are not needed. All API elements identify the curve directly by its family and size. - -The bit-size used by the PSA API is the size of the private key. For most curves, the PSA bit-size, the `bit_size` field in `mbedtls_ecp_curve_info`, the `nbits` field in `mbedtls_ecp_group` and the `pbits` field in `mbedtls_ecp_group` are the same. The following table lists curves for which they are different. - -| Curve | `grp->nbits` | `grp->pbits` | `curve_info->bit_size` | PSA bit-size | -| ----- | ------------ | ------------ | ---------------------- | ------------ | -| secp224k1 | 225 | 224 | 224 | not supported | -| Curve25519 | 253 | 255 | 256 | 255 | -| Curve448 | 446 | 448 | 448 | 448 | - -There is no exact PSA equivalent of the type `mbedtls_ecp_curve_type` and the function `mbedtls_ecp_get_type`, but the curve family encodes the same information. `PSA_ECC_FAMILY_MONTGOMERY` is the only Montgomery family. All other families supported in Mbed TLS 3.4.0 are short Weierstrass families. - -There is no PSA equivalent for the following functionality: - -* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on the name used for the curve in TLS specifications. -* The `tls_id` field of `mbedtls_ecp_curve_info`, the constant `MBEDTLS_ECP_TLS_NAMED_CURVE`, and the functions `mbedtls_ecp_curve_info_from_tls_id`, `mbedtls_ecp_tls_read_group`, `mbedtls_ecp_tls_read_group_id` and `mbedtls_ecp_tls_write_group`. The PSA crypto API does not have this dedicated support for the TLS protocol. -* Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure. - -#### Information about supported curves - -The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although one may be added in the future). Thus there is no equivalent for `MBEDTLS_ECP_DP_MAX` and the functions `mbedtls_ecp_curve_list` and `mbedtls_ecp_grp_id_list`. - -The API provides macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros. - -| Legacy macro | PSA equivalent | -| ------------ | -------------- | -| `MBEDTLS_ECP_MAX_BITS` | [`PSA_VENDOR_ECC_MAX_CURVE_BITS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_VENDOR_ECC_MAX_CURVE_BITS) | -| `MBEDTLS_ECP_MAX_BYTES` | `PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)` | -| `MBEDTLS_ECP_MAX_PT_LEN` | [`PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE) | - -#### Restartable ECC - -The PSA API supports the equivalent of restartable operations, but only for signatures at the time of writing. See “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. - -There is no PSA API for elliptic curve arithmetic as such, and therefore no equivalent of `mbedtls_ecp_restart_ctx` and functions that operate on it. - -There is PSA no equivalent of the `MBEDTLS_ECP_OPS_xxx` constants. - -#### ECC functionality with no PSA equivalent - -There is no PSA equivalent of `mbedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports. - -There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types. - -#### No curve arithmetic - -The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`: - -* Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future. -* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key_ext`. -* Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants). - -### Additional information about RSA - -#### RSA-ALT interface - -Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). - -* If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code. -* If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g. - ``` - psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_VOLATILE, MY_RSA_DRIVER_LOCATION)); - ``` - -The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding values. As a consequence, none of the API functions take an RNG parameter. - -#### RSA functionality with no PSA equivalent - -The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please [submit an issue on GitHub](https://github.com/ARM-software/psa-api/issues) so that we can extend the API to support it. - -The PSA API does not support constructing RSA keys progressively from numbers with `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-key-by-wrapping)”. - -There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` and `mbedtls_rsa_export_crt` to export some of the numbers in a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to export the public key from a key pair object. See also “[Exporting a public key or a key pair](#exporting-a-public-key-or-a-key-pair)”. - -A PSA key object is immutable, so there is no need for an equivalent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a copy of a key with a different policy of ownership; both concepts are out of scope of this document since they have no equivalent in the legacy API.) - -### LMS signatures - -A future version of Mbed TLS will support LMS keys and signatures through the PSA API (`psa_generate_key`, `psa_export_public_key`, `psa_import_key`, `psa_sign_hash`, `psa_verify_hash`, etc.). However, this is likely to happen after Mbed TLS 4.0, therefore the next major version of Mbed TLS will likely keep the existing `lms.h` interface. - -### PK format support interfaces - -The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. - -In Mbed TLS 4.0, we are planning to keep the ASN.1 interfaces mostly unchanged. The evolution of Base64, OID and PEM as separate interfaces is still undecided at the time of writing. - -## EC-JPAKE - -The PSA API exposes EC-JPAKE via the algorithm [`PSA_ALG_JPAKE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#c.PSA_ALG_JPAKE) and the PAKE API functions. At the time of writing, the PAKE API is still experimental, but it should offer the same functionality as the legacy `ecjpake.h`. Please consult the documentation of your version of Mbed TLS for more information. - -Please note a few differences between the two APIs: the legacy API is geared towards the use of EC-JPAKE in TLS 1.2, whereas the PSA API is protocol-agnostic. - -* The PSA API is finer-grained and offers more flexibility in message ordering. Where the legacy API makes a single function call, the PSA API may require multiple calls. -* The legacy API uses the TLS 1.2 wire format in the input or output format of several functions. In particular, one of the messages embeds the curve identifier in the TLS protocol. The PSA API uses protocol-agnostic formats. -* The legacy API always applies the key derivation specified by TLS 1.2 to the shared secret. With the PSA API, use a key derivation with `PSA_ALG_TLS12_ECJPAKE_TO_PMS` for the same calculation. diff --git a/docs/redirects.yaml b/docs/redirects.yaml deleted file mode 100644 index 969ffe43c..000000000 --- a/docs/redirects.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Readthedocs redirects -# See https://docs.readthedocs.io/en/stable/user-defined-redirects.html -# -# Changes to this file do not take effect until they are merged into the -# 'development' branch. This is because the API token (RTD_TOKEN) is not -# made available in PR jobs - preventing bad actors from crafting PRs to -# expose it. - -- type: exact - from_url: /projects/api/en/latest/* - to_url: /projects/api/en/development/:splat diff --git a/docs/requirements.in b/docs/requirements.in deleted file mode 100644 index 14d618c79..000000000 --- a/docs/requirements.in +++ /dev/null @@ -1,3 +0,0 @@ -breathe -readthedocs-cli -sphinx-rtd-theme diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index 2287b2a72..000000000 --- a/docs/requirements.txt +++ /dev/null @@ -1,84 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.8 -# by the following command: -# -# pip-compile requirements.in -# -alabaster==0.7.13 - # via sphinx -babel==2.15.0 - # via sphinx -breathe==4.35.0 - # via -r requirements.in -certifi==2024.7.4 - # via requests -charset-normalizer==3.3.2 - # via requests -click==8.1.7 - # via readthedocs-cli -docutils==0.20.1 - # via - # breathe - # sphinx - # sphinx-rtd-theme -idna==3.7 - # via requests -imagesize==1.4.1 - # via sphinx -importlib-metadata==8.0.0 - # via sphinx -jinja2==3.1.4 - # via sphinx -markdown-it-py==3.0.0 - # via rich -markupsafe==2.1.5 - # via jinja2 -mdurl==0.1.2 - # via markdown-it-py -packaging==24.1 - # via sphinx -pygments==2.18.0 - # via - # rich - # sphinx -pytz==2024.1 - # via babel -pyyaml==6.0.1 - # via readthedocs-cli -readthedocs-cli==4 - # via -r requirements.in -requests==2.32.3 - # via - # readthedocs-cli - # sphinx -rich==13.7.1 - # via readthedocs-cli -snowballstemmer==2.2.0 - # via sphinx -sphinx==7.1.2 - # via - # breathe - # sphinx-rtd-theme - # sphinxcontrib-jquery -sphinx-rtd-theme==2.0.0 - # via -r requirements.in -sphinxcontrib-applehelp==1.0.4 - # via sphinx -sphinxcontrib-devhelp==1.0.2 - # via sphinx -sphinxcontrib-htmlhelp==2.0.1 - # via sphinx -sphinxcontrib-jquery==4.1 - # via sphinx-rtd-theme -sphinxcontrib-jsmath==1.0.1 - # via sphinx -sphinxcontrib-qthelp==1.0.3 - # via sphinx -sphinxcontrib-serializinghtml==1.1.5 - # via sphinx -typing-extensions==4.12.2 - # via rich -urllib3==2.2.2 - # via requests -zipp==3.19.2 - # via importlib-metadata diff --git a/docs/tls13-early-data.md b/docs/tls13-early-data.md deleted file mode 100644 index 4b6f5d305..000000000 --- a/docs/tls13-early-data.md +++ /dev/null @@ -1,192 +0,0 @@ - -Writing early data ------------------- - -An application function to write and send a buffer of data to a server through -TLS may plausibly look like: - -``` -int write_data(mbedtls_ssl_context *ssl, - const unsigned char *data_to_write, - size_t data_to_write_len, - size_t *data_written) -{ - int ret; - *data_written = 0; - - while (*data_written < data_to_write_len) { - ret = mbedtls_ssl_write(ssl, data_to_write + *data_written, - data_to_write_len - *data_written); - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - - *data_written += ret; - } - - return 0; -} -``` -where ssl is the SSL context to use, data_to_write the address of the data -buffer and data_to_write_len the number of data bytes. The handshake may -not be completed, not even started for the SSL context ssl when the function is -called and in that case the mbedtls_ssl_write() API takes care transparently of -completing the handshake before to write and send data to the server. The -mbedtls_ssl_write() may not be able to write and send all data in one go thus -the need for a loop calling it as long as there are still data to write and -send. - -An application function to write and send early data and only early data, -data sent during the first flight of client messages while the handshake is in -its initial phase, would look completely similar but the call to -mbedtls_ssl_write_early_data() instead of mbedtls_ssl_write(). -``` -int write_early_data(mbedtls_ssl_context *ssl, - const unsigned char *data_to_write, - size_t data_to_write_len, - size_t *data_written) -{ - int ret; - *data_written = 0; - - while (*data_written < data_to_write_len) { - ret = mbedtls_ssl_write_early_data(ssl, data_to_write + *data_written, - data_to_write_len - *data_written); - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - - *data_written += ret; - } - - return 0; -} -``` -Note that compared to write_data(), write_early_data() can also return -MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA and that should be handled -specifically by the user of write_early_data(). A fresh SSL context (typically -just after a call to mbedtls_ssl_setup() or mbedtls_ssl_session_reset()) would -be expected when calling `write_early_data`. - -All together, code to write and send a buffer of data as long as possible as -early data and then as standard post-handshake application data could -plausibly look like: - -``` -ret = write_early_data(ssl, - data_to_write, - data_to_write_len, - &early_data_written); -if (ret < 0 && - ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { - goto error; -} - -ret = write_data(ssl, - data_to_write + early_data_written, - data_to_write_len - early_data_written, - &data_written); -if (ret < 0) { - goto error; -} - -data_written += early_data_written; -``` - -Finally, taking into account that the server may reject early data, application -code to write and send a buffer of data could plausibly look like: -``` -ret = write_early_data(ssl, - data_to_write, - data_to_write_len, - &early_data_written); -if (ret < 0 && - ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { - goto error; -} - -/* - * Make sure the handshake is completed as it is a requisite of - * mbedtls_ssl_get_early_data_status(). - */ -while (!mbedtls_ssl_is_handshake_over(ssl)) { - ret = mbedtls_ssl_handshake(ssl); - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - goto error; - } -} - -ret = mbedtls_ssl_get_early_data_status(ssl); -if (ret < 0) { - goto error; -} - -if (ret == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { - early_data_written = 0; -} - -ret = write_data(ssl, - data_to_write + early_data_written, - data_to_write_len - early_data_written, - &data_written); -if (ret < 0) { - goto error; -} - -data_written += early_data_written; -``` - -Reading early data ------------------- -Mbed TLS provides the mbedtls_ssl_read_early_data() API to read the early data -that a TLS 1.3 server might receive during the TLS 1.3 handshake. - -While establishing a TLS 1.3 connection with a client using a combination -of the mbedtls_ssl_handshake(), mbedtls_ssl_read() and mbedtls_ssl_write() APIs, -the reception of early data is signaled by an API returning the -MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code. Early data can then be read -with the mbedtls_ssl_read_early_data() API. - -For example, a typical code to establish a TLS connection, where ssl is the SSL -context to use: -``` -while ((int ret = mbedtls_ssl_handshake(&ssl)) != 0) { - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } -} -``` -could be adapted to handle early data in the following way: -``` -size_t data_read_len = 0; -while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - - if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { - ret = mbedtls_ssl_read_early_data(&ssl, - buffer + data_read_len, - sizeof(buffer) - data_read_len); - if (ret < 0) { - break; - } - data_read_len += ret; - continue; - } - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } -} -``` diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h deleted file mode 100644 index cf77690b3..000000000 --- a/doxygen/input/doc_encdec.h +++ /dev/null @@ -1,54 +0,0 @@ -/** - * \file doc_encdec.h - * - * \brief Encryption/decryption module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup encdec_module Encryption/decryption module - * - * The Encryption/decryption module provides encryption/decryption functions. - * One can differentiate between symmetric and asymmetric algorithms; the - * symmetric ones are mostly used for message confidentiality and the asymmetric - * ones for key exchange and message integrity. - * Some symmetric algorithms provide different block cipher modes, mainly - * Electronic Code Book (ECB) which is used for short (64-bit) messages and - * Cipher Block Chaining (CBC) which provides the structure needed for longer - * messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode, - * Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for - * specific algorithms. - * - * All symmetric encryption algorithms are accessible via the generic cipher layer - * (see \c mbedtls_cipher_setup()). - * - * The asymmetric encryption algorithms are accessible via the generic public - * key layer (see \c mbedtls_pk_init()). - * - * The following algorithms are provided: - * - Symmetric: - * - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and - * \c mbedtls_aes_crypt_ctr()). - * - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(), - * \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()). - * - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb() - * and \c mbedtls_des3_crypt_cbc()). - * - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init()) - * - Asymmetric: - * - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public() - * and \c mbedtls_dhm_calc_secret()). - * - RSA (see \c mbedtls_rsa_public() and \c mbedtls_rsa_private()). - * - Elliptic Curves over GF(p) (see \c mbedtls_ecp_point_init()). - * - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c mbedtls_ecdsa_init()). - * - Elliptic Curve Diffie Hellman (ECDH) (see \c mbedtls_ecdh_init()). - * - * This module provides encryption/decryption which can be used to provide - * secrecy. - * - * It also provides asymmetric key functions which can be used for - * confidentiality, integrity, authentication and non-repudiation. - */ diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h deleted file mode 100644 index 83613bfa9..000000000 --- a/doxygen/input/doc_hashing.h +++ /dev/null @@ -1,30 +0,0 @@ -/** - * \file doc_hashing.h - * - * \brief Hashing module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup hashing_module Hashing module - * - * The Message Digest (MD) or Hashing module provides one-way hashing - * functions. Such functions can be used for creating a hash message - * authentication code (HMAC) when sending a message. Such a HMAC can be used - * in combination with a private key for authentication, which is a message - * integrity control. - * - * All hash algorithms can be accessed via the generic MD layer (see - * \c mbedtls_md_setup()) - * - * The following hashing-algorithms are provided: - * - MD5 128-bit one-way hash function by Ron Rivest. - * - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by - * NIST and NSA. - * - * This module provides one-way hashing which can be used for authentication. - */ diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h deleted file mode 100644 index fb4439adc..000000000 --- a/doxygen/input/doc_mainpage.h +++ /dev/null @@ -1,19 +0,0 @@ -/** - * \file doc_mainpage.h - * - * \brief Main page documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @mainpage Mbed TLS v4.0.0 API Documentation - * - * This documentation describes the internal structure of Mbed TLS. It was - * automatically generated from specially formatted comment blocks in - * Mbed TLS's source code using Doxygen. (See - * https://www.doxygen.nl for more information on Doxygen) - */ diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h deleted file mode 100644 index 22608a879..000000000 --- a/doxygen/input/doc_rng.h +++ /dev/null @@ -1,27 +0,0 @@ -/** - * \file doc_rng.h - * - * \brief Random number generator (RNG) module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup rng_module Random number generator (RNG) module - * - * The Random number generator (RNG) module provides random number - * generation, see \c mbedtls_ctr_drbg_random(). - * - * The block-cipher counter-mode based deterministic random - * bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external - * source of entropy. For these purposes \c mbedtls_entropy_func() can be used. - * This is an implementation based on a simple entropy accumulator design. - * - * Meaning that there seems to be no practical algorithm that can guess - * the next bit with a probability larger than 1/2 in an output sequence. - * - * This module can be used to generate random numbers. - */ diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h deleted file mode 100644 index 5757574f3..000000000 --- a/doxygen/input/doc_ssltls.h +++ /dev/null @@ -1,37 +0,0 @@ -/** - * \file doc_ssltls.h - * - * \brief SSL/TLS communication module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup ssltls_communication_module SSL/TLS communication module - * - * The SSL/TLS communication module provides the means to create an SSL/TLS - * communication channel. - * - * The basic provisions are: - * - initialise an SSL/TLS context (see \c mbedtls_ssl_init()). - * - perform an SSL/TLS handshake (see \c mbedtls_ssl_handshake()). - * - read/write (see \c mbedtls_ssl_read() and \c mbedtls_ssl_write()). - * - notify a peer that connection is being closed (see \c mbedtls_ssl_close_notify()). - * - * Many aspects of such a channel are set through parameters and callback - * functions: - * - the endpoint role: client or server. - * - the authentication mode. Should verification take place. - * - the Host-to-host communication channel. A TCP/IP module is provided. - * - the random number generator (RNG). - * - the ciphers to use for encryption/decryption. - * - session control functions. - * - X.509 parameters for certificate-handling and key exchange. - * - * This module can be used to create an SSL/TLS server and client and to provide a basic - * framework to setup and communicate through an SSL/TLS communication channel.\n - * Note that you need to provide for several aspects yourself as mentioned above. - */ diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h deleted file mode 100644 index f8d8c6905..000000000 --- a/doxygen/input/doc_tcpip.h +++ /dev/null @@ -1,32 +0,0 @@ -/** - * \file doc_tcpip.h - * - * \brief TCP/IP communication module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup tcpip_communication_module TCP/IP communication module - * - * The TCP/IP communication module provides for a channel of - * communication for the \link ssltls_communication_module SSL/TLS communication - * module\endlink to use. - * In the TCP/IP-model it provides for communication up to the Transport - * (or Host-to-host) layer. - * SSL/TLS resides on top of that, in the Application layer, and makes use of - * its basic provisions: - * - listening on a port (see \c mbedtls_net_bind()). - * - accepting a connection (through \c mbedtls_net_accept()). - * - read/write (through \c mbedtls_net_recv()/\c mbedtls_net_send()). - * - close a connection (through \c mbedtls_net_close()). - * - * This way you have the means to, for example, implement and use an UDP or - * IPSec communication solution as a basis. - * - * This module can be used at server- and clientside to provide a basic - * means of communication over the internet. - */ diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h deleted file mode 100644 index 945830f11..000000000 --- a/doxygen/input/doc_x509.h +++ /dev/null @@ -1,31 +0,0 @@ -/** - * \file doc_x509.h - * - * \brief X.509 module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup x509_module X.509 module - * - * The X.509 module provides X.509 support for reading, writing and verification - * of certificates. - * In summary: - * - X.509 certificate (CRT) reading (see \c mbedtls_x509_crt_parse(), - * \c mbedtls_x509_crt_parse_der(), \c mbedtls_x509_crt_parse_file()). - * - X.509 certificate revocation list (CRL) reading (see - * \c mbedtls_x509_crl_parse(), \c mbedtls_x509_crl_parse_der(), - * and \c mbedtls_x509_crl_parse_file()). - * - X.509 certificate signature verification (see \c - * mbedtls_x509_crt_verify() and \c mbedtls_x509_crt_verify_with_profile(). - * - X.509 certificate writing and certificate request writing (see - * \c mbedtls_x509write_crt_der() and \c mbedtls_x509write_csr_der()). - * - * This module can be used to build a certificate authority (CA) chain and - * verify its signature. It is also used to generate Certificate Signing - * Requests and X.509 certificates just as a CA would do. - */ diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile deleted file mode 100644 index 6b09ae39a..000000000 --- a/doxygen/mbedtls.doxyfile +++ /dev/null @@ -1,56 +0,0 @@ -PROJECT_NAME = "Mbed TLS v4.0.0" -OUTPUT_DIRECTORY = ../apidoc/ -FULL_PATH_NAMES = NO -OPTIMIZE_OUTPUT_FOR_C = YES -EXTRACT_ALL = YES -EXTRACT_PRIVATE = YES -EXTRACT_STATIC = YES -CASE_SENSE_NAMES = NO -INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy -EXCLUDE = ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h -FILE_PATTERNS = *.h -RECURSIVE = YES -EXCLUDE_SYMLINKS = YES -SOURCE_BROWSER = YES -REFERENCED_BY_RELATION = YES -REFERENCES_RELATION = YES -ALPHABETICAL_INDEX = NO -HTML_OUTPUT = . -HTML_TIMESTAMP = YES -SEARCHENGINE = YES -GENERATE_LATEX = NO -GENERATE_XML = YES -MACRO_EXPANSION = YES -EXPAND_ONLY_PREDEF = YES -INCLUDE_PATH = ../include ../tf-psa-crypto/include ../tf-psa-crypto/drivers/builtin/include -EXPAND_AS_DEFINED = MBEDTLS_PRIVATE -CLASS_DIAGRAMS = NO -HAVE_DOT = YES -DOT_GRAPH_MAX_NODES = 200 -MAX_DOT_GRAPH_DEPTH = 1000 -DOT_TRANSPARENT = YES - -# We mostly use \retval declarations to document which error codes a function -# can return. The reader can follow the hyperlink to the definition of the -# constant to get the generic documentation of that error code. If we don't -# have anything to say about the specific error code for the specific -# function, we can leave the description part of the \retval command blank. -# This is perfectly valid as far as Doxygen is concerned. However, with -# Clang >=15, the -Wdocumentation option emits a warning for empty -# descriptions. -# https://github.com/Mbed-TLS/mbedtls/issues/6960 -# https://github.com/llvm/llvm-project/issues/60315 -# As a workaround, you can write something like -# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription -# This avoids writing redundant text and keeps Clang happy. -ALIASES += emptydescription="" - -# Define away Mbed TLS macros that make parsing definitions difficult. -# MBEDTLS_DEPRECATED is not included in this list as it's important to -# display deprecated status in the documentation. -PREDEFINED = "MBEDTLS_CHECK_RETURN_CRITICAL=" \ - "MBEDTLS_CHECK_RETURN_TYPICAL=" \ - "MBEDTLS_CHECK_RETURN_OPTIONAL=" \ - "MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \ - "__DOXYGEN__" \ - diff --git a/framework b/framework deleted file mode 160000 index 81dfe001e..000000000 --- a/framework +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 81dfe001e19c8d2c09d2ac1df2f5d655b0f04a7d diff --git a/include/.gitignore b/include/.gitignore deleted file mode 100644 index bf67d02ed..000000000 --- a/include/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -Makefile -*.sln -*.vcxproj -mbedtls/check_config diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt deleted file mode 100644 index 755efedd1..000000000 --- a/include/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON) - -if(INSTALL_MBEDTLS_HEADERS) - - file(GLOB headers "mbedtls/*.h") - - install(FILES ${headers} - DESTINATION include/mbedtls - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) -endif(INSTALL_MBEDTLS_HEADERS) - -# Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it. -if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - link_to_source(mbedtls) -endif() diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h deleted file mode 100644 index 534f01658..000000000 --- a/include/mbedtls/build_info.h +++ /dev/null @@ -1,90 +0,0 @@ -/** - * \file mbedtls/build_info.h - * - * \brief Build-time configuration info - * - * Include this file if you need to depend on the - * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_BUILD_INFO_H -#define MBEDTLS_BUILD_INFO_H - -#include "tf-psa-crypto/build_info.h" - -/* - * This set of compile-time defines can be used to determine the version number - * of the Mbed TLS library used. Run-time variables for the same can be found in - * version.h - */ - -/** - * The version number x.y.z is split into three parts. - * Major, Minor, Patchlevel - */ -#define MBEDTLS_VERSION_MAJOR 4 -#define MBEDTLS_VERSION_MINOR 0 -#define MBEDTLS_VERSION_PATCH 0 - -/** - * The single version number has the following structure: - * MMNNPP00 - * Major version | Minor version | Patch version - */ -#define MBEDTLS_VERSION_NUMBER 0x04000000 -#define MBEDTLS_VERSION_STRING "4.0.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 4.0.0" - -#if defined(MBEDTLS_CONFIG_FILES_READ) -#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!" -#endif -#if defined(MBEDTLS_CONFIG_IS_FINALIZED) -#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!" -#endif - -/* X.509 and TLS configuration */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/mbedtls_config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_CONFIG_VERSION) && ( \ - MBEDTLS_CONFIG_VERSION < 0x03000000 || \ - MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER) -#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" -#endif - -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -/* Indicate that all configuration files have been read. - * It is now time to adjust the configuration (follow through on dependencies, - * make PSA and legacy crypto consistent, etc.). - */ -#define MBEDTLS_CONFIG_FILES_READ - -#include "mbedtls/config_adjust_x509.h" - -#include "mbedtls/config_adjust_ssl.h" - -/* Indicate that all configuration symbols are set, - * even the ones that are calculated programmatically. - * It is now safe to query the configuration (to check it, to size buffers, - * etc.). - */ -#define MBEDTLS_CONFIG_IS_FINALIZED - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h deleted file mode 100644 index 9deb14fc1..000000000 --- a/include/mbedtls/check_config.h +++ /dev/null @@ -1,435 +0,0 @@ -/** - * \file mbedtls/check_config.h - * - * \brief Consistency checks for configuration options - * - * This is an internal header. Do not include it directly. - * - * This header is included automatically by all public Mbed TLS headers - * (via mbedtls/build_info.h). Do not include it directly in a configuration - * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE! - * It would run at the wrong time due to missing derived symbols. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CHECK_CONFIG_H -#define MBEDTLS_CHECK_CONFIG_H - -/* *INDENT-OFF* */ - -#if !defined(MBEDTLS_CONFIG_IS_FINALIZED) -#warning "Do not include mbedtls/check_config.h manually! " \ - "This may cause spurious errors. " \ - "It is included automatically at the right point since Mbed TLS 3.0." -#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */ - -#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) -#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS" -#endif - -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME) -#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" -#endif - -/* Limitations on ECC curves acceleration: partial curve acceleration is only - * supported with crypto excluding PK, X.509 or TLS. - * Note: no need to check X.509 as it depends on PK. */ -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) -#if defined(MBEDTLS_SSL_TLS_C) -#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md" -#endif /* modules beyond what's supported */ -#endif /* not all curves accelerated */ -#endif /* some curve accelerated */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || \ - !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C) -#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_CAN_ECDH) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || \ - !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(PSA_WANT_ALG_JPAKE) || \ - !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ - !defined(PSA_WANT_ECC_SECP_R1_256) ) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_ECJPAKE_C) || \ - !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* Use of EC J-PAKE in TLS requires SHA-256. */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(PSA_WANT_ALG_SHA_256) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ - !defined(PSA_WANT_ALG_SHA_256) && \ - !defined(PSA_WANT_ALG_SHA_512) && \ - !defined(PSA_WANT_ALG_SHA_1) -#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1". -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) -#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" -#endif - -/* TLS 1.3 requires separate HKDF parts from PSA, - * and at least one ciphersuite, so at least SHA-256 or SHA-384 - * from PSA to use with HKDF. - * - * Note: for dependencies common with TLS 1.2 (running handshake hash), - * see MBEDTLS_SSL_TLS_C. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ - defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ - defined(PSA_WANT_ALG_HKDF_EXPAND) && \ - (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))) -#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ - defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) ) -#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" -#endif -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#if !( defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) ) -#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites" -#endif -#endif - -/* - * The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#error "MBEDTLS_SSL_PROTO_TLS1_3 defined without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) -#error "One or more versions of the TLS protocol are enabled " \ - "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) && \ - ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ - ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ - !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) ) -#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \ - ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \ - (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX)) -#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)" -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && !defined(MBEDTLS_X509_CRT_PARSE_C) -#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \ - defined(MBEDTLS_USE_PSA_CRYPTO)) -#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" -#endif - -/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */ -#if defined(MBEDTLS_SSL_TLS_C) && \ - !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)) -#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && \ - !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) -#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active" -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS) -#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \ - !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ - MBEDTLS_SSL_CID_IN_LEN_MAX > 255 -#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ - MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 -#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 -#if defined(MBEDTLS_DEPRECATED_REMOVED) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#elif defined(MBEDTLS_DEPRECATED_WARNING) -#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#endif -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \ - !defined(MBEDTLS_USE_PSA_CRYPTO) ) -#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TICKET_C) && \ - !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \ - defined(PSA_WANT_ALG_CHACHA20_POLY1305) ) -#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \ - MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256 -#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256" -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - !defined(MBEDTLS_X509_CRT_PARSE_C) -#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C) -#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_USE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) -#error "MBEDTLS_X509_USE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CREATE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) -#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) && \ - ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) ) -#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && ( !defined(MBEDTLS_SSL_PROTO_TLS1_3) ) -#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \ - !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \ - defined(PSA_WANT_ALG_CHACHA20_POLY1305) ) -#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" -#endif - -/* Reject attempts to enable options that have been removed and that could - * cause a build to succeed but with features removed. */ - -#if defined(MBEDTLS_HAVEGE_C) //no-check-names -#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599" -#endif - -#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names -#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names -#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names -#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names -#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names -#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates." -#endif - -#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names -#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names -#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313" -#endif - -#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names -#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names -#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335" -#endif - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names -#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341" -#endif - -#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ - ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ - ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \ - ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \ - ( !defined(MBEDTLS_MD_C) ) ) -#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" -#endif - -/* *INDENT-ON* */ -#endif /* MBEDTLS_CHECK_CONFIG_H */ diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h deleted file mode 100644 index 096341ba7..000000000 --- a/include/mbedtls/compat-2.x.h +++ /dev/null @@ -1,46 +0,0 @@ -/** - * \file compat-2.x.h - * - * \brief Compatibility definitions - * - * \deprecated Use the new names directly instead - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Including compat-2.x.h is deprecated" -#endif - -#ifndef MBEDTLS_COMPAT2X_H -#define MBEDTLS_COMPAT2X_H - -/* - * Macros for renamed functions - */ -#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update -#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update -#define mbedtls_md5_starts_ret mbedtls_md5_starts -#define mbedtls_md5_update_ret mbedtls_md5_update -#define mbedtls_md5_finish_ret mbedtls_md5_finish -#define mbedtls_md5_ret mbedtls_md5 -#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts -#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update -#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish -#define mbedtls_ripemd160_ret mbedtls_ripemd160 -#define mbedtls_sha1_starts_ret mbedtls_sha1_starts -#define mbedtls_sha1_update_ret mbedtls_sha1_update -#define mbedtls_sha1_finish_ret mbedtls_sha1_finish -#define mbedtls_sha1_ret mbedtls_sha1 -#define mbedtls_sha256_starts_ret mbedtls_sha256_starts -#define mbedtls_sha256_update_ret mbedtls_sha256_update -#define mbedtls_sha256_finish_ret mbedtls_sha256_finish -#define mbedtls_sha256_ret mbedtls_sha256 -#define mbedtls_sha512_starts_ret mbedtls_sha512_starts -#define mbedtls_sha512_update_ret mbedtls_sha512_update -#define mbedtls_sha512_finish_ret mbedtls_sha512_finish -#define mbedtls_sha512_ret mbedtls_sha512 - -#endif /* MBEDTLS_COMPAT2X_H */ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h deleted file mode 100644 index ce90991c1..000000000 --- a/include/mbedtls/config_adjust_ssl.h +++ /dev/null @@ -1,90 +0,0 @@ -/** - * \file mbedtls/config_adjust_ssl.h - * \brief Adjust TLS configuration - * - * This is an internal header. Do not include it directly. - * - * Automatically enable certain dependencies. Generally, MBEDTLS_xxx - * configurations need to be explicitly enabled by the user: enabling - * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a - * compilation error. However, we do automatically enable certain options - * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option - * used to identify parts of a module that are used by other module, and we - * don't want to make the symbol MBEDTLS_xxx_B part of the public API. - * Another case is if A didn't depend on B in earlier versions, and we - * want to use B in A but we need to preserve backward compatibility with - * configurations that explicitly activate MBEDTLS_xxx_A but not - * MBEDTLS_xxx_B. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H -#define MBEDTLS_CONFIG_ADJUST_SSL_H - -#if !defined(MBEDTLS_CONFIG_FILES_READ) -#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ - "up to and including runtime errors such as buffer overflows. " \ - "If you're trying to fix a complaint from check_config.h, just remove " \ - "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right point." -#endif /* */ - -/* The following blocks make it easier to disable all of TLS, - * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all - * key exchanges, options and extensions related to them. */ - -#if !defined(MBEDTLS_SSL_TLS_C) -#undef MBEDTLS_SSL_CLI_C -#undef MBEDTLS_SSL_SRV_C -#undef MBEDTLS_SSL_PROTO_TLS1_3 -#undef MBEDTLS_SSL_PROTO_TLS1_2 -#undef MBEDTLS_SSL_PROTO_DTLS -#endif - -#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)) -#undef MBEDTLS_SSL_TICKET_C -#endif - -#if !defined(MBEDTLS_SSL_PROTO_DTLS) -#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT -#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY -#undef MBEDTLS_SSL_DTLS_SRTP -#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#endif - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC -#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#undef MBEDTLS_SSL_RENEGOTIATION -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#endif - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#undef MBEDTLS_SSL_EARLY_DATA -#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) -#define MBEDTLS_SSL_TLS1_2_SOME_ECC -#endif - -#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */ diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h deleted file mode 100644 index cfb2d8891..000000000 --- a/include/mbedtls/config_adjust_x509.h +++ /dev/null @@ -1,35 +0,0 @@ -/** - * \file mbedtls/config_adjust_x509.h - * \brief Adjust X.509 configuration - * - * This is an internal header. Do not include it directly. - * - * Automatically enable certain dependencies. Generally, MBEDTLS_xxx - * configurations need to be explicitly enabled by the user: enabling - * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a - * compilation error. However, we do automatically enable certain options - * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option - * used to identify parts of a module that are used by other module, and we - * don't want to make the symbol MBEDTLS_xxx_B part of the public API. - * Another case is if A didn't depend on B in earlier versions, and we - * want to use B in A but we need to preserve backward compatibility with - * configurations that explicitly activate MBEDTLS_xxx_A but not - * MBEDTLS_xxx_B. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CONFIG_ADJUST_X509_H -#define MBEDTLS_CONFIG_ADJUST_X509_H - -#if !defined(MBEDTLS_CONFIG_FILES_READ) -#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ - "up to and including runtime errors such as buffer overflows. " \ - "If you're trying to fix a complaint from check_config.h, just remove " \ - "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right point." -#endif /* */ - -#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */ diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h deleted file mode 100644 index 424ed4b3f..000000000 --- a/include/mbedtls/debug.h +++ /dev/null @@ -1,156 +0,0 @@ -/** - * \file debug.h - * - * \brief Functions for controlling and providing debug output from the library. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_DEBUG_H -#define MBEDTLS_DEBUG_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" -#endif - -#if defined(MBEDTLS_DEBUG_C) - -#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ - -#define MBEDTLS_SSL_DEBUG_MSG(level, args) \ - mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ - MBEDTLS_DEBUG_STRIP_PARENS args) - -#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \ - mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) - -#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ - mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) - -#if defined(MBEDTLS_BIGNUM_C) -#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \ - mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X) -#endif - -#if defined(MBEDTLS_ECP_C) -#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \ - mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X) -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ - mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt) -#else -#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \ - mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr) -#endif - -#else /* MBEDTLS_DEBUG_C */ - -#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) -#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0) -#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0) -#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0) -#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) -#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0) - -#endif /* MBEDTLS_DEBUG_C */ - -/** - * \def MBEDTLS_PRINTF_ATTRIBUTE - * - * Mark a function as having printf attributes, and thus enable checking - * via -wFormat and other flags. This does nothing on builds with compilers - * that do not support the format attribute - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. - */ -#if defined(__has_attribute) -#if __has_attribute(format) -#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((__format__(gnu_printf, string_index, first_to_check))) -#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((format(printf, string_index, first_to_check))) -#endif -#else /* __has_attribute(format) */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#endif /* __has_attribute(format) */ -#else /* defined(__has_attribute) */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#endif - -/** - * \def MBEDTLS_PRINTF_SIZET - * - * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers - * and MinGW we need to define the printf specifier for size_t - * and long long per platform. - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. - */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ - -#if !defined(MBEDTLS_PRINTF_MS_TIME) -#include -#if !defined(PRId64) -#define MBEDTLS_PRINTF_MS_TIME MBEDTLS_PRINTF_LONGLONG -#else -#define MBEDTLS_PRINTF_MS_TIME PRId64 -#endif -#endif /* MBEDTLS_PRINTF_MS_TIME */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Set the threshold error level to handle globally all debug output. - * Debug messages that have a level over the threshold value are - * discarded. - * (Default value: 0 = No debug ) - * - * \param threshold threshold level of messages to filter on. Messages at a - * higher level will be discarded. - * - Debug levels - * - 0 No debug - * - 1 Error - * - 2 State change - * - 3 Informational - * - 4 Verbose - */ -void mbedtls_debug_set_threshold(int threshold); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_DEBUG_H */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h deleted file mode 100644 index 8b7c19aa5..000000000 --- a/include/mbedtls/error.h +++ /dev/null @@ -1,67 +0,0 @@ -/** - * \file error.h - * - * \brief Error to string translation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_ERROR_H -#define MBEDTLS_ERROR_H - -#include "mbedtls/build_info.h" -#include "mbedtls/error_common.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Translate an Mbed TLS error code into a string representation. - * The result is truncated if necessary and always includes a - * terminating null byte. - * - * \param errnum error code - * \param buffer buffer to place representation in - * \param buflen length of the buffer - */ -void mbedtls_strerror(int errnum, char *buffer, size_t buflen); - -/** - * \brief Translate the high-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_high_level_strerr(int error_code); - -/** - * \brief Translate the low-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_low_level_strerr(int error_code); - -#ifdef __cplusplus -} -#endif - -#endif /* error.h */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h deleted file mode 100644 index 64bf7eeaa..000000000 --- a/include/mbedtls/mbedtls_config.h +++ /dev/null @@ -1,1335 +0,0 @@ -/** - * \file mbedtls_config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * This is an optional version symbol that enables compatibility handling of - * config files. - * - * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that - * introduced the config format we want to be compatible with. - */ -//#define MBEDTLS_CONFIG_VERSION 0x03000000 - -/** - * \name SECTION: Platform abstraction layer - * - * This section sets platform specific settings. - * \{ - */ - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP and UDP over IPv6/IPv4 networking routines. - * - * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) - * and Windows. For other platforms, you'll want to disable it, and write your - * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/net_sockets.c - * - * This module provides networking routines. - */ -#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note The timing module will include time.h on suitable platforms - * regardless of the setting of MBEDTLS_HAVE_TIME, unless - * MBEDTLS_TIMING_ALT is used. See timing.c for more information. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - */ -#define MBEDTLS_TIMING_C - -/** \} name SECTION: Platform abstraction layer */ - -/** - * \name SECTION: General configuration options - * - * This section contains Mbed TLS build settings that are not associated - * with a particular module. - * \{ - */ - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_CONFIG_FILE - * - * If defined, this is a header which will be included instead of - * `"mbedtls/mbedtls_config.h"`. - * This header file specifies the compile-time configuration of Mbed TLS. - * Unlike other configuration options, this one must be defined on the - * compiler command line: a definition in `mbedtls_config.h` would have - * no effect. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" - -/** - * \def MBEDTLS_USER_CONFIG_FILE - * - * If defined, this is a header which will be included after - * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. - * This allows you to modify the default configuration, including the ability - * to undefine options that are enabled by default. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" - -/** \} name SECTION: General configuration options */ - -/** - * \name SECTION: TLS feature selection - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_msg.c - * library/ssl_tls.c - * library/ssl_tls12_*.c - * library/ssl_tls13_*.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C - * MBEDTLS_PKCS1_V15 - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE - * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, Mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl*_client.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * \warning You must call psa_crypto_init() before doing any TLS operations. - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION - * - * Enable serialization of the TLS context structures, through use of the - * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). - * - * This pair of functions allows one side of a connection to serialize the - * context associated with the connection, then free or re-use that context - * while the serialized state is persisted elsewhere, and finally deserialize - * that state to a live context for resuming read/write operations on the - * connection. From a protocol perspective, the state of the connection is - * unaffected, in particular this is entirely transparent to the peer. - * - * Note: this is distinct from TLS session resumption, which is part of the - * protocol and fully visible by the peer. TLS session resumption enables - * establishing new connections associated to a saved session with shorter, - * lighter handshakes, while context serialization is a local optimization in - * handling a single, potentially long-lived connection. - * - * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are - * saved after the handshake to allow for more efficient serialization, so if - * you don't need this feature you'll save RAM by disabling it. - * - * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C - * - * Comment to disable the context serialization APIs. - */ -#define MBEDTLS_SSL_CONTEXT_SERIALIZATION - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID - * - * Enable support for the DTLS Connection ID (CID) extension, - * which allows to identify DTLS connections across changes - * in the underlying transport. The CID functionality is described - * in RFC 9146. - * - * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, - * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and - * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for - * more information. - * - * The maximum lengths of outgoing and incoming CIDs can be configured - * through the options - * - MBEDTLS_SSL_CID_OUT_LEN_MAX - * - MBEDTLS_SSL_CID_IN_LEN_MAX. - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Uncomment to enable the Connection ID extension. - */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID - -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - * - * Defines whether RFC 9146 (default) or the legacy version - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) - * is used. - * - * Set the value to 0 for the standard version, and - * 1 for the legacy draft version. - * - * \deprecated Support for the legacy version of the DTLS - * Connection ID feature is deprecated. Please - * switch to the standardized version defined - * in RFC 9146 enabled by utilizing - * MBEDTLS_SSL_DTLS_CONNECTION_ID without use - * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. - * - * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID - */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can be a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_SRTP - * - * Enable support for negotiation of DTLS-SRTP (RFC 5764) - * through the use_srtp extension. - * - * \note This feature provides the minimum functionality required - * to negotiate the use of DTLS-SRTP and to allow the derivation of - * the associated SRTP packet protection key material. - * In particular, the SRTP packet protection itself, as well as the - * demultiplexing of RTP and DTLS packets at the datagram layer - * (see Section 5 of RFC 5764), are not handled by this feature. - * Instead, after successful completion of a handshake negotiating - * the use of DTLS-SRTP, the extended key exporter API - * mbedtls_ssl_conf_export_keys_cb() should be used to implement - * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 - * (this is implemented in the SSL example programs). - * The resulting key should then be passed to an SRTP stack. - * - * Setting this option enables the runtime API - * mbedtls_ssl_conf_dtls_srtp_protection_profiles() - * through which the supported DTLS-SRTP protection - * profiles can be configured. You must call this API at - * runtime if you wish to negotiate the use of DTLS-SRTP. - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Uncomment this to enable support for use_srtp extension. - */ -//#define MBEDTLS_SSL_DTLS_SRTP - -/** - * \def MBEDTLS_SSL_EARLY_DATA - * - * Enable support for RFC 8446 TLS 1.3 early data. - * - * Requires: MBEDTLS_SSL_SESSION_TICKETS and either - * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or - * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - * - * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 - * is not enabled, this option does not have any effect on the build. - * - * \note The maximum amount of early data can be set with - * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. - * - */ -//#define MBEDTLS_SSL_EARLY_DATA - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for RFC 7627: Session Hash and Extended Master Secret - * Extension. - * - * This was introduced as "the proper fix" to the Triple Handshake family of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * - * This option controls the availability of the API mbedtls_ssl_get_peer_cert() - * giving access to the peer's certificate after completion of the handshake. - * - * Unless you need mbedtls_ssl_peer_cert() in your application, it is - * recommended to disable this option for reduced RAM usage. - * - * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still - * defined, but always returns \c NULL. - * - * \note This option has no influence on the protection against the - * triple handshake attack. Even if it is disabled, Mbed TLS will - * still ensure that certificates do not change during renegotiation, - * for example by keeping a hash of the peer's certificate. - * - * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set. - * - * Comment this macro to disable storing the peer's certificate - * after the handshake. - */ -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_3 - * - * Enable support for TLS 1.3. - * - * \note See docs/architecture/tls13-support.md for a description of the TLS - * 1.3 support that this option enables. - * - * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * Requires: MBEDTLS_PSA_CRYPTO_C - * - * Uncomment this macro to enable the support for TLS 1.3. - */ -#define MBEDTLS_SSL_PROTO_TLS1_3 - -/** - * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT - * - * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only). - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_3 - * - * Uncomment this macro to enable support for the record_size_limit extension - */ -//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Enable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this to disable support for renegotiation. - * - * \note Even if this option is disabled, both client and server are aware - * of the Renegotiation Indication Extension (RFC 5746) used to - * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). - * (See \c mbedtls_ssl_conf_legacy_renegotiation for the - * configuration of this extension). - * - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintenance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl*_server.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * \warning You must call psa_crypto_init() before doing any TLS operations. - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && - * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - * - * Enable TLS 1.3 middlebox compatibility mode. - * - * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility - * mode to make a TLS 1.3 connection more likely to pass through middle boxes - * expecting TLS 1.2 traffic. - * - * Turning on the compatibility mode comes at the cost of a few added bytes - * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations - * that don't use it. Therefore, unless transmission bandwidth is critical and - * you know that middlebox compatibility issues won't occur, it is therefore - * recommended to set this option. - * - * Comment to disable compatibility mode for TLS 1.3. If - * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any - * effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - -/** - * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - * - * Enable TLS 1.3 ephemeral key exchange mode. - * - * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH - * MBEDTLS_X509_CRT_PARSE_C - * and at least one of: - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_PKCS1_V21 - * - * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. - * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any - * effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - -/** - * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - * - * Enable TLS 1.3 PSK key exchange mode. - * - * Comment to disable support for the PSK key exchange mode in TLS 1.3. If - * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any - * effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - -/** - * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - * - * Enable TLS 1.3 PSK ephemeral key exchange mode. - * - * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH - * - * Comment to disable support for the PSK ephemeral key exchange mode in - * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not - * have any effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl*_client.c - * library/ssl*_server.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - * - * When this option is enabled, the SSL buffer will be resized automatically - * based on the negotiated maximum fragment length in each direction. - * - * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - */ -//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ - -/** \def MBEDTLS_SSL_CID_IN_LEN_MAX - * - * The maximum length of CIDs used for incoming DTLS messages. - * - */ -//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 - -/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX - * - * The maximum length of CIDs used for outgoing DTLS messages. - * - */ -//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 - -/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * - * This option controls the use of record plaintext padding - * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. - * - * The padding will always be chosen so that the length of the - * padded plaintext is a multiple of the value of this option. - * - * Note: A value of \c 1 means that no padding will be used - * for outgoing records. - * - * Note: On systems lacking division instructions, - * a power of two should be preferred. - */ -//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING - * - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - * - * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN - * to account for a reassembled handshake message of maximum size, - * together with its reassembly bitmap. - * - * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) - * should be sufficient for all practical situations as it allows - * to reassembly a large handshake message (such as a certificate) - * while buffering multiple smaller handshake messages. - * - */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum length (in bytes) of incoming plaintext fragments. - * - * This determines the size of the incoming TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer. - */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 - -/** - * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - * - * The default maximum amount of 0-RTT data. See the documentation of - * \c mbedtls_ssl_conf_max_early_data_size() for more information. - * - * It must be positive and smaller than UINT32_MAX. - * - * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not - * have any impact on the build. - */ -//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum length (in bytes) of outgoing plaintext fragments. - * - * This determines the size of the outgoing TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. - */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - -/** - * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS - * - * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server - * after handshake completion. This is not used in TLS 1.2 and relevant only if - * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. - * - */ -//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 - -/** - * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - * - * Maximum allowed ticket age difference in milliseconds tolerated between - * server and client. Default value is 6000. This is not used in TLS 1.2. - * - * - The client ticket age is the time difference between the time when the - * client proposes to the server to use the ticket and the time the client - * received the ticket from the server. - * - The server ticket age is the time difference between the time when the - * server receives a proposition from the client to use the ticket and the - * time when the ticket was created by the server. - * - * The ages might be different due to the client and server clocks not running - * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts - * per million (360 to 72 milliseconds per hour). Default tolerance window is - * 6s, thus in the worst case clients and servers must sync up their system time - * every 6000/360/2~=8 hours. - * - * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information. - */ -//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 - -/** - * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH - * - * Size in bytes of a ticket nonce. This is not used in TLS 1.2. - * - * This must be less than 256. - */ -//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 - -/** \} name SECTION: TLS feature selection */ - -/** - * \name SECTION: X.509 feature selection - * - * This section sets Certificate related options. - * \{ - */ - -/** - * \def MBEDTLS_PKCS7_C - * - * Enable PKCS #7 core for using PKCS #7-formatted signatures. - * RFC Link - https://tools.ietf.org/html/rfc2315 - * - * Module: library/pkcs7.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, - * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, - * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C - * - * This module is required for the PKCS #7 parsing modules. - */ -#define MBEDTLS_PKCS7_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, - * - * \warning You must call psa_crypto_init() before doing any X.509 operation. - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_tls.c - * library/ssl*_client.c - * library/ssl*_server.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_X509_REMOVE_INFO - * - * Disable mbedtls_x509_*_info() and related APIs. - * - * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() - * and other functions/constants only used by these functions, thus reducing - * the code footprint by several KB. - */ -//#define MBEDTLS_X509_REMOVE_INFO - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Requires: MBEDTLS_PKCS1_V21 - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - * - * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` - * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure - * the set of trusted certificates through a callback instead of a linked - * list. - * - * This is useful for example in environments where a large number of trusted - * certificates is present and storing them in a linked list isn't efficient - * enough, or when the set of trusted certificates changes frequently. - * - * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and - * `mbedtls_ssl_conf_ca_cb()` for more information. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Uncomment to enable trusted certificate callbacks. - */ -//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C - * - * \warning You must call psa_crypto_init() before doing any X.509 operation. - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ - -/** \} name SECTION: X.509 feature selection */ diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h deleted file mode 100644 index 85c11971d..000000000 --- a/include/mbedtls/net_sockets.h +++ /dev/null @@ -1,299 +0,0 @@ -/** - * \file net_sockets.h - * - * \brief Network sockets abstraction layer to integrate Mbed TLS into a - * BSD-style sockets API. - * - * The network sockets module provides an example integration of the - * Mbed TLS library into a BSD sockets implementation. The module is - * intended to be an example of how Mbed TLS can be integrated into a - * networking stack, as well as to be Mbed TLS's network integration - * for its supported platforms. - * - * The module is intended only to be used with the Mbed TLS library and - * is not intended to be used by third party application software - * directly. - * - * The supported platforms are as follows: - * * Microsoft Windows and Windows CE - * * POSIX/Unix platforms including Linux, OS X - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_NET_SOCKETS_H -#define MBEDTLS_NET_SOCKETS_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#include -#include - -/** Failed to open a socket. */ -#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 -/** The connection to the given server / port failed. */ -#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 -/** Binding of the socket failed. */ -#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 -/** Could not listen on the socket. */ -#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 -/** Could not accept the incoming connection. */ -#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A -/** Reading information from the socket failed. */ -#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C -/** Sending information through the socket failed. */ -#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E -/** Connection was reset by peer. */ -#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 -/** Failed to get an IP address for the given hostname. */ -#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 -/** Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 -/** The context is invalid, eg because it was free()ed. */ -#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 -/** Polling the net context failed. */ -#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 -/** Input invalid. */ -#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 - -#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ - -#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ -#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ - -#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */ -#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Wrapper type for sockets. - * - * Currently backed by just a file descriptor, but might be more in the future - * (eg two file descriptors for combined IPv4 + IPv6 support, or additional - * structures for hand-made UDP demultiplexing). - */ -typedef struct mbedtls_net_context { - /** The underlying file descriptor. - * - * This field is only guaranteed to be present on POSIX/Unix-like platforms. - * On other platforms, it may have a different type, have a different - * meaning, or be absent altogether. - */ - int fd; -} -mbedtls_net_context; - -/** - * \brief Initialize a context - * Just makes the context ready to be used or freed safely. - * - * \param ctx Context to initialize - */ -void mbedtls_net_init(mbedtls_net_context *ctx); - -/** - * \brief Initiate a connection with host:port in the given protocol - * - * \param ctx Socket to use - * \param host Host to connect to - * \param port Port to connect to - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_CONNECT_FAILED - * - * \note Sets the socket in connected mode even with UDP. - */ -int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, const char *port, int proto); - -/** - * \brief Create a receiving socket on bind_ip:port in the chosen - * protocol. If bind_ip == NULL, all interfaces are bound. - * - * \param ctx Socket to use - * \param bind_ip IP to bind to, can be NULL - * \param port Port number to use - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_LISTEN_FAILED - * - * \note Regardless of the protocol, opens the sockets and binds it. - * In addition, make the socket listening if protocol is TCP. - */ -int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto); - -/** - * \brief Accept a connection from a remote client - * - * \param bind_ctx Relevant socket - * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address, can be NULL - * \param buf_size Size of the client_ip buffer - * \param cip_len Will receive the size of the client IP written, - * can be NULL if client_ip is null - * - * \return 0 if successful, or - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to - * non-blocking and accept() would block. - */ -int mbedtls_net_accept(mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *cip_len); - -/** - * \brief Check and wait for the context to be ready for read/write - * - * \note The current implementation of this function uses - * select() and returns an error if the file descriptor - * is \c FD_SETSIZE or greater. - * - * \param ctx Socket to check - * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and - * MBEDTLS_NET_POLL_WRITE specifying the events - * to wait for: - * - If MBEDTLS_NET_POLL_READ is set, the function - * will return as soon as the net context is available - * for reading. - * - If MBEDTLS_NET_POLL_WRITE is set, the function - * will return as soon as the net context is available - * for writing. - * \param timeout Maximal amount of time to wait before returning, - * in milliseconds. If \c timeout is zero, the - * function returns immediately. If \c timeout is - * -1u, the function blocks potentially indefinitely. - * - * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE - * on success or timeout, or a negative return code otherwise. - */ -int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout); - -/** - * \brief Set the socket blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_block(mbedtls_net_context *ctx); - -/** - * \brief Set the socket non-blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_nonblock(mbedtls_net_context *ctx); - -/** - * \brief Portable usleep helper - * - * \param usec Amount of microseconds to sleep - * - * \note Real amount of time slept will not be less than - * select()'s timeout granularity (typically, 10ms). - */ -void mbedtls_net_usleep(unsigned long usec); - -/** - * \brief Read at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * - * \return the number of bytes received, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. - */ -int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); - -/** - * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to read from - * \param len The length of the buffer - * - * \return the number of bytes sent, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. - */ -int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len); - -/** - * \brief Read at most 'len' characters, blocking for at most - * 'timeout' seconds. If no error occurs, the actual amount - * read is returned. - * - * \note The current implementation of this function uses - * select() and returns an error if the file descriptor - * is \c FD_SETSIZE or greater. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (wait forever) - * - * \return The number of bytes received if successful. - * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out. - * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * Another negative error code (MBEDTLS_ERR_NET_xxx) - * for other failures. - * - * \note This function will block (until data becomes available or - * timeout is reached) even if the socket is set to - * non-blocking. Handling timeouts with non-blocking reads - * requires a different strategy. - */ -int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/** - * \brief Closes down the connection and free associated data - * - * \param ctx The context to close - * - * \note This function frees and clears data associated with the - * context but does not free the memory pointed to by \p ctx. - * This memory is the responsibility of the caller. - */ -void mbedtls_net_close(mbedtls_net_context *ctx); - -/** - * \brief Gracefully shutdown the connection and free associated data - * - * \param ctx The context to free - * - * \note This function frees and clears data associated with the - * context but does not free the memory pointed to by \p ctx. - * This memory is the responsibility of the caller. - */ -void mbedtls_net_free(mbedtls_net_context *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* net_sockets.h */ diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h deleted file mode 100644 index e9b482208..000000000 --- a/include/mbedtls/pkcs7.h +++ /dev/null @@ -1,240 +0,0 @@ -/** - * \file pkcs7.h - * - * \brief PKCS #7 generic defines and structures - * https://tools.ietf.org/html/rfc2315 - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * Note: For the time being, this implementation of the PKCS #7 cryptographic - * message syntax is a partial implementation of RFC 2315. - * Differences include: - * - The RFC specifies 6 different content types. The only type currently - * supported in Mbed TLS is the signed-data content type. - * - The only supported PKCS #7 Signed Data syntax version is version 1 - * - The RFC specifies support for BER. This implementation is limited to - * DER only. - * - The RFC specifies that multiple digest algorithms can be specified - * in the Signed Data type. Only one digest algorithm is supported in Mbed TLS. - * - The RFC specifies the Signed Data type can contain multiple X.509 or PKCS #6 extended - * certificates. In Mbed TLS, this list can only contain 0 or 1 certificates - * and they must be in X.509 format. - * - The RFC specifies the Signed Data type can contain - * certificate-revocation lists (CRLs). This implementation has no support - * for CRLs so it is assumed to be an empty list. - * - The RFC allows for SignerInfo structure to optionally contain - * unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is - * assumed these fields are empty. - * - The RFC allows for the signed Data type to contain contentInfo. This - * implementation assumes the type is DATA and the content is empty. - */ - -#ifndef MBEDTLS_PKCS7_H -#define MBEDTLS_PKCS7_H - -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/x509_crt.h" - -/** - * \name PKCS #7 Module Error codes - * \{ - */ -#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 /**< The format is invalid, e.g. different type expected. */ -#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 /**< Unavailable feature, e.g. anything other than signed data. */ -#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 /**< The PKCS #7 version element is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ -#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ -#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ -#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS #7 date issued/expired dates are invalid */ -/* \} name */ - -/** - * \name PKCS #7 Supported Version - * \{ - */ -#define MBEDTLS_PKCS7_SUPPORTED_VERSION 0x01 -/* \} name */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Type-length-value structure that allows for ASN.1 using DER. - */ -typedef mbedtls_asn1_buf mbedtls_pkcs7_buf; - -/** - * Container for ASN.1 named information objects. - * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). - */ -typedef mbedtls_asn1_named_data mbedtls_pkcs7_name; - -/** - * Container for a sequence of ASN.1 items - */ -typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence; - -/** - * PKCS #7 types - */ -typedef enum { - MBEDTLS_PKCS7_NONE=0, - MBEDTLS_PKCS7_DATA, - MBEDTLS_PKCS7_SIGNED_DATA, - MBEDTLS_PKCS7_ENVELOPED_DATA, - MBEDTLS_PKCS7_SIGNED_AND_ENVELOPED_DATA, - MBEDTLS_PKCS7_DIGESTED_DATA, - MBEDTLS_PKCS7_ENCRYPTED_DATA, -} -mbedtls_pkcs7_type; - -/** - * Structure holding PKCS #7 signer info - */ -typedef struct mbedtls_pkcs7_signer_info { - int MBEDTLS_PRIVATE(version); - mbedtls_x509_buf MBEDTLS_PRIVATE(serial); - mbedtls_x509_name MBEDTLS_PRIVATE(issuer); - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); - mbedtls_x509_buf MBEDTLS_PRIVATE(alg_identifier); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_alg_identifier); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - struct mbedtls_pkcs7_signer_info *MBEDTLS_PRIVATE(next); -} -mbedtls_pkcs7_signer_info; - -/** - * Structure holding the signed data section - */ -typedef struct mbedtls_pkcs7_signed_data { - int MBEDTLS_PRIVATE(version); - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(digest_alg_identifiers); - int MBEDTLS_PRIVATE(no_of_certs); - mbedtls_x509_crt MBEDTLS_PRIVATE(certs); - int MBEDTLS_PRIVATE(no_of_crls); - mbedtls_x509_crl MBEDTLS_PRIVATE(crl); - int MBEDTLS_PRIVATE(no_of_signers); - mbedtls_pkcs7_signer_info MBEDTLS_PRIVATE(signers); -} -mbedtls_pkcs7_signed_data; - -/** - * Structure holding PKCS #7 structure, only signed data for now - */ -typedef struct mbedtls_pkcs7 { - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw); - mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data); -} -mbedtls_pkcs7; - -/** - * \brief Initialize mbedtls_pkcs7 structure. - * - * \param pkcs7 mbedtls_pkcs7 structure. - */ -void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7); - -/** - * \brief Parse a single DER formatted PKCS #7 detached signature. - * - * \param pkcs7 The mbedtls_pkcs7 structure to be filled by the parser. - * \param buf The buffer holding only the DER encoded PKCS #7 content. - * \param buflen The size in bytes of \p buf. The size must be exactly the - * length of the DER encoded PKCS #7 content. - * - * \note This function makes an internal copy of the PKCS #7 buffer - * \p buf. In particular, \p buf may be destroyed or reused - * after this call returns. - * \note Signatures with internal data are not supported. - * - * \return The \c mbedtls_pkcs7_type of \p buf, if successful. - * \return A negative error code on failure. - */ -int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, - const size_t buflen); - -/** - * \brief Verification of PKCS #7 signature against a caller-supplied - * certificate. - * - * For each signer in the PKCS structure, this function computes - * a signature over the supplied data, using the supplied - * certificate and the same digest algorithm as specified by the - * signer. It then compares this signature against the - * signer's signature; verification succeeds if any comparison - * matches. - * - * This function does not use the certificates held within the - * PKCS #7 structure itself, and does not check that the - * certificate is signed by a trusted certification authority. - * - * \param pkcs7 mbedtls_pkcs7 structure containing signature. - * \param cert Certificate containing key to verify signature. - * \param data Plain data on which signature has to be verified. - * \param datalen Length of the data. - * - * \note This function internally calculates the hash on the supplied - * plain data for signature verification. - * - * \return 0 if the signature verifies, or a negative error code on failure. - */ -int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen); - -/** - * \brief Verification of PKCS #7 signature against a caller-supplied - * certificate. - * - * For each signer in the PKCS structure, this function - * validates a signature over the supplied hash, using the - * supplied certificate and the same digest algorithm as - * specified by the signer. Verification succeeds if any - * signature is good. - * - * This function does not use the certificates held within the - * PKCS #7 structure itself, and does not check that the - * certificate is signed by a trusted certification authority. - * - * \param pkcs7 PKCS #7 structure containing signature. - * \param cert Certificate containing key to verify signature. - * \param hash Hash of the plain data on which signature has to be verified. - * \param hashlen Length of the hash. - * - * \note This function is different from mbedtls_pkcs7_signed_data_verify() - * in that it is directly passed the hash of the data. - * - * \return 0 if the signature verifies, or a negative error code on failure. - */ -int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *hash, size_t hashlen); - -/** - * \brief Unallocate all PKCS #7 data and zeroize the memory. - * It doesn't free \p pkcs7 itself. This should be done by the caller. - * - * \param pkcs7 mbedtls_pkcs7 structure to free. - */ -void mbedtls_pkcs7_free(mbedtls_pkcs7 *pkcs7); - -#ifdef __cplusplus -} -#endif - -#endif /* pkcs7.h */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h deleted file mode 100644 index fff53399b..000000000 --- a/include/mbedtls/ssl.h +++ /dev/null @@ -1,5592 +0,0 @@ -/** - * \file ssl.h - * - * \brief SSL/TLS functions. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_H -#define MBEDTLS_SSL_H -#include "mbedtls/platform_util.h" -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/bignum.h" -#include "mbedtls/ecp.h" - -#include "mbedtls/ssl_ciphersuites.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#endif - -#if defined(MBEDTLS_DHM_C) -#include "mbedtls/dhm.h" -#endif - -#include "mbedtls/md.h" - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/ecdh.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#include "psa/crypto.h" - -/* - * SSL Error codes - */ -/** A cryptographic operation is in progress. Try again later. */ -#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 -/** The requested feature is not available. */ -#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 -/** Bad input parameters to function. */ -#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 -/** Verification of the message MAC failed. */ -#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 -/** An invalid SSL record was received. */ -#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 -/** The connection indicated an EOF. */ -#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 -/** A message could not be parsed due to a syntactic error. */ -#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300 -/* Error space gap */ -/** No RNG was provided to the SSL module. */ -#define MBEDTLS_ERR_SSL_NO_RNG -0x7400 -/** No client certification received from the client, but required by the authentication mode. */ -#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 -/** Client received an extended server hello containing an unsupported extension */ -#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500 -/** No ALPN protocols supported that the client advertises */ -#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580 -/** The own private key or pre-shared key is not set, but needed. */ -#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 -/** No CA Chain is set, but required to operate. */ -#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 -/** An unexpected message was received from our peer. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 -/** A fatal alert message was received from our peer. */ -#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 -/** No server could be identified matching the client's SNI. */ -#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800 -/** The peer notified us that the connection is going to be closed. */ -#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 -/* Error space gap */ -/* Error space gap */ -/** Processing of the Certificate handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 -/* Error space gap */ -/** - * Received NewSessionTicket Post Handshake Message. - * This error code is experimental and may be changed or removed without notice. - */ -#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 -/** Not possible to read early data */ -#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80 -/** - * Early data has been received as part of an on-going handshake. - * This error code can be returned only on server side if and only if early - * data has been enabled by means of the mbedtls_ssl_conf_early_data() API. - * This error code can then be returned by mbedtls_ssl_handshake(), - * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if - * early data has been received as part of the handshake sequence they - * triggered. To read the early data, call mbedtls_ssl_read_early_data(). - */ -#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA -0x7C00 -/** Not possible to write early data */ -#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C80 -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/** Cache entry not found */ -#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80 -/** Memory allocation failed */ -#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 -/** Hardware acceleration function returned with error */ -#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 -/** Hardware acceleration function skipped / left alone data */ -#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 -/** Handshake protocol not within min/max boundaries */ -#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80 -/** The handshake negotiation failed. */ -#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00 -/** Session ticket has expired. */ -#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 -/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ -#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 -/** Unknown identity received (eg, PSK identity) */ -#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 -/** Internal error (eg, unexpected failure in lower-level module) */ -#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 -/** A counter would wrap (eg, too many messages exchanged). */ -#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 -/** Unexpected message at ServerHello in renegotiation. */ -#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 -/** DTLS client must retry for hello verification */ -#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 -/** A buffer is too small to receive or write a message */ -#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 -/* Error space gap */ -/** No data of requested type currently available on underlying transport. */ -#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 -/** Connection requires a write call. */ -#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 -/** The operation timed out. */ -#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 -/** The client initiated a reconnect from the same port. */ -#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 -/** Record header looks valid but is not expected. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 -/** The alert message received indicates a non-fatal error. */ -#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 -/** A field in a message was incorrect or inconsistent with other fields. */ -#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600 -/** Internal-only message signaling that further message-processing should be done */ -#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 -/** The asynchronous operation is not completed yet. */ -#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 -/** Internal-only message signaling that a message arrived early. */ -#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/** An encrypted DTLS-frame with an unexpected CID was received. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 -/** An operation failed due to an unexpected version or configuration. */ -#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 -/** Invalid value in SSL config */ -#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 - -/* - * Constants from RFC 8446 for TLS 1.3 PSK modes - * - * Those are used in the Pre-Shared Key Exchange Modes extension. - * See Section 4.2.9 in RFC 8446. - */ -#define MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE 0 /* Pure PSK-based exchange */ -#define MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE 1 /* PSK+ECDHE-based exchange */ - -/* - * TLS 1.3 NamedGroup values - * - * From RF 8446 - * enum { - * // Elliptic Curve Groups (ECDHE) - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * // Finite Field Groups (DHE) - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * // Reserved Code Points - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * - */ - -/* Elliptic Curve Groups (ECDHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019 -#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A -#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B -#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C -#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D -#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E -/* Finite Field Groups (DHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104 - -/* - * TLS 1.3 Key Exchange Modes - * - * Mbed TLS internal identifiers for use with the SSL configuration API - * mbedtls_ssl_conf_tls13_key_exchange_modes(). - */ - -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK (1u << 0) /*!< Pure-PSK TLS 1.3 key exchange, - * encompassing both externally agreed PSKs - * as well as resumption PSKs. */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL (1u << 1) /*!< Pure-Ephemeral TLS 1.3 key exchanges, - * including for example ECDHE and DHE - * key exchanges. */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL (1u << 2) /*!< PSK-Ephemeral TLS 1.3 key exchanges, - * using both a PSK and an ephemeral - * key exchange. */ - -/* Convenience macros for sets of key exchanges. */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL \ - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) /*!< All TLS 1.3 key exchanges */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL \ - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) /*!< All PSK-based TLS 1.3 key exchanges */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \ - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) /*!< All ephemeral TLS 1.3 key exchanges */ - -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE (0) - -/* - * Various constants - */ - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* These are the high and low bytes of ProtocolVersion as defined by: - * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 - * - RFC 8446: see section 4.2.1 - */ -#define MBEDTLS_SSL_MAJOR_VERSION_3 3 -#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ -#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */ -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ -#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ - -#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ -#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ - -#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ - -/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c - * NONE must be zero so that memset()ing structure to zero works */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */ - -#define MBEDTLS_SSL_IS_CLIENT 0 -#define MBEDTLS_SSL_IS_SERVER 1 - -#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 -#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 - -#define MBEDTLS_SSL_CID_DISABLED 0 -#define MBEDTLS_SSL_CID_ENABLED 1 - -#define MBEDTLS_SSL_ETM_DISABLED 0 -#define MBEDTLS_SSL_ETM_ENABLED 1 - -#define MBEDTLS_SSL_COMPRESS_NULL 0 - -#define MBEDTLS_SSL_VERIFY_NONE 0 -#define MBEDTLS_SSL_VERIFY_OPTIONAL 1 -#define MBEDTLS_SSL_VERIFY_REQUIRED 2 -#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */ - -#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0 -#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1 - -#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 -#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 - -#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0 -#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 - -#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1 -#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 - -#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0 -#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1 -#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2 - -#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0 -#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1 -#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ - -#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 -#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 - -#define MBEDTLS_SSL_PRESET_DEFAULT 0 -#define MBEDTLS_SSL_PRESET_SUITEB 2 - -#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 -#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 - -#define MBEDTLS_SSL_EARLY_DATA_DISABLED 0 -#define MBEDTLS_SSL_EARLY_DATA_ENABLED 1 - -#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 -#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 - -#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1 -#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0 - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 48 -#elif defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 32 -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ -/* - * Default range for DTLS retransmission timer value, in milliseconds. - * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. - */ -#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 -#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 - -/* - * Whether early data record should be discarded or not and how. - * - * The client has indicated early data and the server has rejected them. - * The server has then to skip past early data by either: - * - attempting to deprotect received records using the handshake traffic - * key, discarding records which fail deprotection (up to the configured - * max_early_data_size). Once a record is deprotected successfully, - * it is treated as the start of the client's second flight and the - * server proceeds as with an ordinary 1-RTT handshake. - * - skipping all records with an external content type of - * "application_data" (indicating that they are encrypted), up to the - * configured max_early_data_size. This is the expected behavior if the - * server has sent an HelloRetryRequest message. The server ignores - * application data message before 2nd ClientHello. - */ -#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0 -#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD 1 -#define MBEDTLS_SSL_EARLY_DATA_DISCARD 2 - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -/* - * Maximum fragment length in bytes, - * determines the size of each of the two internal I/O buffers. - * - * Note: the RFC defines the default size of SSL / TLS messages. If you - * change the value here, other clients / servers may not be able to - * communicate with you anymore. Only change this value if you control - * both sides of the connection and have it reduced at both sides, or - * if you're using the Max Fragment Length extension and you know all your - * peers are using it too! - */ -#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN) -#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 -#endif - -#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN) -#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -#endif - -/* - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - */ -#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING) -#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -#endif - -/* - * Maximum length of CIDs for incoming and outgoing messages. - */ -#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX) -#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 -#endif - -#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) -#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 -#endif - -#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) -#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 -#endif - -#if !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) -#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) -#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) -#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS) -#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 -#endif - -/** \} name SECTION: Module settings */ - -/* - * Default to standard CID mode - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#endif - -/* - * Length of the verify data for secure renegotiation - */ -#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12 - -/* - * Signaling ciphersuite values (SCSV) - */ -#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ - -/* - * Supported Signature and Hash algorithms (For TLS 1.2) - * RFC 5246 section 7.4.1.4.1 - */ -#define MBEDTLS_SSL_HASH_NONE 0 -#define MBEDTLS_SSL_HASH_MD5 1 -#define MBEDTLS_SSL_HASH_SHA1 2 -#define MBEDTLS_SSL_HASH_SHA224 3 -#define MBEDTLS_SSL_HASH_SHA256 4 -#define MBEDTLS_SSL_HASH_SHA384 5 -#define MBEDTLS_SSL_HASH_SHA512 6 - -#define MBEDTLS_SSL_SIG_ANON 0 -#define MBEDTLS_SSL_SIG_RSA 1 -#define MBEDTLS_SSL_SIG_ECDSA 3 - -/* - * TLS 1.3 signature algorithms - * RFC 8446, Section 4.2.3 - */ - -/* RSASSA-PKCS1-v1_5 algorithms */ -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 0x0401 -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 0x0501 -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 0x0601 - -/* ECDSA algorithms */ -#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 0x0403 -#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 0x0503 -#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 0x0603 - -/* RSASSA-PSS algorithms with public key OID rsaEncryption */ -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 0x0804 -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 0x0805 -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 0x0806 - -/* EdDSA algorithms */ -#define MBEDTLS_TLS1_3_SIG_ED25519 0x0807 -#define MBEDTLS_TLS1_3_SIG_ED448 0x0808 - -/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */ -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256 0x0809 -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384 0x080A -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512 0x080B - -/* LEGACY ALGORITHMS */ -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1 0x0201 -#define MBEDTLS_TLS1_3_SIG_ECDSA_SHA1 0x0203 - -#define MBEDTLS_TLS1_3_SIG_NONE 0x0 - -/* - * Client Certificate Types - * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 - */ -#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1 -#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64 - -/* - * Message, alert and handshake types - */ -#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20 -#define MBEDTLS_SSL_MSG_ALERT 21 -#define MBEDTLS_SSL_MSG_HANDSHAKE 22 -#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23 -#define MBEDTLS_SSL_MSG_CID 25 - -#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1 -#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 - -#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ -#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ -#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ -#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ -#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ -#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ -#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ -#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ -#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ -#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ -#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ -#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ -#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ -#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ -#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ -#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ -#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ -#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ -#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ -#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ -#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ -#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ -#define MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION 109 /* 0x6d -- new in TLS 1.3 */ -#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ -#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ -#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED 116 /* 0x74 */ -#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ - -#define MBEDTLS_SSL_HS_HELLO_REQUEST 0 -#define MBEDTLS_SSL_HS_CLIENT_HELLO 1 -#define MBEDTLS_SSL_HS_SERVER_HELLO 2 -#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 -#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 -#define MBEDTLS_SSL_HS_END_OF_EARLY_DATA 5 -#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS 8 -#define MBEDTLS_SSL_HS_CERTIFICATE 11 -#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 -#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 -#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14 -#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15 -#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16 -#define MBEDTLS_SSL_HS_FINISHED 20 -#define MBEDTLS_SSL_HS_MESSAGE_HASH 254 - -/* - * TLS extensions - */ -#define MBEDTLS_TLS_EXT_SERVERNAME 0 -#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0 - -#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 - -#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 -#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */ - -#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 -#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 - -#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_USE_SRTP 14 -#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_ALPN 16 - -#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ -#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ - -#define MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT 28 /* RFC 8449 (implemented for TLS 1.3 only) */ - -#define MBEDTLS_TLS_EXT_SESSION_TICKET 35 - -#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */ - -#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ - -#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 -#define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */ -#else -#define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS 1.2 CID */ -#endif - -#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ - -#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 - -/* - * Size defines - */ -#if !defined(MBEDTLS_PSK_MAX_LEN) -/* - * If the library supports TLS 1.3 tickets and the cipher suite - * TLS1-3-AES-256-GCM-SHA384, set the PSK maximum length to 48 instead of 32. - * That way, the TLS 1.3 client and server are able to resume sessions where - * the cipher suite is TLS1-3-AES-256-GCM-SHA384 (pre-shared keys are 48 - * bytes long in that case). - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) && \ - defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ -#else -#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ -#endif -#endif /* !MBEDTLS_PSK_MAX_LEN */ - -/* Dummy type used only for its size */ -union mbedtls_ssl_premaster_secret { - unsigned char dummy; /* Make the union non-empty even with SSL disabled */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE - + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES - + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */ -#endif -}; - -#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret) - -#define MBEDTLS_TLS1_3_MD_MAX_SIZE PSA_HASH_MAX_SIZE - - -/* Length in number of bytes of the TLS sequence number */ -#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * SSL state machine - */ -typedef enum { - MBEDTLS_SSL_HELLO_REQUEST, - MBEDTLS_SSL_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_HELLO, - MBEDTLS_SSL_SERVER_CERTIFICATE, - MBEDTLS_SSL_SERVER_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_REQUEST, - MBEDTLS_SSL_SERVER_HELLO_DONE, - MBEDTLS_SSL_CLIENT_CERTIFICATE, - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_VERIFY, - MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_CLIENT_FINISHED, - MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_SERVER_FINISHED, - MBEDTLS_SSL_FLUSH_BUFFERS, - MBEDTLS_SSL_HANDSHAKE_WRAPUP, - MBEDTLS_SSL_NEW_SESSION_TICKET, - MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, - MBEDTLS_SSL_HELLO_RETRY_REQUEST, - MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, - MBEDTLS_SSL_END_OF_EARLY_DATA, - MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, - MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, - MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, - MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, - MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH, -} -mbedtls_ssl_states; - -/* - * Early data status, client side only. - */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -typedef enum { -/* - * See documentation of mbedtls_ssl_get_early_data_status(). - */ - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED, - MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED, - MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED, -} mbedtls_ssl_early_data_status; -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - -/** - * \brief Callback type: send data on the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the data to send - * \param len Length of the data to send - * - * \return The callback must return the number of bytes sent if any, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE - * must be returned when the operation would block. - * - * \note The callback is allowed to send fewer bytes than requested. - * It must always return the number of bytes actually sent. - */ -typedef int mbedtls_ssl_send_t(void *ctx, - const unsigned char *buf, - size_t len); - -/** - * \brief Callback type: receive data from the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the receive callback (typically a file - * descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * - * \returns If data has been received, the positive number of bytes received. - * \returns \c 0 if the connection has been closed. - * \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ - * must be returned when the operation would block. - * \returns Another negative error code on other kinds of failures. - * - * \note The callback may receive fewer bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_t(void *ctx, - unsigned char *buf, - size_t len); - -/** - * \brief Callback type: receive data from the network, with timeout - * - * \note That callback must block until data is received, or the - * timeout delay expires, or the operation is interrupted by a - * signal. - * - * \param ctx Context for the receive callback (typically a file descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (potentially waiting forever) - * - * \return The callback must return the number of bytes received, - * or a non-zero error code: - * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note The callback may receive fewer bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_timeout_t(void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout); -/** - * \brief Callback type: set a pair of timers/delays to watch - * - * \param ctx Context pointer - * \param int_ms Intermediate delay in milliseconds - * \param fin_ms Final delay in milliseconds - * 0 cancels the current timer. - * - * \note This callback must at least store the necessary information - * for the associated \c mbedtls_ssl_get_timer_t callback to - * return correct information. - * - * \note If using an event-driven style of programming, an event must - * be generated when the final delay is passed. The event must - * cause a call to \c mbedtls_ssl_handshake() with the proper - * SSL context to be scheduled. Care must be taken to ensure - * that at most one such call happens at a time. - * - * \note Only one timer at a time must be running. Calling this - * function while a timer is running must cancel it. Cancelled - * timers must not generate any event. - */ -typedef void mbedtls_ssl_set_timer_t(void *ctx, - uint32_t int_ms, - uint32_t fin_ms); - -/** - * \brief Callback type: get status of timers/delays - * - * \param ctx Context pointer - * - * \return This callback must return: - * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays have passed, - * 1 if only the intermediate delay has passed, - * 2 if the final delay has passed. - */ -typedef int mbedtls_ssl_get_timer_t(void *ctx); - -/* Defined below */ -typedef struct mbedtls_ssl_session mbedtls_ssl_session; -typedef struct mbedtls_ssl_context mbedtls_ssl_context; -typedef struct mbedtls_ssl_config mbedtls_ssl_config; - -/* Defined in library/ssl_misc.h */ -typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; -typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; -#if defined(MBEDTLS_X509_CRT_PARSE_C) -typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) -typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA (1U << 3) - -#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \ - (MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \ - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \ - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -/** - * \brief Callback type: server-side session cache getter - * - * The session cache is logically a key value store, with - * keys being session IDs and values being instances of - * mbedtls_ssl_session. - * - * This callback retrieves an entry in this key-value store. - * - * \param data The address of the session cache structure to query. - * \param session_id The buffer holding the session ID to query. - * \param session_id_len The length of \p session_id in Bytes. - * \param session The address of the session structure to populate. - * It is initialized with mbdtls_ssl_session_init(), - * and the callback must always leave it in a state - * where it can safely be freed via - * mbedtls_ssl_session_free() independent of the - * return code of this function. - * - * \return \c 0 on success - * \return A non-zero return value on failure. - * - */ -typedef int mbedtls_ssl_cache_get_t(void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session); -/** - * \brief Callback type: server-side session cache setter - * - * The session cache is logically a key value store, with - * keys being session IDs and values being instances of - * mbedtls_ssl_session. - * - * This callback sets an entry in this key-value store. - * - * \param data The address of the session cache structure to modify. - * \param session_id The buffer holding the session ID to query. - * \param session_id_len The length of \p session_id in Bytes. - * \param session The address of the session to be stored in the - * session cache. - * - * \return \c 0 on success - * \return A non-zero return value on failure. - */ -typedef int mbedtls_ssl_cache_set_t(void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Callback type: start external signature operation. - * - * This callback is called during an SSL handshake to start - * a signature decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p hash if the value - * is needed for later processing, because the \p hash buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \note For RSA signatures, this function must produce output - * that is consistent with PKCS#1 v1.5 in the same way as - * mbedtls_rsa_pkcs1_sign(). Before the private key operation, - * apply the padding steps described in RFC 8017, section 9.2 - * "EMSA-PKCS1-v1_5" as follows. - * - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the DigestInfo to be - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 3, with `T = hash` and `tLen = hash_len`. - * - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the hash to be encoded and - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 2, with `digestAlgorithm` obtained by calling - * mbedtls_oid_get_oid_by_md() on \p md_alg. - * - * \note For ECDSA signatures, the output format is the DER encoding - * `Ecdsa-Sig-Value` defined in - * [RFC 4492 section 5.4](https://tools.ietf.org/html/rfc4492#section-5.4). - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param md_alg Hash algorithm. - * \param hash Buffer containing the hash. This buffer is - * no longer valid when the function returns. - * \param hash_len Size of the \c hash buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len); - -/** - * \brief Callback type: start external decryption operation. - * - * This callback is called during an SSL handshake to start - * an RSA decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p input if the value - * is needed for later processing, because the \p input buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \warning RSA decryption as used in TLS is subject to a potential - * timing side channel attack first discovered by Bleichenbacher - * in 1998. This attack can be remotely exploitable - * in practice. To avoid this attack, you must ensure that - * if the callback performs an RSA decryption, the time it - * takes to execute and return the result does not depend - * on whether the RSA decryption succeeded or reported - * invalid padding. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param input Buffer containing the input ciphertext. This buffer - * is no longer valid when the function returns. - * \param input_len Size of the \p input buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Callback type: resume external operation. - * - * This callback is called during an SSL handshake to resume - * an external operation started by the - * ::mbedtls_ssl_async_sign_t or - * ::mbedtls_ssl_async_decrypt_t callback. - * - * This function typically checks the status of a pending - * request or causes the request queue to make progress, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * This function may call mbedtls_ssl_get_async_operation_data() - * to retrieve an operation context set by the start callback. - * It may call mbedtls_ssl_set_async_operation_data() to modify - * this context. - * - * Note that when this function returns a status other than - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, it must free any - * resources associated with the operation. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param output Buffer containing the output (signature or decrypted - * data) on success. - * \param output_len On success, number of bytes written to \p output. - * \param output_size Size of the \p output buffer in bytes. - * - * \return 0 if output of the operation is available in the - * \p output buffer. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * is still in progress. Subsequent requests for progress - * on the SSL connection will call the resume callback - * again. - * \return Any other error means that the operation is aborted. - * The SSL handshake is aborted. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size); - -/** - * \brief Callback type: cancel external operation. - * - * This callback is called if an SSL connection is closed - * while an asynchronous operation is in progress. Note that - * this callback is not called if the - * ::mbedtls_ssl_async_resume_t callback has run and has - * returned a value other than - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, since in that case - * the asynchronous operation has already completed. - * - * This function may call mbedtls_ssl_get_async_operation_data() - * to retrieve an operation context set by the start callback. - * - * \param ssl The SSL connection instance. It should not be - * modified. - */ -typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48 -#if defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32 -#elif defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48 -#elif defined(PSA_WANT_ALG_SHA_1) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20 -#else -/* This is already checked in check_config.h, but be sure. */ -#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT." -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && - !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -typedef struct { - unsigned char client_application_traffic_secret_N[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char server_application_traffic_secret_N[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char resumption_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; -} mbedtls_ssl_tls13_application_secrets; - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - -#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 -#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 -/* - * For code readability use a typedef for DTLS-SRTP profiles - * - * Use_srtp extension protection profiles values as defined in - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * - * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value - * must be updated too. - */ -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t) 0x0001) -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t) 0x0002) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ((uint16_t) 0x0005) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ((uint16_t) 0x0006) -/* This one is not iana defined, but for code readability. */ -#define MBEDTLS_TLS_SRTP_UNSET ((uint16_t) 0x0000) - -typedef uint16_t mbedtls_ssl_srtp_profile; - -typedef struct mbedtls_dtls_srtp_info_t { - /*! The SRTP profile that was negotiated. */ - mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile); - /*! The length of mki_value. */ - uint16_t MBEDTLS_PRIVATE(mki_len); - /*! The mki_value used, with max size of 256 bytes. */ - unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; -} -mbedtls_dtls_srtp_info; - -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/** Human-friendly representation of the (D)TLS protocol version. */ -typedef enum { - MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */ - MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303, /*!< (D)TLS 1.2 */ - MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304, /*!< (D)TLS 1.3 */ -} mbedtls_ssl_protocol_version; - -/* - * This structure is used for storing current session data. - * - * Note: when changing this definition, we need to check and update: - * - in tests/suites/test_suite_ssl.function: - * ssl_populate_session() and ssl_serialize_session_save_load() - * - in library/ssl_tls.c: - * mbedtls_ssl_session_init() and mbedtls_ssl_session_free() - * mbedtls_ssl_session_save() and ssl_session_load() - * ssl_session_copy() - */ -struct mbedtls_ssl_session { -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -/*!< RecordSizeLimit received from the peer */ -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - uint16_t MBEDTLS_PRIVATE(record_size_limit); -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - - unsigned char MBEDTLS_PRIVATE(exported); - uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ - - /** TLS version negotiated in the session. Used if and when renegotiating - * or resuming a session instead of the configured minor TLS version. - */ - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); - -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< start time of current session */ -#endif - int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ - size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ - unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */ - unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */ -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /*! The digest of the peer's end-CRT. This must be kept to detect CRT - * changes during renegotiation, mitigating the triple handshake attack. */ - unsigned char *MBEDTLS_PRIVATE(peer_cert_digest); - size_t MBEDTLS_PRIVATE(peer_cert_digest_len); - mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */ - size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */ - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_HAVE_TIME) - /*! When a ticket is created by a TLS server as part of an established TLS - * session, the ticket creation time may need to be saved for the ticket - * module to be able to check the ticket age when the ticket is used. - * That's the purpose of this field. - * Before creating a new ticket, an Mbed TLS server set this field with - * its current time in milliseconds. This time may then be saved in the - * session ticket data by the session ticket writing function and - * recovered by the ticket parsing function later when the ticket is used. - * The ticket module may then use this time to compute the ticket age and - * determine if it has expired or not. - * The Mbed TLS implementations of the session ticket writing and parsing - * functions save and retrieve the ticket creation time as part of the - * session ticket data. The session ticket parsing function relies on - * the mbedtls_ssl_session_get_ticket_creation_time() API to get the - * ticket creation time from the session ticket data. - */ - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ - uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ - uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ - unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) - char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - char *ticket_alpn; /*!< ALPN negotiated in the session - during which the ticket was generated. */ -#endif - -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) - /*! Time in milliseconds when the last ticket was received. */ - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< maximum amount of early data in tickets */ -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets); -#endif -}; - -/* - * Identifiers for PRFs used in various versions of TLS. - */ -typedef enum { - MBEDTLS_SSL_TLS_PRF_NONE, - MBEDTLS_SSL_TLS_PRF_SHA384, - MBEDTLS_SSL_TLS_PRF_SHA256, - MBEDTLS_SSL_HKDF_EXPAND_SHA384, - MBEDTLS_SSL_HKDF_EXPAND_SHA256 -} -mbedtls_tls_prf_types; - -typedef enum { - MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0, -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET, -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -} mbedtls_ssl_key_export_type; - -/** - * \brief Callback type: Export key alongside random values for - * session identification, and PRF for - * implementation of TLS key exporters. - * - * \param p_expkey Context for the callback. - * \param type The type of the key that is being exported. - * \param secret The address of the buffer holding the secret - * that's being exporterd. - * \param secret_len The length of \p secret in bytes. - * \param client_random The client random bytes. - * \param server_random The server random bytes. - * \param tls_prf_type The identifier for the PRF used in the handshake - * to which the key belongs. - */ -typedef void mbedtls_ssl_export_keys_t(void *p_expkey, - mbedtls_ssl_key_export_type type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Callback type: generic handshake callback - * - * \note Callbacks may use user_data funcs to set/get app user data. - * See \c mbedtls_ssl_get_user_data_p() - * \c mbedtls_ssl_get_user_data_n() - * \c mbedtls_ssl_conf_get_user_data_p() - * \c mbedtls_ssl_conf_get_user_data_n() - * - * \param ssl \c mbedtls_ssl_context on which the callback is run - * - * \return The return value of the callback is 0 if successful, - * or a specific MBEDTLS_ERR_XXX code, which will cause - * the handshake to be aborted. - */ -typedef int (*mbedtls_ssl_hs_cb_t)(mbedtls_ssl_context *ssl); -#endif - -/* A type for storing user data in a library structure. - * - * The representation of type may change in future versions of the library. - * Only the behaviors guaranteed by documented accessor functions are - * guaranteed to remain stable. - */ -typedef union { - uintptr_t n; /* typically a handle to an associated object */ - void *p; /* typically a pointer to extra data */ -} mbedtls_ssl_user_data_t; - -/** - * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. - */ -struct mbedtls_ssl_config { - /* Group items mostly by size. This helps to reduce memory wasted to - * padding. It also helps to keep smaller fields early in the structure, - * so that elements tend to be in the 128-element direct access window - * on Arm Thumb, which reduces the code size. */ - - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(max_tls_version); /*!< max. TLS version used */ - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(min_tls_version); /*!< min. TLS version used */ - - /* - * Flags (could be bit-fields to save RAM, but separate bytes make - * the code smaller on architectures with an instruction for direct - * byte access). - */ - - uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ - uint8_t MBEDTLS_PRIVATE(transport); /*!< 0: stream (TLS), 1: datagram (DTLS) */ - uint8_t MBEDTLS_PRIVATE(authmode); /*!< MBEDTLS_SSL_VERIFY_XXX */ - /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ - uint8_t MBEDTLS_PRIVATE(allow_legacy_renegotiation); /*!< MBEDTLS_LEGACY_XXX */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - uint8_t MBEDTLS_PRIVATE(mfl_code); /*!< desired fragment length indicator - (MBEDTLS_SSL_MAX_FRAG_LEN_XXX) */ -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - uint8_t MBEDTLS_PRIVATE(encrypt_then_mac); /*!< negotiate encrypt-then-mac? */ -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - uint8_t MBEDTLS_PRIVATE(extended_ms); /*!< negotiate extended master secret? */ -#endif -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint8_t MBEDTLS_PRIVATE(anti_replay); /*!< detect and prevent replay? */ -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */ -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_CLI_C) - uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */ -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */ -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in - Certificate Request messages? */ - uint8_t MBEDTLS_PRIVATE(respect_cli_pref); /*!< pick the ciphersuite according to - the client's preferences rather - than ours? */ -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t MBEDTLS_PRIVATE(ignore_unexpected_cid); /*!< Should DTLS record with - * unexpected CID - * lead to failure? */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_DTLS_SRTP) - uint8_t MBEDTLS_PRIVATE(dtls_srtp_mki_support); /* support having mki_value - in the use_srtp extension? */ -#endif - - /* - * Pointers - */ - - /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ - const int *MBEDTLS_PRIVATE(ciphersuite_list); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /** Allowed TLS 1.3 key exchange modes. */ - int MBEDTLS_PRIVATE(tls13_kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /** Callback for printing debug output */ - void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); - void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ - - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - - /** Callback to retrieve a session from the cache */ - mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); - /** Callback to store a session into the cache */ - mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache); - void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /** Callback for setting cert according to SNI extension */ - int(*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */ -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /** Callback to customize X.509 certificate chain verification */ - int(*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); - void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */ -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_SSL_SRV_C) - /** Callback to retrieve PSK key from identity */ - int(*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */ -#endif -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a cookie for ClientHello verification */ - int(*MBEDTLS_PRIVATE(f_cookie_write))(void *, unsigned char **, unsigned char *, - const unsigned char *, size_t); - /** Callback to verify validity of a ClientHello cookie */ - int(*MBEDTLS_PRIVATE(f_cookie_check))(void *, const unsigned char *, size_t, - const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */ -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a session ticket */ - int(*MBEDTLS_PRIVATE(f_ticket_write))(void *, const mbedtls_ssl_session *, - unsigned char *, const unsigned char *, size_t *, - uint32_t *); - /** Callback to parse a session ticket into a session structure */ - int(*MBEDTLS_PRIVATE(f_ticket_parse))(void *, mbedtls_ssl_session *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */ - mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */ - mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb); - void *MBEDTLS_PRIVATE(p_ca_cb); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ - mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ - void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif - const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ -#endif - - const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ - -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ - mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field - * should only be set via - * mbedtls_ssl_conf_psk_opaque(). - * If either no PSK or a raw PSK have been - * configured, this has value \c 0. - */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should - * only be set via mbedtls_ssl_conf_psk(). - * If either no PSK or an opaque PSK - * have been configured, this has value NULL. */ - size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * Its value is non-zero if and only if - * \c psk is not \c NULL. */ - - unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * This is set if and only if either - * \c psk or \c psk_opaque are set. */ - size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * Its value is non-zero if and only if - * \c psk is not \c NULL or \c psk_opaque - * is not \c 0. */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement: - * - MBEDTLS_SSL_EARLY_DATA_DISABLED, - * - MBEDTLS_SSL_EARLY_DATA_ENABLED */ - -#if defined(MBEDTLS_SSL_SRV_C) - /* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */ - uint32_t MBEDTLS_PRIVATE(max_early_data_size); -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_ALPN) - const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! ordered list of supported srtp profile */ - const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list); - /*! number of supported profiles */ - size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - /* - * Numerical settings (int) - */ - - uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake - retransmission timeout (ms) */ - uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake - retransmission timeout (ms) */ -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */ - unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters - that triggers renegotiation */ -#endif - - unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */ -#endif - - /** User data pointer or handle. - * - * The library sets this to \p 0 when creating a context and does not - * access it afterwards. - */ - mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data); - -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_hs_cb_t MBEDTLS_PRIVATE(f_cert_cb); /*!< certificate selection callback */ -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - const mbedtls_x509_crt *MBEDTLS_PRIVATE(dn_hints);/*!< acceptable client cert issuers */ -#endif -}; - -struct mbedtls_ssl_context { - const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */ - - /* - * Miscellaneous - */ - int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */ - int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS, - number of retransmissions of request if - renego_max_records is < 0 */ -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - /** - * Maximum TLS version to be negotiated, then negotiated TLS version. - * - * It is initialized as the configured maximum TLS version to be - * negotiated by mbedtls_ssl_setup(). - * - * When renegotiating or resuming a session, it is overwritten in the - * ClientHello writing preparation stage with the previously negotiated - * TLS version. - * - * On client side, it is updated to the TLS version selected by the server - * for the handshake when the ServerHello is received. - * - * On server side, it is updated to the TLS version the server selects for - * the handshake when the ClientHello is received. - */ - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) - /** - * State of the negotiation and transfer of early data. Reset to - * MBEDTLS_SSL_EARLY_DATA_STATE_IDLE when the context is reset. - */ - int MBEDTLS_PRIVATE(early_data_state); -#endif - - unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /** Callback to customize X.509 certificate chain verification */ - int(*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); - void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */ -#endif - - mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */ - mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */ - mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout); - /*!< Callback for network receive with timeout */ - - void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */ - - /* - * Session layer - */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */ - - mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during - the handshake process */ - - /* - * Record layer transformations - */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) - * This is always a reference, - * never an owning pointer. */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out) - * This is always a reference, - * never an owning pointer. */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params - * This pointer owns the transform - * it references. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation - * This pointer owns the transform - * it references. */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /*! The application data transform in TLS 1.3. - * This pointer owns the transform it references. */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* - * Timers - */ - void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */ - - mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */ - mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */ - - /* - * Record layer (incoming data) - */ - unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */ - unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter - TLS: maintained by us - DTLS: read from peer */ - unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID; - * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */ - unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */ - unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */ - unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */ - - int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */ - size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */ - size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */ -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */ - size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram - (equal to in_left if none) */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */ - uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */ -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - - size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, - including the handshake header */ - int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ - - int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message - on next call to record layer? */ - - /* The following three variables indicate if and, if yes, - * what kind of alert is pending to be sent. - */ - unsigned char MBEDTLS_PRIVATE(send_alert); /*!< Determines if a fatal alert - should be sent. Values: - - \c 0 , no alert is to be sent. - - \c 1 , alert is to be sent. */ - unsigned char MBEDTLS_PRIVATE(alert_type); /*!< Type of alert if send_alert - != 0 */ - int MBEDTLS_PRIVATE(alert_reason); /*!< The error code to be returned - to the user once the fatal alert - has been sent. */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records - * within a single datagram. */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#if defined(MBEDTLS_SSL_SRV_C) - /* - * One of: - * MBEDTLS_SSL_EARLY_DATA_NO_DISCARD - * MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD - * MBEDTLS_SSL_EARLY_DATA_DISCARD - */ - uint8_t MBEDTLS_PRIVATE(discard_early_data_record); -#endif - uint32_t MBEDTLS_PRIVATE(total_early_data_size); /*!< Number of received/written early data bytes */ -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - /* - * Record layer (outgoing data) - */ - unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */ - unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */ - unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID; - * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */ - unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */ - unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */ - - int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */ - size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */ - size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */ -#endif - - unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Outgoing record sequence number. */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * User settings - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) - char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification - (and SNI if available) */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_ALPN) - const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */ -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* - * use_srtp extension - */ - mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - /* - * Information for DTLS hello verify - */ -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */ - size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */ -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - - /* - * Secure renegotiation - */ - /* needed to know when to send extension on server */ - int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or - secure renegotiation */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */ - char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ - char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* CID configuration to use in subsequent handshakes. */ - - /*! The next incoming CID, chosen by the user and applying to - * all subsequent handshakes. This may be different from the - * CID currently used in case the user has re-configured the CID - * after an initial handshake. */ - unsigned char MBEDTLS_PRIVATE(own_cid)[MBEDTLS_SSL_CID_IN_LEN_MAX]; - uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */ - uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should - * be negotiated in the next handshake or not. - * Possible values are #MBEDTLS_SSL_CID_ENABLED - * and #MBEDTLS_SSL_CID_DISABLED. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /** Callback to export key block and master secret */ - mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); - void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ - - /** User data pointer or handle. - * - * The library sets this to \p 0 when creating a context and does not - * access it afterwards. - * - * \warning Serializing and restoring an SSL context with - * mbedtls_ssl_context_save() and mbedtls_ssl_context_load() - * does not currently restore the user data. - */ - mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data); -}; - -/** - * \brief Return the name of the ciphersuite associated with the - * given ID - * - * \param ciphersuite_id SSL ciphersuite ID - * - * \return a string containing the ciphersuite name - */ -const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id); - -/** - * \brief Return the ID of the ciphersuite associated with the - * given name - * - * \param ciphersuite_name SSL ciphersuite name - * - * \return the ID with the ciphersuite or 0 if not found - */ -int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name); - -/** - * \brief Initialize an SSL context - * Just makes the context ready for mbedtls_ssl_setup() or - * mbedtls_ssl_free() - * - * \param ssl SSL context - */ -void mbedtls_ssl_init(mbedtls_ssl_context *ssl); - -/** - * \brief Set up an SSL context for use - * - * \note No copy of the configuration context is made, it can be - * shared by many mbedtls_ssl_context structures. - * - * \warning The conf structure will be accessed during the session. - * It must not be modified or freed as long as the session - * is active. - * - * \warning This function must be called exactly once per context. - * Calling mbedtls_ssl_setup again is not supported, even - * if no session is active. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param ssl SSL context - * \param conf SSL configuration to use - * - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if - * memory allocation failed - */ -int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf); - -/** - * \brief Reset an already initialized SSL context for re-use - * while retaining application-set variables, function - * pointers and data. - * - * \param ssl SSL context - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or - MBEDTLS_ERR_SSL_HW_ACCEL_FAILED - */ -int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); - -/** - * \brief Set the current endpoint type - * - * \param conf SSL configuration - * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER - */ -void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint); - -/** - * \brief Get the current endpoint type - * - * \param conf SSL configuration - * - * \return Endpoint type, either MBEDTLS_SSL_IS_CLIENT - * or MBEDTLS_SSL_IS_SERVER - */ -static inline int mbedtls_ssl_conf_get_endpoint(const mbedtls_ssl_config *conf) -{ - return conf->MBEDTLS_PRIVATE(endpoint); -} - -/** - * \brief Set the transport type (TLS or DTLS). - * Default: TLS - * - * \note For DTLS, you must either provide a recv callback that - * doesn't block, or one that handles timeouts, see - * \c mbedtls_ssl_set_bio(). You also need to provide timer - * callbacks with \c mbedtls_ssl_set_timer_cb(). - * - * \param conf SSL configuration - * \param transport transport type: - * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, - * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. - */ -void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport); - -/** - * \brief Set the certificate verification mode - * Default: NONE on server, REQUIRED on client - * - * \param conf SSL configuration - * \param authmode can be: - * - * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked - * (default on server) - * (insecure on client) - * - * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the - * handshake continues even if verification failed; - * mbedtls_ssl_get_verify_result() can be called after the - * handshake is complete. - * - * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, - * handshake is aborted if verification failed. - * (default on client) - * - * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. - * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at - * the right time(s), which may not be obvious, while REQUIRED always perform - * the verification as soon as possible. For example, REQUIRED was protecting - * against the "triple handshake" attack even before it was found. - */ -void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/** - * \brief Set the early data mode - * Default: disabled on server and client - * - * \param conf The SSL configuration to use. - * \param early_data_enabled can be: - * - * MBEDTLS_SSL_EARLY_DATA_DISABLED: - * Early data functionality is disabled. This is the default on client and - * server. - * - * MBEDTLS_SSL_EARLY_DATA_ENABLED: - * Early data functionality is enabled and may be negotiated in the handshake. - * Application using early data functionality needs to be aware that the - * security properties for early data (also refered to as 0-RTT data) are - * weaker than those for other kinds of TLS data. See the documentation of - * mbedtls_ssl_write_early_data() and mbedtls_ssl_read_early_data() for more - * information. - * When early data functionality is enabled on server and only in that case, - * the call to one of the APIs that trigger or resume an handshake sequence, - * namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), - * mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code - * MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have - * been received. To read the early data, call mbedtls_ssl_read_early_data() - * before calling the original function again. - */ -void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, - int early_data_enabled); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the maximum amount of 0-RTT data in bytes - * Default: #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - * - * This function sets the value of the max_early_data_size - * field of the early data indication extension included in - * the NewSessionTicket messages that the server may send. - * - * The value defines the maximum amount of 0-RTT data - * in bytes that a client will be allowed to send when using - * one of the tickets defined by the NewSessionTicket messages. - * - * \note When resuming a session using a ticket, if the server receives more - * early data than allowed for the ticket, it terminates the connection. - * The maximum amount of 0-RTT data should thus be large enough - * to allow a minimum of early data to be exchanged. - * - * \param[in] conf The SSL configuration to use. - * \param[in] max_early_data_size The maximum amount of 0-RTT data. - * - * \warning This interface DOES NOT influence/limit the amount of early data - * that can be received through previously created and issued tickets, - * which clients may have stored. - */ -void mbedtls_ssl_conf_max_early_data_size( - mbedtls_ssl_config *conf, uint32_t max_early_data_size); -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set the verification callback (Optional). - * - * If set, the provided verify callback is called for each - * certificate in the peer's CRT chain, including the trusted - * root. For more information, please see the documentation of - * \c mbedtls_x509_crt_verify(). - * - * \note For per context callbacks and contexts, please use - * mbedtls_ssl_set_verify() instead. - * - * \param conf The SSL configuration to use. - * \param f_vrfy The verification callback to use during CRT verification. - * \param p_vrfy The opaque context to be passed to the callback. - */ -void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Set the random number generator callback - * - * \param conf SSL configuration - * \param f_rng RNG function (mandatory) - * \param p_rng RNG parameter - */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -/** - * \brief Set the debug callback - * - * The callback has the following argument: - * void * opaque context for the callback - * int debug level - * const char * file name - * int line number - * const char * message - * - * \param conf SSL configuration - * \param f_dbg debug function - * \param p_dbg debug parameter - */ -void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg); - -/** - * \brief Return the SSL configuration structure associated - * with the given SSL context. - * - * \note The pointer returned by this function is guaranteed to - * remain valid until the context is freed. - * - * \param ssl The SSL context to query. - * \return Pointer to the SSL configuration associated with \p ssl. - */ -static inline const mbedtls_ssl_config *mbedtls_ssl_context_get_config( - const mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(conf); -} - -/** - * \brief Set the underlying BIO callbacks for write, read and - * read-with-timeout. - * - * \param ssl SSL context - * \param p_bio parameter (context) shared by BIO callbacks - * \param f_send write callback - * \param f_recv read callback - * \param f_recv_timeout blocking read callback with timeout. - * - * \note One of f_recv or f_recv_timeout can be NULL, in which case - * the other is used. If both are non-NULL, f_recv_timeout is - * used and f_recv is ignored (as if it were NULL). - * - * \note The two most common use cases are: - * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL - * - blocking I/O, f_recv == NULL, f_recv_timeout != NULL - * - * \note For DTLS, you need to provide either a non-NULL - * f_recv_timeout callback, or a f_recv that doesn't block. - * - * \note See the documentations of \c mbedtls_ssl_send_t, - * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for - * the conventions those callbacks must follow. - * - * \note On some platforms, net_sockets.c provides - * \c mbedtls_net_send(), \c mbedtls_net_recv() and - * \c mbedtls_net_recv_timeout() that are suitable to be used - * here. - */ -void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - - -/** - * \brief Configure the use of the Connection ID (CID) - * extension in the next handshake. - * - * Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05 - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05 - * for legacy version) - * - * The DTLS CID extension allows the reliable association of - * DTLS records to DTLS connections across changes in the - * underlying transport (changed IP and Port metadata) by - * adding explicit connection identifiers (CIDs) to the - * headers of encrypted DTLS records. The desired CIDs are - * configured by the application layer and are exchanged in - * new `ClientHello` / `ServerHello` extensions during the - * handshake, where each side indicates the CID it wants the - * peer to use when writing encrypted messages. The CIDs are - * put to use once records get encrypted: the stack discards - * any incoming records that don't include the configured CID - * in their header, and adds the peer's requested CID to the - * headers of outgoing messages. - * - * This API enables or disables the use of the CID extension - * in the next handshake and sets the value of the CID to - * be used for incoming messages. - * - * \param ssl The SSL context to configure. This must be initialized. - * \param enable This value determines whether the CID extension should - * be used or not. Possible values are: - * - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID. - * - MBEDTLS_SSL_CID_DISABLED (default) to disable the use - * of the CID. - * \param own_cid The address of the readable buffer holding the CID we want - * the peer to use when sending encrypted messages to us. - * This may be \c NULL if \p own_cid_len is \c 0. - * This parameter is unused if \p enable is set to - * MBEDTLS_SSL_CID_DISABLED. - * \param own_cid_len The length of \p own_cid. - * This parameter is unused if \p enable is set to - * MBEDTLS_SSL_CID_DISABLED. - * - * \note The value of \p own_cid_len must match the value of the - * \c len parameter passed to mbedtls_ssl_conf_cid() - * when configuring the ::mbedtls_ssl_config that \p ssl - * is bound to. - * - * \note This CID configuration applies to subsequent handshakes - * performed on the SSL context \p ssl, but does not trigger - * one. You still have to call `mbedtls_ssl_handshake()` - * (for the initial handshake) or `mbedtls_ssl_renegotiate()` - * (for a renegotiation handshake) explicitly after a - * successful call to this function to run the handshake. - * - * \note This call cannot guarantee that the use of the CID - * will be successfully negotiated in the next handshake, - * because the peer might not support it. Specifically: - * - On the Client, enabling the use of the CID through - * this call implies that the `ClientHello` in the next - * handshake will include the CID extension, thereby - * offering the use of the CID to the server. Only if - * the `ServerHello` contains the CID extension, too, - * the CID extension will actually be put to use. - * - On the Server, enabling the use of the CID through - * this call implies that the server will look for - * the CID extension in a `ClientHello` from the client, - * and, if present, reply with a CID extension in its - * `ServerHello`. - * - * \note To check whether the use of the CID was negotiated - * after the subsequent handshake has completed, please - * use the API mbedtls_ssl_get_peer_cid(). - * - * \warning If the use of the CID extension is enabled in this call - * and the subsequent handshake negotiates its use, Mbed TLS - * will silently drop every packet whose CID does not match - * the CID configured in \p own_cid. It is the responsibility - * of the user to adapt the underlying transport to take care - * of CID-based demultiplexing before handing datagrams to - * Mbed TLS. - * - * \return \c 0 on success. In this case, the CID configuration - * applies to the next handshake. - * \return A negative error code on failure. - */ -int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len); - -/** - * \brief Get information about our request for usage of the CID - * extension in the current connection. - * - * \param ssl The SSL context to query. - * \param enabled The address at which to store whether the CID extension - * is requested to be used or not. If the CID is - * requested, `*enabled` is set to - * MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to - * MBEDTLS_SSL_CID_DISABLED. - * \param own_cid The address of the buffer in which to store our own - * CID (if the CID extension is requested). This may be - * \c NULL in case the value of our CID isn't needed. If - * it is not \c NULL, \p own_cid_len must not be \c NULL. - * \param own_cid_len The address at which to store the size of our own CID - * (if the CID extension is requested). This is also the - * number of Bytes in \p own_cid that have been written. - * This may be \c NULL in case the length of our own CID - * isn't needed. If it is \c NULL, \p own_cid must be - * \c NULL, too. - * - *\note If we are requesting an empty CID this function sets - * `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale - * for this is that the resulting outcome is the - * same as if the CID extensions wasn't requested). - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], - size_t *own_cid_len); - -/** - * \brief Get information about the use of the CID extension - * in the current connection. - * - * \param ssl The SSL context to query. - * \param enabled The address at which to store whether the CID extension - * is currently in use or not. If the CID is in use, - * `*enabled` is set to MBEDTLS_SSL_CID_ENABLED; - * otherwise, it is set to MBEDTLS_SSL_CID_DISABLED. - * \param peer_cid The address of the buffer in which to store the CID - * chosen by the peer (if the CID extension is used). - * This may be \c NULL in case the value of peer CID - * isn't needed. If it is not \c NULL, \p peer_cid_len - * must not be \c NULL. - * \param peer_cid_len The address at which to store the size of the CID - * chosen by the peer (if the CID extension is used). - * This is also the number of Bytes in \p peer_cid that - * have been written. - * This may be \c NULL in case the length of the peer CID - * isn't needed. If it is \c NULL, \p peer_cid must be - * \c NULL, too. - * - * \note This applies to the state of the CID negotiated in - * the last complete handshake. If a handshake is in - * progress, this function will attempt to complete - * the handshake first. - * - * \note If CID extensions have been exchanged but both client - * and server chose to use an empty CID, this function - * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED - * (the rationale for this is that the resulting - * communication is the same as if the CID extensions - * hadn't been used). - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], - size_t *peer_cid_len); - -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -/** - * \brief Set the Maximum Transport Unit (MTU). - * Special value: 0 means unset (no limit). - * This represents the maximum size of a datagram payload - * handled by the transport layer (usually UDP) as determined - * by the network link and stack. In practice, this controls - * the maximum size datagram the DTLS layer will pass to the - * \c f_send() callback set using \c mbedtls_ssl_set_bio(). - * - * \note The limit on datagram size is converted to a limit on - * record payload by subtracting the current overhead of - * encapsulation and encryption/authentication if any. - * - * \note This can be called at any point during the connection, for - * example when a Path Maximum Transfer Unit (PMTU) - * estimate becomes available from other sources, - * such as lower (or higher) protocol layers. - * - * \note This setting only controls the size of the packets we send, - * and does not restrict the size of the datagrams we're - * willing to receive. Client-side, you can request the - * server to use smaller records with \c - * mbedtls_ssl_conf_max_frag_len(). - * - * \note If both a MTU and a maximum fragment length have been - * configured (or negotiated with the peer), the resulting - * lower limit on record payload (see first note) is used. - * - * \note This can only be used to decrease the maximum size - * of datagrams (hence records, see first note) sent. It - * cannot be used to increase the maximum size of records over - * the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN. - * - * \note Values lower than the current record layer expansion will - * result in an error when trying to send data. - * - * \param ssl SSL context - * \param mtu Value of the path MTU in bytes - */ -void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set a connection-specific verification callback (optional). - * - * If set, the provided verify callback is called for each - * certificate in the peer's CRT chain, including the trusted - * root. For more information, please see the documentation of - * \c mbedtls_x509_crt_verify(). - * - * \note This call is analogous to mbedtls_ssl_conf_verify() but - * binds the verification callback and context to an SSL context - * as opposed to an SSL configuration. - * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify() - * are both used, mbedtls_ssl_set_verify() takes precedence. - * - * \param ssl The SSL context to use. - * \param f_vrfy The verification callback to use during CRT verification. - * \param p_vrfy The opaque context to be passed to the callback. - */ -void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Set the timeout period for mbedtls_ssl_read() - * (Default: no timeout.) - * - * \param conf SSL configuration context - * \param timeout Timeout value in milliseconds. - * Use 0 for no timeout (default). - * - * \note With blocking I/O, this will only work if a non-NULL - * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio(). - * With non-blocking I/O, this will only work if timer - * callbacks were set with \c mbedtls_ssl_set_timer_cb(). - * - * \note With non-blocking I/O, you may also skip this function - * altogether and handle timeouts at the application layer. - */ -void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout); - -/** - * \brief Check whether a buffer contains a valid and authentic record - * that has not been seen before. (DTLS only). - * - * This function does not change the user-visible state - * of the SSL context. Its sole purpose is to provide - * an indication of the legitimacy of an incoming record. - * - * This can be useful e.g. in distributed server environments - * using the DTLS Connection ID feature, in which connections - * might need to be passed between service instances on a change - * of peer address, but where such disruptive operations should - * only happen after the validity of incoming records has been - * confirmed. - * - * \param ssl The SSL context to use. - * \param buf The address of the buffer holding the record to be checked. - * This must be a read/write buffer of length \p buflen Bytes. - * \param buflen The length of \p buf in Bytes. - * - * \note This routine only checks whether the provided buffer begins - * with a valid and authentic record that has not been seen - * before, but does not check potential data following the - * initial record. In particular, it is possible to pass DTLS - * datagrams containing multiple records, in which case only - * the first record is checked. - * - * \note This function modifies the input buffer \p buf. If you need - * to preserve the original record, you have to maintain a copy. - * - * \return \c 0 if the record is valid and authentic and has not been - * seen before. - * \return MBEDTLS_ERR_SSL_INVALID_MAC if the check completed - * successfully but the record was found to be not authentic. - * \return MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed - * successfully but the record was found to be invalid for - * a reason different from authenticity checking. - * \return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed - * successfully but the record was found to be unexpected - * in the state of the SSL context, including replayed records. - * \return Another negative error code on different kinds of failure. - * In this case, the SSL context becomes unusable and needs - * to be freed or reset before reuse. - */ -int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen); - -/** - * \brief Set the timer callbacks (Mandatory for DTLS.) - * - * \param ssl SSL context - * \param p_timer parameter (context) shared by timer callbacks - * \param f_set_timer set timer callback - * \param f_get_timer get timer callback. Must return: - * - * \note See the documentation of \c mbedtls_ssl_set_timer_t and - * \c mbedtls_ssl_get_timer_t for the conventions this pair of - * callbacks must follow. - * - * \note On some platforms, timing.c provides - * \c mbedtls_timing_set_delay() and - * \c mbedtls_timing_get_delay() that are suitable for using - * here, except if using an event-driven style. - * - * \note See also the "DTLS tutorial" article in our knowledge base. - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial - */ -void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the certificate selection callback (server-side only). - * - * If set, the callback is always called for each handshake, - * after `ClientHello` processing has finished. - * - * \param conf The SSL configuration to register the callback with. - * \param f_cert_cb The callback for selecting server certificate after - * `ClientHello` processing has finished. - */ -static inline void mbedtls_ssl_conf_cert_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_hs_cb_t f_cert_cb) -{ - conf->MBEDTLS_PRIVATE(f_cert_cb) = f_cert_cb; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/** - * \brief Callback type: generate and write session ticket - * - * \note This describes what a callback implementation should do. - * This callback should generate an encrypted and - * authenticated ticket for the session and write it to the - * output buffer. Here, ticket means the opaque ticket part - * of the NewSessionTicket structure of RFC 5077. - * - * \param p_ticket Context for the callback - * \param session SSL session to be written in the ticket - * \param start Start of the output buffer - * \param end End of the output buffer - * \param tlen On exit, holds the length written - * \param lifetime On exit, holds the lifetime of the ticket in seconds - * - * \return 0 if successful, or - * a specific MBEDTLS_ERR_XXX code. - */ -typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *lifetime); - -/** - * \brief Callback type: parse and load session ticket - * - * \note This describes what a callback implementation should do. - * This callback should parse a session ticket as generated - * by the corresponding mbedtls_ssl_ticket_write_t function, - * and, if the ticket is authentic and valid, load the - * session. - * - * \note The implementation is allowed to modify the first len - * bytes of the input buffer, eg to use it as a temporary - * area for the decrypted ticket contents. - * - * \param p_ticket Context for the callback - * \param session SSL session to be loaded - * \param buf Start of the buffer containing the ticket - * \param len Length of the ticket. - * - * \return 0 if successful, or - * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or - * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or - * any other non-zero code for other failures. - */ -typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Configure SSL session ticket callbacks (server only). - * (Default: none.) - * - * \note On server, session tickets are enabled by providing - * non-NULL callbacks. - * - * \note On client, use \c mbedtls_ssl_conf_session_tickets(). - * - * \param conf SSL configuration context - * \param f_ticket_write Callback for writing a ticket - * \param f_ticket_parse Callback for parsing a ticket - * \param p_ticket Context shared by the two callbacks - */ -void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket); - -#if defined(MBEDTLS_HAVE_TIME) -/** - * \brief Get the creation time of a session ticket. - * - * \note See the documentation of \c ticket_creation_time for information about - * the intended usage of this function. - * - * \param session SSL session - * \param ticket_creation_time On exit, holds the ticket creation time in - * milliseconds. - * - * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid. - */ -static inline int mbedtls_ssl_session_get_ticket_creation_time( - mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) -{ - if (session == NULL || ticket_creation_time == NULL || - session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); - - return 0; -} -#endif /* MBEDTLS_HAVE_TIME */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ - -/** - * \brief Get the session-id buffer. - * - * \param session SSL session. - * - * \return The address of the session-id buffer. - */ -static inline unsigned const char (*mbedtls_ssl_session_get_id(const mbedtls_ssl_session * - session))[32] -{ - return &session->MBEDTLS_PRIVATE(id); -} - -/** - * \brief Get the size of the session-id. - * - * \param session SSL session. - * - * \return size_t size of session-id buffer. - */ -static inline size_t mbedtls_ssl_session_get_id_len(const mbedtls_ssl_session *session) -{ - return session->MBEDTLS_PRIVATE(id_len); -} - -/** - * \brief Get the ciphersuite-id. - * - * \param session SSL session. - * - * \return int represetation for ciphersuite. - */ -static inline int mbedtls_ssl_session_get_ciphersuite_id(const mbedtls_ssl_session *session) -{ - return session->MBEDTLS_PRIVATE(ciphersuite); -} - -/** - * \brief Configure a key export callback. - * (Default: none.) - * - * This API can be used for two purposes: - * - Debugging: Use this API to e.g. generate an NSSKeylog - * file and use it to inspect encrypted traffic in tools - * such as Wireshark. - * - Application-specific export: Use this API to implement - * key exporters, e.g. for EAP-TLS or DTLS-SRTP. - * - * - * \param ssl The SSL context to which the export - * callback should be attached. - * \param f_export_keys The callback for the key export. - * \param p_export_keys The opaque context pointer to be passed to the - * callback \p f_export_keys. - */ -void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys); - -/** \brief Set the user data in an SSL configuration to a pointer. - * - * You can retrieve this value later with mbedtls_ssl_conf_get_user_data_p(). - * - * \note The library stores \c p without accessing it. It is the responsibility - * of the caller to ensure that the pointer remains valid. - * - * \param conf The SSL configuration context to modify. - * \param p The new value of the user data. - */ -static inline void mbedtls_ssl_conf_set_user_data_p( - mbedtls_ssl_config *conf, - void *p) -{ - conf->MBEDTLS_PRIVATE(user_data).p = p; -} - -/** \brief Set the user data in an SSL configuration to an integer. - * - * You can retrieve this value later with mbedtls_ssl_conf_get_user_data_n(). - * - * \param conf The SSL configuration context to modify. - * \param n The new value of the user data. - */ -static inline void mbedtls_ssl_conf_set_user_data_n( - mbedtls_ssl_config *conf, - uintptr_t n) -{ - conf->MBEDTLS_PRIVATE(user_data).n = n; -} - -/** \brief Retrieve the user data in an SSL configuration as a pointer. - * - * This is the value last set with mbedtls_ssl_conf_set_user_data_p(), or - * \c NULL if mbedtls_ssl_conf_set_user_data_p() has not previously been - * called. The value is undefined if mbedtls_ssl_conf_set_user_data_n() has - * been called without a subsequent call to mbedtls_ssl_conf_set_user_data_p(). - * - * \param conf The SSL configuration context to modify. - * \return The current value of the user data. - */ -static inline void *mbedtls_ssl_conf_get_user_data_p( - mbedtls_ssl_config *conf) -{ - return conf->MBEDTLS_PRIVATE(user_data).p; -} - -/** \brief Retrieve the user data in an SSL configuration as an integer. - * - * This is the value last set with mbedtls_ssl_conf_set_user_data_n(), or - * \c 0 if mbedtls_ssl_conf_set_user_data_n() has not previously been - * called. The value is undefined if mbedtls_ssl_conf_set_user_data_p() has - * been called without a subsequent call to mbedtls_ssl_conf_set_user_data_n(). - * - * \param conf The SSL configuration context to modify. - * \return The current value of the user data. - */ -static inline uintptr_t mbedtls_ssl_conf_get_user_data_n( - mbedtls_ssl_config *conf) -{ - return conf->MBEDTLS_PRIVATE(user_data).n; -} - -/** \brief Set the user data in an SSL context to a pointer. - * - * You can retrieve this value later with mbedtls_ssl_get_user_data_p(). - * - * \note The library stores \c p without accessing it. It is the responsibility - * of the caller to ensure that the pointer remains valid. - * - * \param ssl The SSL context to modify. - * \param p The new value of the user data. - */ -static inline void mbedtls_ssl_set_user_data_p( - mbedtls_ssl_context *ssl, - void *p) -{ - ssl->MBEDTLS_PRIVATE(user_data).p = p; -} - -/** \brief Set the user data in an SSL context to an integer. - * - * You can retrieve this value later with mbedtls_ssl_get_user_data_n(). - * - * \param ssl The SSL context to modify. - * \param n The new value of the user data. - */ -static inline void mbedtls_ssl_set_user_data_n( - mbedtls_ssl_context *ssl, - uintptr_t n) -{ - ssl->MBEDTLS_PRIVATE(user_data).n = n; -} - -/** \brief Retrieve the user data in an SSL context as a pointer. - * - * This is the value last set with mbedtls_ssl_set_user_data_p(), or - * \c NULL if mbedtls_ssl_set_user_data_p() has not previously been - * called. The value is undefined if mbedtls_ssl_set_user_data_n() has - * been called without a subsequent call to mbedtls_ssl_set_user_data_p(). - * - * \param ssl The SSL context to modify. - * \return The current value of the user data. - */ -static inline void *mbedtls_ssl_get_user_data_p( - mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(user_data).p; -} - -/** \brief Retrieve the user data in an SSL context as an integer. - * - * This is the value last set with mbedtls_ssl_set_user_data_n(), or - * \c 0 if mbedtls_ssl_set_user_data_n() has not previously been - * called. The value is undefined if mbedtls_ssl_set_user_data_p() has - * been called without a subsequent call to mbedtls_ssl_set_user_data_n(). - * - * \param ssl The SSL context to modify. - * \return The current value of the user data. - */ -static inline uintptr_t mbedtls_ssl_get_user_data_n( - mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(user_data).n; -} - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -/** - * \brief Configure asynchronous private key operation callbacks. - * - * \param conf SSL configuration context - * \param f_async_sign Callback to start a signature operation. See - * the description of ::mbedtls_ssl_async_sign_t - * for more information. This may be \c NULL if the - * external processor does not support any signature - * operation; in this case the private key object - * associated with the certificate will be used. - * \param f_async_decrypt Callback to start a decryption operation. See - * the description of ::mbedtls_ssl_async_decrypt_t - * for more information. This may be \c NULL if the - * external processor does not support any decryption - * operation; in this case the private key object - * associated with the certificate will be used. - * \param f_async_resume Callback to resume an asynchronous operation. See - * the description of ::mbedtls_ssl_async_resume_t - * for more information. This may not be \c NULL unless - * \p f_async_sign and \p f_async_decrypt are both - * \c NULL. - * \param f_async_cancel Callback to cancel an asynchronous operation. See - * the description of ::mbedtls_ssl_async_cancel_t - * for more information. This may be \c NULL if - * no cleanup is needed. - * \param config_data A pointer to configuration data which can be - * retrieved with - * mbedtls_ssl_conf_get_async_config_data(). The - * library stores this value without dereferencing it. - */ -void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *config_data); - -/** - * \brief Retrieve the configuration data set by - * mbedtls_ssl_conf_async_private_cb(). - * - * \param conf SSL configuration context - * \return The configuration data set by - * mbedtls_ssl_conf_async_private_cb(). - */ -void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf); - -/** - * \brief Retrieve the asynchronous operation user context. - * - * \note This function may only be called while a handshake - * is in progress. - * - * \param ssl The SSL context to access. - * - * \return The asynchronous operation user context that was last - * set during the current handshake. If - * mbedtls_ssl_set_async_operation_data() has not yet been - * called during the current handshake, this function returns - * \c NULL. - */ -void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl); - -/** - * \brief Retrieve the asynchronous operation user context. - * - * \note This function may only be called while a handshake - * is in progress. - * - * \param ssl The SSL context to access. - * \param ctx The new value of the asynchronous operation user context. - * Call mbedtls_ssl_get_async_operation_data() later during the - * same handshake to retrieve this value. - */ -void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, - void *ctx); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -/** - * \brief Callback type: generate a cookie - * - * \param ctx Context for the callback - * \param p Buffer to write to, - * must be updated to point right after the cookie - * \param end Pointer to one past the end of the output buffer - * \param info Client ID info that was passed to - * \c mbedtls_ssl_set_client_transport_id() - * \param ilen Length of info in bytes - * - * \return The callback must return 0 on success, - * or a negative error code. - */ -typedef int mbedtls_ssl_cookie_write_t(void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *info, size_t ilen); - -/** - * \brief Callback type: verify a cookie - * - * \param ctx Context for the callback - * \param cookie Cookie to verify - * \param clen Length of cookie - * \param info Client ID info that was passed to - * \c mbedtls_ssl_set_client_transport_id() - * \param ilen Length of info in bytes - * - * \return The callback must return 0 if cookie is valid, - * or a negative error code. - */ -typedef int mbedtls_ssl_cookie_check_t(void *ctx, - const unsigned char *cookie, size_t clen, - const unsigned char *info, size_t ilen); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Register callbacks for DTLS cookies - * (Server only. DTLS only.) - * - * Default: dummy callbacks that fail, in order to force you to - * register working callbacks (and initialize their context). - * - * To disable HelloVerifyRequest, register NULL callbacks. - * - * \warning Disabling hello verification allows your server to be used - * for amplification in DoS attacks against other hosts. - * Only disable if you known this can't happen in your - * particular environment. - * - * \note See comments on \c mbedtls_ssl_handshake() about handling - * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected - * on the first handshake attempt when this is enabled. - * - * \note This is also necessary to handle client reconnection from - * the same port as described in RFC 6347 section 4.2.8 (only - * the variant with cookies is supported currently). See - * comments on \c mbedtls_ssl_read() for details. - * - * \param conf SSL configuration - * \param f_cookie_write Cookie write callback - * \param f_cookie_check Cookie check callback - * \param p_cookie Context for both callbacks - */ -void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie); - -/** - * \brief Set client's transport-level identification info. - * (Server only. DTLS only.) - * - * This is usually the IP address (and port), but could be - * anything identify the client depending on the underlying - * network stack. Used for HelloVerifyRequest with DTLS. - * This is *not* used to route the actual packets. - * - * \param ssl SSL context - * \param info Transport-level info identifying the client (eg IP + port) - * \param ilen Length of info in bytes - * - * \note An internal copy is made, so the info buffer can be reused. - * - * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. - */ -int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen); - -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -/** - * \brief Enable or disable anti-replay protection for DTLS. - * (DTLS only, no effect on TLS.) - * Default: enabled. - * - * \param conf SSL configuration - * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. - * - * \warning Disabling this is a security risk unless the application - * protocol handles duplicated packets in a safe way. You - * should not disable this without careful consideration. - * However, if your application already detects duplicated - * packets and needs information about them to adjust its - * transmission strategy, then you'll want to disable this. - */ -void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode); -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -/** - * \brief Set a limit on the number of records with a bad MAC - * before terminating the connection. - * (DTLS only, no effect on TLS.) - * Default: 0 (disabled). - * - * \param conf SSL configuration - * \param limit Limit, or 0 to disable. - * - * \note If the limit is N, then the connection is terminated when - * the Nth non-authentic record is seen. - * - * \note Records with an invalid header are not counted, only the - * ones going through the authentication-decryption phase. - * - * \note This is a security trade-off related to the fact that it's - * often relatively easy for an active attacker to inject UDP - * datagrams. On one hand, setting a low limit here makes it - * easier for such an attacker to forcibly terminated a - * connection. On the other hand, a high limit or no limit - * might make us waste resources checking authentication on - * many bogus packets. - */ -void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -/** - * \brief Allow or disallow packing of multiple handshake records - * within a single datagram. - * - * \param ssl The SSL context to configure. - * \param allow_packing This determines whether datagram packing may - * be used or not. A value of \c 0 means that every - * record will be sent in a separate datagram; a - * value of \c 1 means that, if space permits, - * multiple handshake messages (including CCS) belonging to - * a single flight may be packed within a single datagram. - * - * \note This is enabled by default and should only be disabled - * for test purposes, or if datagram packing causes - * interoperability issues with peers that don't support it. - * - * \note Allowing datagram packing reduces the network load since - * there's less overhead if multiple messages share the same - * datagram. Also, it increases the handshake efficiency - * since messages belonging to a single datagram will not - * be reordered in transit, and so future message buffering - * or flight retransmission (if no buffering is used) as - * means to deal with reordering are needed less frequently. - * - * \note Application records are not affected by this option and - * are currently always sent in separate datagrams. - * - */ -void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, - unsigned allow_packing); - -/** - * \brief Set retransmit timeout values for the DTLS handshake. - * (DTLS only, no effect on TLS.) - * - * \param conf SSL configuration - * \param min Initial timeout value in milliseconds. - * Default: 1000 (1 second). - * \param max Maximum timeout value in milliseconds. - * Default: 60000 (60 seconds). - * - * \note Default values are from RFC 6347 section 4.2.4.1. - * - * \note The 'min' value should typically be slightly above the - * expected round-trip time to your peer, plus whatever time - * it takes for the peer to process the message. For example, - * if your RTT is about 600ms and you peer needs up to 1s to - * do the cryptographic operations in the handshake, then you - * should set 'min' slightly above 1600. Lower values of 'min' - * might cause spurious resends which waste network resources, - * while larger value of 'min' will increase overall latency - * on unreliable network links. - * - * \note The more unreliable your network connection is, the larger - * your max / min ratio needs to be in order to achieve - * reliable handshakes. - * - * \note Messages are retransmitted up to log2(ceil(max/min)) times. - * For example, if min = 1s and max = 5s, the retransmit plan - * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> - * resend ... 5s -> give up and return a timeout error. - */ -void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, uint32_t min, uint32_t max); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the session cache callbacks (server-side only) - * If not set, no session resuming is done (except if session - * tickets are enabled too). - * - * The session cache has the responsibility to check for stale - * entries based on timeout. See RFC 5246 for recommendations. - * - * Warning: session.peer_cert is cleared by the SSL/TLS layer on - * connection shutdown, so do not cache the pointer! Either set - * it to NULL or make a full copy of the certificate. - * - * The get callback is called once during the initial handshake - * to enable session resuming. The get function has the - * following parameters: (void *parameter, mbedtls_ssl_session *session) - * If a valid entry is found, it should fill the master of - * the session object with the cached values and return 0, - * return 1 otherwise. Optionally peer_cert can be set as well - * if it is properly present in cache entry. - * - * The set callback is called once during the initial handshake - * to enable session resuming after the entire handshake has - * been finished. The set function has the following parameters: - * (void *parameter, const mbedtls_ssl_session *session). The function - * should create a cache entry for future retrieval based on - * the data in the session structure and should keep in mind - * that the mbedtls_ssl_session object presented (and all its referenced - * data) is cleared by the SSL/TLS layer when the connection is - * terminated. It is recommended to add metadata to determine if - * an entry is still valid in the future. Return 0 if - * successfully cached, return 1 otherwise. - * - * \param conf SSL configuration - * \param p_cache parameter (context) for both callbacks - * \param f_get_cache session get callback - * \param f_set_cache session set callback - */ -void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, - void *p_cache, - mbedtls_ssl_cache_get_t *f_get_cache, - mbedtls_ssl_cache_set_t *f_set_cache); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Load a session for session resumption. - * - * Sessions loaded through this call will be considered - * for session resumption in the next handshake. - * - * \note Even if this call succeeds, it is not guaranteed that - * the next handshake will indeed be shortened through the - * use of session resumption: The server is always free - * to reject any attempt for resumption and fall back to - * a full handshake. - * - * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption - * and ticket-based resumption will be considered. For TLS 1.3, - * sessions equate to tickets, and loading one session by - * calling this function will lead to its corresponding ticket - * being advertised as resumption PSK by the client. This - * depends on session tickets being enabled (see - * #MBEDTLS_SSL_SESSION_TICKETS configuration option) though. - * If session tickets are disabled, a call to this function - * with a TLS 1.3 session, will not have any effect on the next - * handshake for the SSL context \p ssl. - * - * \param ssl The SSL context representing the connection which should - * be attempted to be setup using session resumption. This - * must be initialized via mbedtls_ssl_init() and bound to - * an SSL configuration via mbedtls_ssl_setup(), but - * the handshake must not yet have been started. - * \param session The session to be considered for session resumption. - * This must be a session previously exported via - * mbedtls_ssl_get_session(), and potentially serialized and - * deserialized through mbedtls_ssl_session_save() and - * mbedtls_ssl_session_load() in the meantime. - * - * \return \c 0 if successful. - * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session - * could not be loaded because one session has already been - * loaded. This error is non-fatal, and has no observable - * effect on the SSL context or the session that was attempted - * to be loaded. - * \return Another negative error code on other kinds of failure. - * - * \sa mbedtls_ssl_get_session() - * \sa mbedtls_ssl_session_load() - */ -int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session); -#endif /* MBEDTLS_SSL_CLI_C */ - -/** - * \brief Load serialized session data into a session structure. - * On client, this can be used for loading saved sessions - * before resuming them with mbedtls_ssl_set_session(). - * On server, this can be used for alternative implementations - * of session cache or session tickets. - * - * \warning If a peer certificate chain is associated with the session, - * the serialized state will only contain the peer's - * end-entity certificate and the result of the chain - * verification (unless verification was disabled), but not - * the rest of the chain. - * - * \see mbedtls_ssl_session_save() - * \see mbedtls_ssl_set_session() - * - * \param session The session structure to be populated. It must have been - * initialised with mbedtls_ssl_session_init() but not - * populated yet. - * \param buf The buffer holding the serialized session data. It must be a - * readable buffer of at least \p len bytes. - * \param len The size of the serialized data in bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. - * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data - * was generated in a different version or configuration of - * Mbed TLS. - * \return Another negative value for other kinds of errors (for - * example, unsupported features in the embedded certificate). - */ -int mbedtls_ssl_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len); - -/** - * \brief Save session structure as serialized data in a buffer. - * On client, this can be used for saving session data, - * potentially in non-volatile storage, for resuming later. - * On server, this can be used for alternative implementations - * of session cache or session tickets. - * - * \see mbedtls_ssl_session_load() - * - * \param session The session structure to be saved. - * \param buf The buffer to write the serialized data to. It must be a - * writeable buffer of at least \p buf_len bytes, or may be \c - * NULL if \p buf_len is \c 0. - * \param buf_len The number of bytes available for writing in \p buf. - * \param olen The size in bytes of the data that has been or would have - * been written. It must point to a valid \c size_t. - * - * \note \p olen is updated to the correct value regardless of - * whether \p buf_len was large enough. This makes it possible - * to determine the necessary size by calling this function - * with \p buf set to \c NULL and \p buf_len to \c 0. - * - * \note For TLS 1.3 sessions, this feature is supported only if the - * MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled, - * as in TLS 1.3 session resumption is possible only with - * tickets. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the - * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled - * and the session is a TLS 1.3 session. - */ -int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen); - -/** - * \brief Set the list of allowed ciphersuites and the preference - * order. First in the list has the highest preference. - * - * For TLS 1.2, the notion of ciphersuite determines both - * the key exchange mechanism and the suite of symmetric - * algorithms to be used during and after the handshake. - * - * For TLS 1.3 (in development), the notion of ciphersuite - * only determines the suite of symmetric algorithms to be - * used during and after the handshake, while key exchange - * mechanisms are configured separately. - * - * In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3 - * are configured via this function. For users of TLS 1.3, - * there will be separate API for the configuration of key - * exchange mechanisms. - * - * The list of ciphersuites passed to this function may - * contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite - * identifiers. This is useful if negotiation of TLS 1.3 - * should be attempted, but a fallback to TLS 1.2 would - * be tolerated. - * - * \note By default, the server chooses its preferred - * ciphersuite among those that the client supports. If - * mbedtls_ssl_conf_preference_order() is called to prefer - * the client's preferences, the server instead chooses - * the client's preferred ciphersuite among those that - * the server supports. - * - * \warning The ciphersuites array \p ciphersuites is not copied. - * It must remain valid for the lifetime of the SSL - * configuration \p conf. - * - * \param conf The SSL configuration to modify. - * \param ciphersuites A 0-terminated list of IANA identifiers of supported - * ciphersuites, accessible through \c MBEDTLS_TLS_XXX - * and \c MBEDTLS_TLS1_3_XXX macros defined in - * ssl_ciphersuites.h. - */ -void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, - const int *ciphersuites); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/** - * \brief Set the supported key exchange modes for TLS 1.3 connections. - * - * In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not - * include the choice of key exchange mechanism. It is therefore not - * covered by the API mbedtls_ssl_conf_ciphersuites(). See the - * documentation of mbedtls_ssl_conf_ciphersuites() for more - * information on the ciphersuite concept in TLS 1.2 and TLS 1.3. - * - * The present function is specific to TLS 1.3 and allows users to - * configure the set of supported key exchange mechanisms in TLS 1.3. - * - * \param conf The SSL configuration the change should apply to. - * \param kex_modes A bitwise combination of one or more of the following: - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK - * This flag enables pure-PSK key exchanges. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL - * This flag enables combined PSK-ephemeral key exchanges. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL - * This flag enables pure-ephemeral key exchanges. - * For convenience, the following pre-defined macros are - * available for combinations of the above: - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL - * Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL - * Includes both pure-PSK and combined PSK-ephemeral - * key exchanges, but excludes pure-ephemeral key exchanges. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL - * Includes both pure-ephemeral and combined PSK-ephemeral - * key exchanges. - * - * \note If a PSK-based key exchange mode shall be supported, applications - * must also use the APIs mbedtls_ssl_conf_psk() or - * mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque() - * to configure the PSKs to be used. - * - * \note If a pure-ephemeral key exchange mode shall be supported, - * server-side applications must also provide a certificate via - * mbedtls_ssl_conf_own_cert(). - * - */ - -void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, - const int kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 -#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 -/** - * \brief Specify the length of Connection IDs for incoming - * encrypted DTLS records, as well as the behaviour - * on unexpected CIDs. - * - * By default, the CID length is set to \c 0, - * and unexpected CIDs are silently ignored. - * - * \param conf The SSL configuration to modify. - * \param len The length in Bytes of the CID fields in encrypted - * DTLS records using the CID mechanism. This must - * not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX. - * \param ignore_other_cids This determines the stack's behaviour when - * receiving a record with an unexpected CID. - * Possible values are: - * - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE - * In this case, the record is silently ignored. - * - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL - * In this case, the stack fails with the specific - * error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID. - * - * \note The CID specification allows implementations to either - * use a common length for all incoming connection IDs or - * allow variable-length incoming IDs. Mbed TLS currently - * requires a common length for all connections sharing the - * same SSL configuration; this allows simpler parsing of - * record headers. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len - * is too large. - */ -int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, - int ignore_other_cids); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set the X.509 security profile used for verification - * - * \note The restrictions are enforced for all certificates in the - * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). - * - * \param conf SSL configuration - * \param profile Profile to use - */ -void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile); - -/** - * \brief Set the data required to verify peer certificate - * - * \note See \c mbedtls_x509_crt_verify() for notes regarding the - * parameters ca_chain (maps to trust_ca for that function) - * and ca_crl. - * - * \param conf SSL configuration - * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) - * \param ca_crl trusted CA CRLs - */ -void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl); - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -/** - * \brief Set DN hints sent to client in CertificateRequest message - * - * \note If not set, subject distinguished names (DNs) are taken - * from \c mbedtls_ssl_conf_ca_chain() - * or \c mbedtls_ssl_set_hs_ca_chain()) - * - * \param conf SSL configuration - * \param crt crt chain whose subject DNs are issuer DNs of client certs - * from which the client should select client peer certificate. - */ -static inline -void mbedtls_ssl_conf_dn_hints(mbedtls_ssl_config *conf, - const mbedtls_x509_crt *crt) -{ - conf->MBEDTLS_PRIVATE(dn_hints) = crt; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/** - * \brief Set the trusted certificate callback. - * - * This API allows to register the set of trusted certificates - * through a callback, instead of a linked list as configured - * by mbedtls_ssl_conf_ca_chain(). - * - * This is useful for example in contexts where a large number - * of CAs are used, and the inefficiency of maintaining them - * in a linked list cannot be tolerated. It is also useful when - * the set of trusted CAs needs to be modified frequently. - * - * See the documentation of `mbedtls_x509_crt_ca_cb_t` for - * more information. - * - * \param conf The SSL configuration to register the callback with. - * \param f_ca_cb The trusted certificate callback to use when verifying - * certificate chains. - * \param p_ca_cb The context to be passed to \p f_ca_cb (for example, - * a reference to a trusted CA database). - * - * \note This API is incompatible with mbedtls_ssl_conf_ca_chain(): - * Any call to this function overwrites the values set through - * earlier calls to mbedtls_ssl_conf_ca_chain() or - * mbedtls_ssl_conf_ca_cb(). - * - * \note This API is incompatible with CA indication in - * CertificateRequest messages: A server-side SSL context which - * is bound to an SSL configuration that uses a CA callback - * configured via mbedtls_ssl_conf_ca_cb(), and which requires - * client authentication, will send an empty CA list in the - * corresponding CertificateRequest message. - * - * \note This API is incompatible with mbedtls_ssl_set_hs_ca_chain(): - * If an SSL context is bound to an SSL configuration which uses - * CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then - * calls to mbedtls_ssl_set_hs_ca_chain() have no effect. - * - * \note The use of this API disables the use of restartable ECC - * during X.509 CRT signature verification (but doesn't affect - * other uses). - * - * \warning This API is incompatible with the use of CRLs. Any call to - * mbedtls_ssl_conf_ca_cb() unsets CRLs configured through - * earlier calls to mbedtls_ssl_conf_ca_chain(). - * - * \warning In multi-threaded environments, the callback \p f_ca_cb - * must be thread-safe, and it is the user's responsibility - * to guarantee this (for example through a mutex - * contained in the callback context pointed to by \p p_ca_cb). - */ -void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/** - * \brief Set own certificate chain and private key - * - * \note own_cert should contain in order from the bottom up your - * certificate chain. The top certificate (self-signed) - * can be omitted. - * - * \note On server, this function can be called multiple times to - * provision more than one cert/key pair (eg one ECDSA, one - * RSA with SHA-256, one RSA with SHA-1). An adequate - * certificate will be selected according to the client's - * advertised capabilities. In case multiple certificates are - * adequate, preference is given to the one set by the first - * call to this function, then second, etc. - * - * \note On client, only the first call has any effect. That is, - * only one client certificate can be provisioned. The - * server's preferences in its CertificateRequest message will - * be ignored and our only cert will be sent regardless of - * whether it matches those preferences - the server can then - * decide what it wants to do with it. - * - * \note The provided \p pk_key needs to match the public key in the - * first certificate in \p own_cert, or all handshakes using - * that certificate will fail. It is your responsibility - * to ensure that; this function will not perform any check. - * You may use mbedtls_pk_check_pair() in order to perform - * this check yourself, but be aware that this function can - * be computationally expensive on some key types. - * - * \param conf SSL configuration - * \param own_cert own public certificate chain - * \param pk_key own private key - * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED - */ -int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -/** - * \brief Configure pre-shared keys (PSKs) and their - * identities to be used in PSK-based ciphersuites. - * - * Only one PSK can be registered, through either - * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). - * If you attempt to register more than one PSK, this function - * fails, though this may change in future versions, which - * may add support for multiple PSKs. - * - * \note This is mainly useful for clients. Servers will usually - * want to use \c mbedtls_ssl_conf_psk_cb() instead. - * - * \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback - * takes precedence over a PSK configured by this function. - * - * \param conf The SSL configuration to register the PSK with. - * \param psk The pointer to the pre-shared key to use. - * \param psk_len The length of the pre-shared key in bytes. - * \param psk_identity The pointer to the pre-shared key identity. - * \param psk_identity_len The length of the pre-shared key identity - * in bytes. - * - * \note The PSK and its identity are copied internally and - * hence need not be preserved by the caller for the lifetime - * of the SSL configuration. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs - * can be configured. In this case, the old PSK(s) remain intact. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Configure one or more opaque pre-shared keys (PSKs) and - * their identities to be used in PSK-based ciphersuites. - * - * Only one PSK can be registered, through either - * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). - * If you attempt to register more than one PSK, this function - * fails, though this may change in future versions, which - * may add support for multiple PSKs. - * - * \note This is mainly useful for clients. Servers will usually - * want to use \c mbedtls_ssl_conf_psk_cb() instead. - * - * \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in - * the PSK callback takes precedence over an opaque PSK - * configured by this function. - * - * \param conf The SSL configuration to register the PSK with. - * \param psk The identifier of the key slot holding the PSK. - * Until \p conf is destroyed or this function is successfully - * called again, the key slot \p psk must be populated with a - * key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy - * allows its use for the key derivation algorithm applied - * in the handshake. - * \param psk_identity The pointer to the pre-shared key identity. - * \param psk_identity_len The length of the pre-shared key identity - * in bytes. - * - * \note The PSK identity hint is copied internally and hence need - * not be preserved by the caller for the lifetime of the - * SSL configuration. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs - * can be configured. In this case, the old PSK(s) remain intact. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, - mbedtls_svc_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/** - * \brief Set the pre-shared Key (PSK) for the current handshake. - * - * \note This should only be called inside the PSK callback, - * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). - * - * \note A PSK set by this function takes precedence over a PSK - * configured by \c mbedtls_ssl_conf_psk(). - * - * \param ssl The SSL context to configure a PSK for. - * \param psk The pointer to the pre-shared key. - * \param psk_len The length of the pre-shared key in bytes. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. - */ -int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Set an opaque pre-shared Key (PSK) for the current handshake. - * - * \note This should only be called inside the PSK callback, - * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). - * - * \note An opaque PSK set by this function takes precedence over an - * opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque(). - * - * \param ssl The SSL context to configure a PSK for. - * \param psk The identifier of the key slot holding the PSK. - * For the duration of the current handshake, the key slot - * must be populated with a key of type - * PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its - * use for the key derivation algorithm - * applied in the handshake. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. - */ -int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t psk); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the PSK callback (server-side only). - * - * If set, the PSK callback is called for each - * handshake where a PSK-based ciphersuite was negotiated. - * The caller provides the identity received and wants to - * receive the actual PSK data and length. - * - * The callback has the following parameters: - * - \c void*: The opaque pointer \p p_psk. - * - \c mbedtls_ssl_context*: The SSL context to which - * the operation applies. - * - \c const unsigned char*: The PSK identity - * selected by the client. - * - \c size_t: The length of the PSK identity - * selected by the client. - * - * If a valid PSK identity is found, the callback should use - * \c mbedtls_ssl_set_hs_psk() or - * \c mbedtls_ssl_set_hs_psk_opaque() - * on the SSL context to set the correct PSK and return \c 0. - * Any other return value will result in a denied PSK identity. - * - * \note A dynamic PSK (i.e. set by the PSK callback) takes - * precedence over a static PSK (i.e. set by - * \c mbedtls_ssl_conf_psk() or - * \c mbedtls_ssl_conf_psk_opaque()). - * This means that if you set a PSK callback using this - * function, you don't need to set a PSK using - * \c mbedtls_ssl_conf_psk() or - * \c mbedtls_ssl_conf_psk_opaque()). - * - * \param conf The SSL configuration to register the callback with. - * \param f_psk The callback for selecting and setting the PSK based - * in the PSK identity chosen by the client. - * \param p_psk A pointer to an opaque structure to be passed to - * the callback, for example a PSK store. - */ -void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk); -#endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the Diffie-Hellman public P and G values - * from big-endian binary presentations. - * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN) - * - * \param conf SSL configuration - * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form - * \param P_len Length of DHM modulus - * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form - * \param G_len Length of DHM generator - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len); - -/** - * \brief Set the Diffie-Hellman public P and G values, - * read from existing context (server-side only) - * - * \param conf SSL configuration - * \param dhm_ctx Diffie-Hellman-Merkle context - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx); -#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Set the minimum length for Diffie-Hellman parameters. - * (Client-side only.) - * (Default: 1024 bits.) - * - * \param conf SSL configuration - * \param bitlen Minimum bit length of the DHM prime - */ -void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, - unsigned int bitlen); -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the allowed curves in order of preference. - * - * On server: this only affects selection of the ECDHE curve; - * the curves used for ECDH and ECDSA are determined by the - * list of available certificates instead. - * - * On client: this affects the list of curves offered for any - * use. The server can override our preference order. - * - * Both sides: limits the set of curves accepted for use in - * ECDHE and in the peer's end-entity certificate. - * - * \deprecated Superseded by mbedtls_ssl_conf_groups(). - * - * \note This has no influence on which curves are allowed inside the - * certificate chains, see \c mbedtls_ssl_conf_cert_profile() - * for that. For the end-entity certificate however, the key - * will be accepted only if it is allowed both by this list - * and by the cert profile. - * - * \note This list should be ordered by decreasing preference - * (preferred curve first). - * - * \note The default list is the same set of curves that - * #mbedtls_x509_crt_profile_default allows, plus - * ECDHE-only curves selected according to the same criteria. - * The order favors curves with the lowest resource usage. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * New minor versions of Mbed TLS may change the order in - * keeping with the general principle of favoring the lowest - * resource usage. - * - * \param conf SSL configuration - * \param curves Ordered list of allowed curves, - * terminated by MBEDTLS_ECP_DP_NONE. - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - -/** - * \brief Set the allowed groups in order of preference. - * - * On server: This only affects the choice of key agreement mechanism - * - * On client: this affects the list of groups offered for any - * use. The server can override our preference order. - * - * Both sides: limits the set of groups accepted for use in - * key sharing. - * - * \note This function replaces the deprecated mbedtls_ssl_conf_curves(), - * which only allows ECP curves to be configured. - * - * \note The most recent invocation of either mbedtls_ssl_conf_curves() - * or mbedtls_ssl_conf_groups() nullifies all previous invocations - * of both. - * - * \note This list should be ordered by decreasing preference - * (preferred group first). - * - * \note When this function is not called, a default list is used, - * consisting of all supported curves at 255 bits and above, - * and all supported finite fields at 2048 bits and above. - * The order favors groups with the lowest resource usage. - * - * \note New minor versions of Mbed TLS will not remove items - * from the default list unless serious security concerns require it. - * New minor versions of Mbed TLS may change the order in - * keeping with the general principle of favoring the lowest - * resource usage. - * - * \param conf SSL configuration - * \param groups List of allowed groups ordered by preference, terminated by 0. - * Must contain valid IANA NamedGroup IDs (provided via either an integer - * or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros). - */ -void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, - const uint16_t *groups); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/** - * \brief Set the allowed hashes for signatures during the handshake. - * - * \note This only affects which hashes are offered and can be used - * for signatures during the handshake. Hashes for message - * authentication and the TLS PRF are controlled by the - * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes - * used for certificate signature are controlled by the - * verification profile, see \c mbedtls_ssl_conf_cert_profile(). - * - * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). - * - * \note This list should be ordered by decreasing preference - * (preferred hash first). - * - * \note By default, all supported hashes whose length is at least - * 256 bits are allowed. This is the same set as the default - * for certificate verification - * (#mbedtls_x509_crt_profile_default). - * The preference order is currently unspecified and may - * change in future versions. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * - * \param conf SSL configuration - * \param hashes Ordered list of allowed signature hashes, - * terminated by \c MBEDTLS_MD_NONE. - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes); -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ - -/** - * \brief Configure allowed signature algorithms for use in TLS - * - * \param conf The SSL configuration to use. - * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, - * terminated by #MBEDTLS_TLS1_3_SIG_NONE. The list must remain - * available throughout the lifetime of the conf object. - * - For TLS 1.3, values of \c MBEDTLS_TLS1_3_SIG_XXXX should be - * used. - * - For TLS 1.2, values should be given as - * "(HashAlgorithm << 8) | SignatureAlgorithm". - */ -void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, - const uint16_t *sig_algs); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, - * too, if that extension is enabled. (client-side only) - * - * \param ssl SSL context - * \param hostname the server hostname, may be NULL to clear hostname - - * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. - * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on - * too long input hostname. - * - * Hostname set to the one provided on success (cleared - * when NULL). On allocation failure hostname is cleared. - * On too long input failure, old hostname is unchanged. - */ -int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname); - -/** - * \brief Get the hostname that checked against the received - * server certificate. It is used to set the ServerName - * TLS extension, too, if that extension is enabled. - * (client-side only) - * - * \param ssl SSL context - * - * \return const pointer to the hostname value - */ -static inline const char *mbedtls_ssl_get_hostname(mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(hostname); -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -/** - * \brief Retrieve SNI extension value for the current handshake. - * Available in \c f_cert_cb of \c mbedtls_ssl_conf_cert_cb(), - * this is the same value passed to \c f_sni callback of - * \c mbedtls_ssl_conf_sni() and may be used instead of - * \c mbedtls_ssl_conf_sni(). - * - * \param ssl SSL context - * \param name_len pointer into which to store length of returned value. - * 0 if SNI extension is not present or not yet processed. - * - * \return const pointer to SNI extension value. - * - value is valid only when called in \c f_cert_cb - * registered with \c mbedtls_ssl_conf_cert_cb(). - * - value is NULL if SNI extension is not present. - * - value is not '\0'-terminated. Use \c name_len for len. - * - value must not be freed. - */ -const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, - size_t *name_len); - -/** - * \brief Set own certificate and key for the current handshake - * - * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within - * the SNI callback or the certificate selection callback. - * - * \note Passing null \c own_cert clears the certificate list for - * the current handshake. - * - * \param ssl SSL context - * \param own_cert own public certificate chain - * \param pk_key own private key - * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED - */ -int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key); - -/** - * \brief Set the data required to verify peer certificate for the - * current handshake - * - * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within - * the SNI callback or the certificate selection callback. - * - * \param ssl SSL context - * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) - * \param ca_crl trusted CA CRLs - */ -void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl); - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -/** - * \brief Set DN hints sent to client in CertificateRequest message - * - * \note Same as \c mbedtls_ssl_conf_dn_hints() but for use within - * the SNI callback or the certificate selection callback. - * - * \param ssl SSL context - * \param crt crt chain whose subject DNs are issuer DNs of client certs - * from which the client should select client peer certificate. - */ -void mbedtls_ssl_set_hs_dn_hints(mbedtls_ssl_context *ssl, - const mbedtls_x509_crt *crt); -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -/** - * \brief Set authmode for the current handshake. - * - * \note Same as \c mbedtls_ssl_conf_authmode() but for use within - * the SNI callback or the certificate selection callback. - * - * \param ssl SSL context - * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or - * MBEDTLS_SSL_VERIFY_REQUIRED - */ -void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, - int authmode); - -/** - * \brief Set server side ServerName TLS extension callback - * (optional, server-side only). - * - * If set, the ServerName callback is called whenever the - * server receives a ServerName TLS extension from the client - * during a handshake. The ServerName callback has the - * following parameters: (void *parameter, mbedtls_ssl_context *ssl, - * const unsigned char *hostname, size_t len). If a suitable - * certificate is found, the callback must set the - * certificate(s) and key(s) to use with \c - * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly), - * and may optionally adjust the CA and associated CRL with \c - * mbedtls_ssl_set_hs_ca_chain() as well as the client - * authentication mode with \c mbedtls_ssl_set_hs_authmode(), - * then must return 0. If no matching name is found, the - * callback may return non-zero to abort the handshake. - * - * \param conf SSL configuration - * \param f_sni verification function - * \param p_sni verification parameter - */ -void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_sni); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -/** - * \brief Set the EC J-PAKE password for current handshake. - * - * \note An internal copy is made, and destroyed as soon as the - * handshake is completed, or when the SSL context is reset or - * freed. - * - * \note The SSL context needs to be already set up. The right place - * to call this function is between \c mbedtls_ssl_setup() or - * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). - * Password cannot be empty (see RFC 8236). - * - * \param ssl SSL context - * \param pw EC J-PAKE password (pre-shared secret). It cannot be empty - * \param pw_len length of pw in bytes - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len); - -/** - * \brief Set the EC J-PAKE opaque password for current handshake. - * - * \note The key must remain valid until the handshake is over. - * - * \note The SSL context needs to be already set up. The right place - * to call this function is between \c mbedtls_ssl_setup() or - * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). - * - * \param ssl SSL context - * \param pwd EC J-PAKE opaque password - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t pwd); -#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) -/** - * \brief Set the supported Application Layer Protocols. - * - * \param conf SSL configuration - * \param protos Pointer to a NULL-terminated list of supported protocols, - * in decreasing preference order. The pointer to the list is - * recorded by the library for later reference as required, so - * the lifetime of the table must be at least as long as the - * lifetime of the SSL configuration structure. - * - * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. - */ -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); - -/** - * \brief Get the name of the negotiated Application Layer Protocol. - * This function should be called after the handshake is - * completed. - * - * \param ssl SSL context - * - * \return Protocol name, or NULL if no protocol was negotiated. - */ -const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile) -{ - switch (profile) { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; - default: break; - } - return ""; -} -#endif /* MBEDTLS_DEBUG_C */ -/** - * \brief Manage support for mki(master key id) value - * in use_srtp extension. - * MKI is an optional part of SRTP used for key management - * and re-keying. See RFC3711 section 3.1 for details. - * The default value is - * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. - * - * \param conf The SSL configuration to manage mki support. - * \param support_mki_value Enable or disable mki usage. Values are - * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED - * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. - */ -void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, - int support_mki_value); - -/** - * \brief Set the supported DTLS-SRTP protection profiles. - * - * \param conf SSL configuration - * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated - * supported protection profiles - * in decreasing preference order. - * The pointer to the list is recorded by the library - * for later reference as required, so the lifetime - * of the table must be at least as long as the lifetime - * of the SSL configuration structure. - * The list must not hold more than - * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements - * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). - * - * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of - * protection profiles is incorrect. - */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles - (mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles); - -/** - * \brief Set the mki_value for the current DTLS-SRTP session. - * - * \param ssl SSL context to use. - * \param mki_value The MKI value to set. - * \param mki_len The length of the MKI value. - * - * \note This function is relevant on client side only. - * The server discovers the mki value during handshake. - * A mki value set on server side using this function - * is ignored. - * - * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - */ -int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len); -/** - * \brief Get the negotiated DTLS-SRTP information: - * Protection profile and MKI value. - * - * \warning This function must be called after the handshake is - * completed. The value returned by this function must - * not be trusted or acted upon before the handshake completes. - * - * \param ssl The SSL context to query. - * \param dtls_srtp_info The negotiated DTLS-SRTP information: - * - Protection profile in use. - * A direct mapping of the iana defined value for protection - * profile on an uint16_t. - http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated - * or peer's Hello packet was not parsed yet. - * - mki size and value( if size is > 0 ). - */ -void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side. - * - * See also the documentation of mbedtls_ssl_conf_min_version(). - * - * \note This ignores ciphersuites from higher versions. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_max_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \param conf SSL configuration - * \param tls_version TLS protocol version number (\c mbedtls_ssl_protocol_version) - * (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid) - */ -static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, - mbedtls_ssl_protocol_version tls_version) -{ - conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the minimum accepted SSL/TLS protocol version - * - * \note By default, all supported versions are accepted. - * Future versions of the library may disable older - * protocol versions by default if they become deprecated. - * - * \note The following versions are supported (if enabled at - * compile time): - * - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_3 - * - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_4 - * - * Note that the numbers in the constant names are the - * TLS internal protocol numbers, and the minor versions - * differ by one from the human-readable versions! - * - * \note Input outside of the SSL_MAX_XXXXX_VERSION and - * SSL_MIN_XXXXX_VERSION range is ignored. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_min_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -/** - * \brief Set the minimum supported version sent from the client side - * and/or accepted at the server side. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \param conf SSL configuration - * \param tls_version TLS protocol version number (\c mbedtls_ssl_protocol_version) - * (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid) - */ -static inline void mbedtls_ssl_conf_min_tls_version(mbedtls_ssl_config *conf, - mbedtls_ssl_protocol_version tls_version) -{ - conf->MBEDTLS_PRIVATE(min_tls_version) = tls_version; -} - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -/** - * \brief Enable or disable Encrypt-then-MAC - * (Default: MBEDTLS_SSL_ETM_ENABLED) - * - * \note This should always be enabled, it is a security - * improvement, and should not cause any interoperability - * issue (used only if the peer supports it too). - * - * \param conf SSL configuration - * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED - */ -void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -/** - * \brief Enable or disable Extended Master Secret negotiation. - * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED) - * - * \note This should always be enabled, it is a security fix to the - * protocol, and should not cause any interoperability issue - * (used only if the peer supports it too). - * - * \param conf SSL configuration - * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED - */ -void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems); -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Whether to send a list of acceptable CAs in - * CertificateRequest messages. - * (Default: do send) - * - * \param conf SSL configuration - * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or - * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED - */ -void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, - char cert_req_ca_list); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/** - * \brief Set the maximum fragment length to emit and/or negotiate. - * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and - * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes) - * (Server: set maximum fragment length to emit, - * usually negotiated by the client during handshake) - * (Client: set maximum fragment length to emit *and* - * negotiate with the server during handshake) - * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE) - * - * \note On the client side, the maximum fragment length extension - * *will not* be used, unless the maximum fragment length has - * been set via this function to a value different than - * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE. - * - * \note With TLS, this currently only affects ApplicationData (sent - * with \c mbedtls_ssl_read()), not handshake messages. - * With DTLS, this affects both ApplicationData and handshake. - * - * \note This sets the maximum length for a record's payload, - * excluding record overhead that will be added to it, see - * \c mbedtls_ssl_get_record_expansion(). - * - * \note For DTLS, it is also possible to set a limit for the total - * size of datagrams passed to the transport layer, including - * record overhead, see \c mbedtls_ssl_set_mtu(). - * - * \param conf SSL configuration - * \param mfl_code Code for maximum fragment length (allowed values: - * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, - * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) - * - * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA - */ -int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Pick the ciphersuites order according to the second parameter - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER) - * - * \param conf SSL configuration - * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER - * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) - */ -void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Enable / Disable session tickets (client only). - * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) - * - * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb(). - * - * \param conf SSL configuration - * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or - * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) - */ -void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) -/** - * \brief Number of NewSessionTicket messages for the server to send - * after handshake completion. - * - * \note The default value is - * \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS. - * - * \note In case of a session resumption, this setting only partially apply. - * At most one ticket is sent in that case to just renew the pool of - * tickets of the client. The rationale is to avoid the number of - * tickets on the server to become rapidly out of control when the - * server has the same configuration for all its connection instances. - * - * \param conf SSL configuration - * \param num_tickets Number of NewSessionTicket. - * - */ -void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf, - uint16_t num_tickets); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_PROTO_TLS1_3*/ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Enable / Disable renegotiation support for connection when - * initiated by peer - * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) - * - * \warning It is recommended to always disable renegotiation unless you - * know you need it and you know what you're doing. In the - * past, there have been several issues associated with - * renegotiation or a poor understanding of its properties. - * - * \note Server-side, enabling renegotiation also makes the server - * susceptible to a resource DoS by a malicious client. - * - * \param conf SSL configuration - * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or - * MBEDTLS_SSL_RENEGOTIATION_DISABLED) - */ -void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Prevent or allow legacy renegotiation. - * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) - * - * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to - * be established even if the peer does not support - * secure renegotiation, but does not allow renegotiation - * to take place if not secure. - * (Interoperable and secure option) - * - * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations - * with non-upgraded peers. Allowing legacy renegotiation - * makes the connection vulnerable to specific man in the - * middle attacks. (See RFC 5746) - * (Most interoperable and least secure option) - * - * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections - * if peer does not support secure renegotiation. Results - * in interoperability issues with non-upgraded peers - * that do not support renegotiation altogether. - * (Most secure option, interoperability issues) - * - * \param conf SSL configuration - * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, - * SSL_ALLOW_LEGACY_RENEGOTIATION or - * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) - */ -void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Enforce renegotiation requests. - * (Default: enforced, max_records = 16) - * - * When we request a renegotiation, the peer can comply or - * ignore the request. This function allows us to decide - * whether to enforce our renegotiation requests by closing - * the connection if the peer doesn't comply. - * - * However, records could already be in transit from the peer - * when the request is emitted. In order to increase - * reliability, we can accept a number of records before the - * expected handshake records. - * - * The optimal value is highly dependent on the specific usage - * scenario. - * - * \note With DTLS and server-initiated renegotiation, the - * HelloRequest is retransmitted every time mbedtls_ssl_read() times - * out or receives Application Data, until: - * - max_records records have beens seen, if it is >= 0, or - * - the number of retransmits that would happen during an - * actual handshake has been reached. - * Please remember the request might be lost a few times - * if you consider setting max_records to a really low value. - * - * \warning On client, the grace period can only happen during - * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate() - * which always behave as if max_record was 0. The reason is, - * if we receive application data from the server, we need a - * place to write it, which only happens during mbedtls_ssl_read(). - * - * \param conf SSL configuration - * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to - * enforce renegotiation, or a non-negative value to enforce - * it but allow for a grace period of max_records records. - */ -void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records); - -/** - * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^48 - 1) - * - * Renegotiation is automatically triggered when a record - * counter (outgoing or incoming) crosses the defined - * threshold. The default value is meant to prevent the - * connection from being closed when the counter is about to - * reached its maximal value (it is not allowed to wrap). - * - * Lower values can be used to enforce policies such as "keys - * must be refreshed every N packets with cipher X". - * - * The renegotiation period can be disabled by setting - * conf->disable_renegotiation to - * MBEDTLS_SSL_RENEGOTIATION_DISABLED. - * - * \note When the configured transport is - * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation - * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, - * the maximum renegotiation period is 2^64 - 1. - * - * \param conf SSL configuration - * \param period The threshold value: a big-endian 64-bit number. - */ -void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, - const unsigned char period[8]); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Check if there is data already read from the - * underlying transport but not yet processed. - * - * \param ssl SSL context - * - * \return 0 if nothing's pending, 1 otherwise. - * - * \note This is different in purpose and behaviour from - * \c mbedtls_ssl_get_bytes_avail in that it considers - * any kind of unprocessed data, not only unread - * application data. If \c mbedtls_ssl_get_bytes - * returns a non-zero value, this function will - * also signal pending data, but the converse does - * not hold. For example, in DTLS there might be - * further records waiting to be processed from - * the current underlying transport's datagram. - * - * \note If this function returns 1 (data pending), this - * does not imply that a subsequent call to - * \c mbedtls_ssl_read will provide any data; - * e.g., the unprocessed data might turn out - * to be an alert or a handshake message. - * - * \note This function is useful in the following situation: - * If the SSL/TLS module successfully returns from an - * operation - e.g. a handshake or an application record - * read - and you're awaiting incoming data next, you - * must not immediately idle on the underlying transport - * to have data ready, but you need to check the value - * of this function first. The reason is that the desired - * data might already be read but not yet processed. - * If, in contrast, a previous call to the SSL/TLS module - * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary - * to call this function, as the latter error code entails - * that all internal data has been processed. - * - */ -int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the number of application data bytes - * remaining to be read from the current record. - * - * \param ssl SSL context - * - * \return How many bytes are available in the application - * data record read buffer. - * - * \note When working over a datagram transport, this is - * useful to detect the current datagram's boundary - * in case \c mbedtls_ssl_read has written the maximal - * amount of data fitting into the input buffer. - * - */ -size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the result of the certificate verification - * - * \param ssl The SSL context to use. - * - * \return \c 0 if the certificate verification was successful. - * \return \c -1u if the result is not available. This may happen - * e.g. if the handshake aborts early, or a verification - * callback returned a fatal error. - * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX - * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. - */ -uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the id of the current ciphersuite - * - * \param ssl SSL context - * - * \return a ciphersuite id - */ -int mbedtls_ssl_get_ciphersuite_id_from_ssl(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the name of the current ciphersuite - * - * \param ssl SSL context - * - * \return a string containing the ciphersuite name - */ -const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl); - - -/** - * \brief Return the (D)TLS protocol version negotiated in the - * given connection. - * - * \note If you call this function too early during the initial - * handshake, before the two sides have agreed on a version, - * this function returns #MBEDTLS_SSL_VERSION_UNKNOWN. - * - * \param ssl The SSL context to query. - * \return The negotiated protocol version. - */ -static inline mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number( - const mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(tls_version); -} - -/** - * \brief Return the current TLS version - * - * \param ssl SSL context - * - * \return a string containing the TLS version - */ -const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the (maximum) number of bytes added by the record - * layer: header + encryption/MAC overhead (inc. padding) - * - * \param ssl SSL context - * - * \return Current maximum record expansion in bytes - */ -int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the current maximum outgoing record payload in bytes. - * - * \note The logic to determine the maximum outgoing record payload is - * version-specific. It takes into account various factors, such as - * the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions - * such as the max fragment length or record size limit extension if - * used, and for DTLS the path MTU as configured and current - * record expansion. - * - * \note With DTLS, \c mbedtls_ssl_write() will return an error if - * called with a larger length value. - * With TLS, \c mbedtls_ssl_write() will fragment the input if - * necessary and return the number of bytes written; it is up - * to the caller to call \c mbedtls_ssl_write() again in - * order to send the remaining bytes if any. - * - * \sa mbedtls_ssl_get_max_out_record_payload() - * \sa mbedtls_ssl_get_record_expansion() - * - * \param ssl SSL context - * - * \return Current maximum payload for an outgoing record, - * or a negative error code. - */ -int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the current maximum incoming record payload in bytes. - * - * \note The logic to determine the maximum incoming record payload is - * version-specific. It takes into account various factors, such as - * the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions - * such as the max fragment length extension or record size limit - * extension if used, and the current record expansion. - * - * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_max_in_record_payload() - * \sa mbedtls_ssl_get_record_expansion() - * - * \param ssl SSL context - * - * \return Current maximum payload for an incoming record, - * or a negative error code. - */ -int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Return the peer certificate from the current connection. - * - * \param ssl The SSL context to use. This must be initialized and setup. - * - * \return The current peer certificate, if available. - * The returned certificate is owned by the SSL context and - * is valid only until the next call to the SSL API. - * \return \c NULL if no peer certificate is available. This might - * be because the chosen ciphersuite doesn't use CRTs - * (PSK-based ciphersuites, for example), or because - * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, - * allowing the stack to free the peer's CRT to save memory. - * - * \note For one-time inspection of the peer's certificate during - * the handshake, consider registering an X.509 CRT verification - * callback through mbedtls_ssl_conf_verify() instead of calling - * this function. Using mbedtls_ssl_conf_verify() also comes at - * the benefit of allowing you to influence the verification - * process, for example by masking expected and tolerated - * verification failures. - * - * \warning You must not use the pointer returned by this function - * after any further call to the SSL API, including - * mbedtls_ssl_read() and mbedtls_ssl_write(); this is - * because the pointer might change during renegotiation, - * which happens transparently to the user. - * If you want to use the certificate across API calls, - * you must make a copy. - */ -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Export a session in order to resume it later. - * - * \param ssl The SSL context representing the connection for which to - * to export a session structure for later resumption. - * \param session The target structure in which to store the exported session. - * This must have been initialized with mbedtls_ssl_session_init() - * but otherwise be unused. - * - * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption and - * ticket-based resumption will be considered. For TLS 1.3, - * sessions equate to tickets, and if session tickets are - * enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration - * option), this function exports the last received ticket and - * the exported session may be used to resume the TLS 1.3 - * session. If session tickets are disabled, exported sessions - * cannot be used to resume a TLS 1.3 session. - * - * \return \c 0 if successful. In this case, \p session can be used for - * session resumption by passing it to mbedtls_ssl_set_session(), - * and serialized for storage via mbedtls_ssl_session_save(). - * \return Another negative error code on other kinds of failure. - * - * \sa mbedtls_ssl_set_session() - * \sa mbedtls_ssl_session_save() - */ -int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *session); -#endif /* MBEDTLS_SSL_CLI_C */ - -/** - * \brief Perform the SSL handshake - * - * \param ssl SSL context - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use - * and the client did not demonstrate reachability yet - in - * this case you must stop using the context (see below). - * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as - * defined in RFC 8446 (TLS 1.3 specification), has been - * received as part of the handshake. This is server specific - * and may occur only if the early data feature has been - * enabled on server (see mbedtls_ssl_conf_early_data() - * documentation). You must call mbedtls_ssl_read_early_data() - * to read the early data before resuming the handshake. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note If DTLS is in use, then you may choose to handle - * #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging - * purposes, as it is an expected return value rather than an - * actual error, but you still need to reset/free the context. - * - * \note Remarks regarding event-driven DTLS: - * If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram - * from the underlying transport layer is currently being processed, - * and it is safe to idle until the timer or the underlying transport - * signal a new event. This is not true for a successful handshake, - * in which case the datagram of the underlying transport that is - * currently being processed might or might not contain further - * DTLS records. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - */ -int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); - -/** - * \brief After calling mbedtls_ssl_handshake() to start the SSL - * handshake you can call this function to check whether the - * handshake is over for a given SSL context. This function - * should be also used to determine when to stop calling - * mbedtls_handshake_step() for that context. - * - * \param ssl SSL context - * - * \return \c 1 if handshake is over, \c 0 if it is still ongoing. - */ -static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(state) >= MBEDTLS_SSL_HANDSHAKE_OVER; -} - -/** - * \brief Perform a single step of the SSL handshake - * - * \note The state of the context (ssl->state) will be at - * the next state after this function returns \c 0. Do not - * call this function if mbedtls_ssl_is_handshake_over() - * returns \c 1. - * - * \warning Whilst in the past you may have used direct access to the - * context state (ssl->state) in order to ascertain when to - * stop calling this function and although you can still do - * so with something like ssl->MBEDTLS_PRIVATE(state) or by - * defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now - * considered deprecated and could be broken in any future - * release. If you still find you have good reason for such - * direct access, then please do contact the team to explain - * this (raise an issue or post to the mailing list), so that - * we can add a solution to your problem that will be - * guaranteed to work in the future. - * - * \param ssl SSL context - * - * \return See mbedtls_ssl_handshake(). - * - * \warning If this function returns something other than \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using - * the SSL context for reading or writing, and either free it - * or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. - */ -int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Initiate an SSL renegotiation on the running connection. - * Client: perform the renegotiation right now. - * Server: request renegotiation, which will be performed - * during the next call to mbedtls_ssl_read() if honored by - * client. - * - * \param ssl SSL context - * - * \return 0 if successful, or any mbedtls_ssl_handshake() return - * value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't - * happen during a renegotiation. - * - * \warning If this function returns something other than \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using - * the SSL context for reading or writing, and either free it - * or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. - * - */ -int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Read at most 'len' application data bytes - * - * \param ssl SSL context - * \param buf buffer that will hold the data - * \param len maximum number of bytes to read - * - * \return The (positive) number of bytes read if successful. - * \return \c 0 if the read end of the underlying transport was closed - * without sending a CloseNotify beforehand, which might happen - * because of various reasons (internal error of an underlying - * stack, non-conformant peer not sending a CloseNotify and - * such) - in this case you must stop using the context - * (see below). - * \return #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying - * transport is still functional, but the peer has - * acknowledged to not send anything anymore. - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server - * side of a DTLS connection and the client is initiating a - * new connection using the same source port. See below. - * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as - * defined in RFC 8446 (TLS 1.3 specification), has been - * received as part of the handshake. This is server specific - * and may occur only if the early data feature has been - * enabled on server (see mbedtls_ssl_conf_early_data() - * documentation). You must call mbedtls_ssl_read_early_data() - * to read the early data before resuming the handshake. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * a positive value, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT - * (which can only happen server-side), it means that a client - * is initiating a new connection using the same source port. - * You can either treat that as a connection close and wait - * for the client to resend a ClientHello, or directly - * continue with \c mbedtls_ssl_handshake() with the same - * context (as it has been reset internally). Either way, you - * must make sure this is seen by the application as a new - * connection: application state, if any, should be reset, and - * most importantly the identity of the client must be checked - * again. WARNING: not validating the identity of the client - * again, or not transmitting the new identity to the - * application layer, would allow authentication bypass! - * - * \note Remarks regarding event-driven DTLS: - * - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram - * from the underlying transport layer is currently being processed, - * and it is safe to idle until the timer or the underlying transport - * signal a new event. - * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was - * initially available on the underlying transport, as this data may have - * been only e.g. duplicated messages or a renegotiation request. - * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even - * when reacting to an incoming-data event from the underlying transport. - * - On success, the datagram of the underlying transport that is currently - * being processed may contain further DTLS records. You should call - * \c mbedtls_ssl_check_pending to check for remaining records. - * - */ -int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); - -/** - * \brief Try to write exactly 'len' application data bytes - * - * \warning This function will do partial writes in some cases. If the - * return value is non-negative but less than length, the - * function must be called again with updated arguments: - * buf + ret, len - ret (if ret is the return value) until - * it returns a value equal to the last 'len' argument. - * - * \param ssl SSL context - * \param buf buffer holding the data - * \param len how many bytes must be written - * - * \return The (non-negative) number of bytes actually written if - * successful (may be less than \p len). - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as - * defined in RFC 8446 (TLS 1.3 specification), has been - * received as part of the handshake. This is server specific - * and may occur only if the early data feature has been - * enabled on server (see mbedtls_ssl_conf_early_data() - * documentation). You must call mbedtls_ssl_read_early_data() - * to read the early data before resuming the handshake. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * a non-negative value, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ, - * it must be called later with the *same* arguments, - * until it returns a value greater than or equal to 0. When - * the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be - * some partial data in the output buffer, however this is not - * yet sent. - * - * \note If the requested length is greater than the maximum - * fragment length (either the built-in limit or the one set - * or negotiated with the peer), then: - * - with TLS, less bytes than requested are written. - * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. - * \c mbedtls_ssl_get_max_out_record_payload() may be used to - * query the active maximum fragment length. - * - * \note Attempting to write 0 bytes will result in an empty TLS - * application record being sent. - */ -int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len); - -/** - * \brief Send an alert message - * - * \param ssl SSL context - * \param level The alert level of the message - * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) - * \param message The alert message (SSL_ALERT_MSG_*) - * - * \return 0 if successful, or a specific SSL error code. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - */ -int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message); -/** - * \brief Notify the peer that the connection is being closed - * - * \param ssl SSL context - * - * \return 0 if successful, or a specific SSL error code. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - */ -int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Read at most 'len' bytes of early data - * - * \note This API is server specific. - * - * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. - * IMPORTANT NOTE from section 2.3 of the specification: - * - * The security properties for 0-RTT data are weaker than - * those for other kinds of TLS data. Specifically: - * - This data is not forward secret, as it is encrypted - * solely under keys derived using the offered PSK. - * - There are no guarantees of non-replay between connections. - * Protection against replay for ordinary TLS 1.3 1-RTT data - * is provided via the server's Random value, but 0-RTT data - * does not depend on the ServerHello and therefore has - * weaker guarantees. This is especially relevant if the - * data is authenticated either with TLS client - * authentication or inside the application protocol. The - * same warnings apply to any use of the - * early_exporter_master_secret. - * - * \warning Mbed TLS does not implement any of the anti-replay defenses - * defined in section 8 of the TLS 1.3 specification: - * single-use of tickets or ClientHello recording within a - * given time window. - * - * \note This function is used in conjunction with - * mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), - * mbedtls_ssl_read() and mbedtls_ssl_write() to read early - * data when these functions return - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA. - * - * \param ssl SSL context, it must have been initialized and set up. - * \param buf buffer that will hold the data - * \param len maximum number of bytes to read - * - * \return The (positive) number of bytes read if successful. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. - * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not - * possible to read early data for the SSL context \p ssl. Note - * that this function is intended to be called for an SSL - * context \p ssl only after a call to mbedtls_ssl_handshake(), - * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or - * mbedtls_ssl_write() for \p ssl that has returned - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA. - */ -int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, - unsigned char *buf, size_t len); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Try to write exactly 'len' application data bytes while - * performing the handshake (early data). - * - * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. - * IMPORTANT NOTE from section 2.3 of the specification: - * - * The security properties for 0-RTT data are weaker than - * those for other kinds of TLS data. Specifically: - * - This data is not forward secret, as it is encrypted - * solely under keys derived using the offered PSK. - * - There are no guarantees of non-replay between connections. - * Protection against replay for ordinary TLS 1.3 1-RTT data - * is provided via the server's Random value, but 0-RTT data - * does not depend on the ServerHello and therefore has - * weaker guarantees. This is especially relevant if the - * data is authenticated either with TLS client - * authentication or inside the application protocol. The - * same warnings apply to any use of the - * early_exporter_master_secret. - * - * \note This function behaves mainly as mbedtls_ssl_write(). The - * specification of mbedtls_ssl_write() relevant to TLS 1.3 - * (thus not the parts specific to (D)TLS1.2) applies to this - * function and the present documentation is mainly restricted - * to the differences with mbedtls_ssl_write(). One noticeable - * difference though is that mbedtls_ssl_write() aims to - * complete the handshake before to write application data - * while mbedtls_ssl_write_early() aims to drive the handshake - * just past the point where it is not possible to send early - * data anymore. - * - * \param ssl SSL context - * \param buf buffer holding the data - * \param len how many bytes must be written - * - * \return The (non-negative) number of bytes actually written if - * successful (may be less than \p len). - * - * \return One additional specific error code compared to - * mbedtls_ssl_write(): - * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA. - * - * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA is returned when it - * is not possible to write early data for the SSL context - * \p ssl. - * - * It may have been possible and it is not possible - * anymore because the client received the server Finished - * message, the server rejected early data or the maximum - * number of allowed early data for the PSK in use has been - * reached. - * - * It may never have been possible and will never be possible - * for the SSL context \p ssl because the use of early data - * is disabled for that context or more generally the context - * is not suitably configured to enable early data or the first - * call to the function was done while the handshake was - * already completed. - * - * It is not possible to write early data for the SSL context - * \p ssl and any subsequent call to this API will return this - * error code. But this does not preclude for using it with - * mbedtls_ssl_write(), mbedtls_ssl_read() or - * mbedtls_ssl_handshake() and the handshake can be - * completed by calling one of these APIs. - * - * \note This function may write early data only if the SSL context - * has been configured for the handshake with a PSK for which - * early data is allowed. - * - * \note To maximize the number of early data that can be written in - * the course of the handshake, it is expected that this - * function starts the handshake for the SSL context \p ssl. - * But this is not mandatory. - * - * \note This function does not provide any information on whether - * the server has accepted or will accept early data or not. - * When it returns a positive value, it just means that it - * has written early data to the server. To know whether the - * server has accepted early data or not, you should call - * mbedtls_ssl_get_early_data_status() with the handshake - * completed. - */ -int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len); - -/** - * \brief Get the status of the negotiation of the use of early data. - * - * \param ssl The SSL context to query - * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called - * from the server-side. - * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called - * prior to completion of the handshake. - * - * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client - * has not indicated the use of early data to the server. - * - * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED if the client has - * indicated the use of early data and the server has accepted - * it. - * - * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED if the client has - * indicated the use of early data but the server has rejected - * it. In this situation, the client may want to re-send the - * early data it may have tried to send by calling - * mbedtls_ssl_write_early_data() as ordinary post-handshake - * application data by calling mbedtls_ssl_write(). - * - */ -int mbedtls_ssl_get_early_data_status(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_CLI_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/** - * \brief Free referenced items in an SSL context and clear memory - * - * \param ssl SSL context - */ -void mbedtls_ssl_free(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -/** - * \brief Save an active connection as serialized data in a buffer. - * This allows the freeing or re-using of the SSL context - * while still picking up the connection later in a way that - * it entirely transparent to the peer. - * - * \see mbedtls_ssl_context_load() - * - * \note The serialized data only contains the data that is - * necessary to resume the connection: negotiated protocol - * options, session identifier, keys, etc. - * Loading a saved SSL context does not restore settings and - * state related to how the application accesses the context, - * such as configured callback functions, user data, pending - * incoming or outgoing data, etc. - * - * \note This feature is currently only available under certain - * conditions, see the documentation of the return value - * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details. - * - * \note When this function succeeds, it calls - * mbedtls_ssl_session_reset() on \p ssl which as a result is - * no longer associated with the connection that has been - * serialized. This avoids creating copies of the connection - * state. You're then free to either re-use the context - * structure for a different connection, or call - * mbedtls_ssl_free() on it. See the documentation of - * mbedtls_ssl_session_reset() for more details. - * - * \param ssl The SSL context to save. On success, it is no longer - * associated with the connection that has been serialized. - * \param buf The buffer to write the serialized data to. It must be a - * writeable buffer of at least \p buf_len bytes, or may be \c - * NULL if \p buf_len is \c 0. - * \param buf_len The number of bytes available for writing in \p buf. - * \param olen The size in bytes of the data that has been or would have - * been written. It must point to a valid \c size_t. - * - * \note \p olen is updated to the correct value regardless of - * whether \p buf_len was large enough. This makes it possible - * to determine the necessary size by calling this function - * with \p buf set to \c NULL and \p buf_len to \c 0. However, - * the value of \p olen is only guaranteed to be correct when - * the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or - * \c 0. If the return value is different, then the value of - * \p olen is undefined. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed - * while resetting the context. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in - * progress, or there is pending data for reading or sending, - * or the connection does not use DTLS 1.2 with an AEAD - * ciphersuite, or renegotiation is enabled. - */ -int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen); - -/** - * \brief Load serialized connection data to an SSL context. - * - * \see mbedtls_ssl_context_save() - * - * \warning The same serialized data must never be loaded into more - * that one context. In order to ensure that, after - * successfully loading serialized data to an SSL context, you - * should immediately destroy or invalidate all copies of the - * serialized data that was loaded. Loading the same data in - * more than one context would cause severe security failures - * including but not limited to loss of confidentiality. - * - * \note Before calling this function, the SSL context must be - * prepared in one of the two following ways. The first way is - * to take a context freshly initialised with - * mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with - * the same ::mbedtls_ssl_config structure that was used in - * the original connection. The second way is to - * call mbedtls_ssl_session_reset() on a context that was - * previously prepared as above but used in the meantime. - * Either way, you must not use the context to perform a - * handshake between calling mbedtls_ssl_setup() or - * mbedtls_ssl_session_reset() and calling this function. You - * may however call other setter functions in that time frame - * as indicated in the note below. - * - * \note Before or after calling this function successfully, you - * also need to configure some connection-specific callbacks - * and settings before you can use the connection again - * (unless they were already set before calling - * mbedtls_ssl_session_reset() and the values are suitable for - * the present connection). Specifically, you want to call - * at least mbedtls_ssl_set_bio(), - * mbedtls_ssl_set_timer_cb(), and - * mbedtls_ssl_set_user_data_n() or - * mbedtls_ssl_set_user_data_p() if they were set originally. - * All other SSL setter functions - * are not necessary to call, either because they're only used - * in handshakes, or because the setting is already saved. You - * might choose to call them anyway, for example in order to - * share code between the cases of establishing a new - * connection and the case of loading an already-established - * connection. - * - * \note If you have new information about the path MTU, you want to - * call mbedtls_ssl_set_mtu() after calling this function, as - * otherwise this function would overwrite your - * newly-configured value with the value that was active when - * the context was saved. - * - * \note When this function returns an error code, it calls - * mbedtls_ssl_free() on \p ssl. In this case, you need to - * prepare the context with the usual sequence starting with a - * call to mbedtls_ssl_init() if you want to use it again. - * - * \param ssl The SSL context structure to be populated. It must have - * been prepared as described in the note above. - * \param buf The buffer holding the serialized connection data. It must - * be a readable buffer of at least \p len bytes. - * \param len The size of the serialized data in bytes. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data - * comes from a different Mbed TLS version or build. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. - */ -int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len); -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/** - * \brief Initialize an SSL configuration context - * Just makes the context ready for - * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). - * - * \note You need to call mbedtls_ssl_config_defaults() unless you - * manually set all of the relevant fields yourself. - * - * \param conf SSL configuration context - */ -void mbedtls_ssl_config_init(mbedtls_ssl_config *conf); - -/** - * \brief Load reasonable default SSL configuration values. - * (You need to call mbedtls_ssl_config_init() first.) - * - * \param conf SSL configuration context - * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER - * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or - * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS - * \param preset a MBEDTLS_SSL_PRESET_XXX value - * - * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. - * - * \return 0 if successful, or - * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error. - */ -int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, - int endpoint, int transport, int preset); - -/** - * \brief Free an SSL configuration context - * - * \param conf SSL configuration context - */ -void mbedtls_ssl_config_free(mbedtls_ssl_config *conf); - -/** - * \brief Initialize SSL session structure - * - * \param session SSL session - */ -void mbedtls_ssl_session_init(mbedtls_ssl_session *session); - -/** - * \brief Free referenced items in an SSL session including the - * peer certificate and clear memory - * - * \note A session object can be freed even if the SSL context - * that was used to retrieve the session is still in use. - * - * \param session SSL session - */ -void mbedtls_ssl_session_free(mbedtls_ssl_session *session); - -/** - * \brief TLS-PRF function for key derivation. - * - * \param prf The tls_prf type function type to be used. - * \param secret Secret for the key derivation function. - * \param slen Length of the secret. - * \param label String label for the key derivation function, - * terminated with null character. - * \param random Random bytes. - * \param rlen Length of the random bytes buffer. - * \param dstbuf The buffer holding the derived key. - * \param dlen Length of the output buffer. - * - * \return 0 on success. An SSL specific error on failure. - */ -int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl.h */ diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h deleted file mode 100644 index a1307b450..000000000 --- a/include/mbedtls/ssl_cache.h +++ /dev/null @@ -1,187 +0,0 @@ -/** - * \file ssl_cache.h - * - * \brief SSL session cache implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_CACHE_H -#define MBEDTLS_SSL_CACHE_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) -#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ -#endif - -#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) -#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ -#endif - -/** \} name SECTION: Module settings */ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; -typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; - -/** - * \brief This structure is used for storing cache entries - */ -struct mbedtls_ssl_cache_entry { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */ -#endif - - unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */ - size_t MBEDTLS_PRIVATE(session_id_len); - - unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */ - size_t MBEDTLS_PRIVATE(session_len); - - mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */ -}; - -/** - * \brief Cache context - */ -struct mbedtls_ssl_cache_context { - mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */ - int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */ - int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */ -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ -#endif -}; - -/** - * \brief Initialize an SSL cache context - * - * \param cache SSL cache context - */ -void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache); - -/** - * \brief Cache get callback implementation - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * for the session to load. - * \param session_id_len The length of \p session_id in bytes. - * \param session The address at which to store the session - * associated with \p session_id, if present. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is - * no cache entry with specified session ID found, or - * any other negative error code for other failures. - */ -int mbedtls_ssl_cache_get(void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session); - -/** - * \brief Cache set callback implementation - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * associated to \p session. - * \param session_id_len The length of \p session_id in bytes. - * \param session The session to store. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_cache_set(void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session); - -/** - * \brief Remove the cache entry by the session ID - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * associated to session. - * \param session_id_len The length of \p session_id in bytes. - * - * \return \c 0 on success. This indicates the cache entry for - * the session with provided ID is removed or does not - * exist. - * \return A negative error code on failure. - */ -int mbedtls_ssl_cache_remove(void *data, - unsigned char const *session_id, - size_t session_id_len); - -#if defined(MBEDTLS_HAVE_TIME) -/** - * \brief Set the cache timeout - * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) - * - * A timeout of 0 indicates no timeout. - * - * \param cache SSL cache context - * \param timeout cache entry timeout in seconds - */ -void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout); - -/** - * \brief Get the cache timeout - * - * A timeout of 0 indicates no timeout. - * - * \param cache SSL cache context - * - * \return cache entry timeout in seconds - */ -static inline int mbedtls_ssl_cache_get_timeout(mbedtls_ssl_cache_context *cache) -{ - return cache->MBEDTLS_PRIVATE(timeout); -} -#endif /* MBEDTLS_HAVE_TIME */ - -/** - * \brief Set the maximum number of cache entries - * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) - * - * \param cache SSL cache context - * \param max cache entry maximum - */ -void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max); - -/** - * \brief Free referenced items in a cache context and clear memory - * - * \param cache SSL cache context - */ -void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_cache.h */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h deleted file mode 100644 index 18e3c4a16..000000000 --- a/include/mbedtls/ssl_ciphersuites.h +++ /dev/null @@ -1,453 +0,0 @@ -/** - * \file ssl_ciphersuites.h - * - * \brief SSL Ciphersuites for Mbed TLS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_CIPHERSUITES_H -#define MBEDTLS_SSL_CIPHERSUITES_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/pk.h" -#include "mbedtls/cipher.h" -#include "mbedtls/md.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Supported ciphersuites (Official IANA names) - */ -#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ - -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F - -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 - -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 - -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C -#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D - -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 - -#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE -#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ - -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A - -#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F - -#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B - -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B - -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */ -/* The last two are named with PSK_DHE in the RFC, which looks like a typo */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ - -/* RFC 7905 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */ - -/* RFC 8446, Appendix B.4 */ -#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_AES_256_GCM_SHA384 0x1302 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256 0x1303 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_AES_128_CCM_SHA256 0x1304 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256 0x1305 /**< TLS 1.3 */ - -/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. - * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below - */ -typedef enum { - MBEDTLS_KEY_EXCHANGE_NONE = 0, - MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_KEY_EXCHANGE_ECJPAKE, -} mbedtls_key_exchange_type_t; - -/* Key exchanges using a certificate */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED -#endif - -/* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA - * signature */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED -#endif - -/* Key exchanges allowing client certificate requests. - * - * This is now the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED, - * and the two macros could be unified. - * Until Mbed TLS 3.x, the two sets were different because - * MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED covers - * MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED plus RSA-PSK. - * But RSA-PSK was removed in Mbed TLS 4.0. - */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED -#endif - -/* Helper to state that certificate-based client authentication through ECDSA - * is supported in TLS 1.2 */ -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \ - defined(PSA_HAVE_ALG_ECDSA_SIGN) && defined(PSA_HAVE_ALG_ECDSA_VERIFY) -#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED -#endif - -/* ECDSA required for certificates in either TLS 1.2 or 1.3 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED -#endif - -/* Key exchanges involving server signature in ServerKeyExchange */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED -#endif - -/* Key exchanges using ECDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED -#endif - -/* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED -#endif - -/* Key exchanges that involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED -#endif - -/* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED -#endif - -/* Key exchanges using DHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED -#endif - -/* Key exchanges using ECDHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED -#endif - -/* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED -#endif - -/* TLS 1.3 PSK key exchanges */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED -#endif - -/* TLS 1.2 or 1.3 key exchanges with PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED -#endif - -/* TLS 1.3 ephemeral key exchanges */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED -#endif - -/* TLS 1.3 key exchanges using ECDHE */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_ECDH) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED -#endif - -/* TLS 1.2 or 1.3 key exchanges using ECDH or ECDHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED -#endif - -/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */ -#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED -#endif - -/* The handshake params structure has a set of fields called xxdh_psa which are used: - * - by TLS 1.2 to do ECDH or ECDHE; - * - by TLS 1.3 to do ECDHE or FFDHE. - * The following macros can be used to guard their declaration and use. - */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED -#endif - -typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; - -#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ -#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag, - eg for CCM_8 */ -#define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */ - -/** - * \brief This structure is used for storing ciphersuite information - * - * \note members are defined using integral types instead of enums - * in order to pack structure and reduce memory usage by internal - * \c ciphersuite_definitions[] - */ -struct mbedtls_ssl_ciphersuite_t { - int MBEDTLS_PRIVATE(id); - const char *MBEDTLS_PRIVATE(name); - - uint8_t MBEDTLS_PRIVATE(cipher); /* mbedtls_cipher_type_t */ - uint8_t MBEDTLS_PRIVATE(mac); /* mbedtls_md_type_t */ - uint8_t MBEDTLS_PRIVATE(key_exchange); /* mbedtls_key_exchange_type_t */ - uint8_t MBEDTLS_PRIVATE(flags); - - uint16_t MBEDTLS_PRIVATE(min_tls_version); /* mbedtls_ssl_protocol_version */ - uint16_t MBEDTLS_PRIVATE(max_tls_version); /* mbedtls_ssl_protocol_version */ -}; - -const int *mbedtls_ssl_list_ciphersuites(void); - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id); - -static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info) -{ - return info->MBEDTLS_PRIVATE(name); -} - -static inline int mbedtls_ssl_ciphersuite_get_id(const mbedtls_ssl_ciphersuite_t *info) -{ - return info->MBEDTLS_PRIVATE(id); -} - -size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_ciphersuites.h */ diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h deleted file mode 100644 index 71c258ea4..000000000 --- a/include/mbedtls/ssl_cookie.h +++ /dev/null @@ -1,106 +0,0 @@ -/** - * \file ssl_cookie.h - * - * \brief DTLS cookie callbacks implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_COOKIE_H -#define MBEDTLS_SSL_COOKIE_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ -#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT -#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ -#endif - -/** \} name SECTION: Module settings */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Context for the default cookie functions. - */ -typedef struct mbedtls_ssl_cookie_ctx { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */ - psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */ -#else - mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if !defined(MBEDTLS_HAVE_TIME) - unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ -#endif - unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, - or in number of tickets issued */ - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -} mbedtls_ssl_cookie_ctx; - -/** - * \brief Initialize cookie context - */ -void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); - -/** - * \brief Setup cookie context (generate keys) - */ -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -/** - * \brief Set expiration delay for cookies - * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) - * - * \param ctx Cookie context - * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies - * issued in the meantime. - * 0 to disable expiration (NOT recommended) - */ -void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay); - -/** - * \brief Free cookie context - */ -void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx); - -/** - * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t - */ -mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; - -/** - * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t - */ -mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_cookie.h */ diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h deleted file mode 100644 index 2ee140021..000000000 --- a/include/mbedtls/ssl_ticket.h +++ /dev/null @@ -1,197 +0,0 @@ -/** - * \file ssl_ticket.h - * - * \brief TLS server ticket callbacks implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_TICKET_H -#define MBEDTLS_SSL_TICKET_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -/* - * This implementation of the session ticket callbacks includes key - * management, rotating the keys periodically in order to preserve forward - * secrecy, when MBEDTLS_HAVE_TIME is defined. - */ - -#include "mbedtls/ssl.h" -#include "mbedtls/cipher.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */ -#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */ - -/** - * \brief Information for session ticket protection - */ -typedef struct mbedtls_ssl_ticket_key { - unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; - /*!< random key identifier */ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ -#endif - /*! Lifetime of the key in seconds. This is also the lifetime of the - * tickets created under that key. - */ - uint32_t MBEDTLS_PRIVATE(lifetime); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ -#else - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */ - psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */ - psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */ - size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */ -#endif -} -mbedtls_ssl_ticket_key; - -/** - * \brief Context for session ticket handling functions - */ -typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; - -/** - * \brief Initialize a ticket context. - * (Just make it ready for mbedtls_ssl_ticket_setup() - * or mbedtls_ssl_ticket_free().) - * - * \param ctx Context to be initialized - */ -void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); - -/** - * \brief Prepare context to be actually used - * - * \param ctx Context to be set up - * \param f_rng RNG callback function (mandatory) - * \param p_rng RNG callback context - * \param cipher AEAD cipher to use for ticket protection. - * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. - * \param lifetime Tickets lifetime in seconds - * Recommended value: 86400 (one day). - * - * \note It is highly recommended to select a cipher that is at - * least as strong as the strongest ciphersuite - * supported. Usually that means a 256-bit key. - * - * \note It is recommended to pick a reasonable lifetime so as not - * to negate the benefits of forward secrecy. - * - * \note The TLS 1.3 specification states that ticket lifetime must - * be smaller than seven days. If ticket lifetime has been - * set to a value greater than seven days in this module then - * if the TLS 1.3 is configured to send tickets after the - * handshake it will fail the connection when trying to send - * the first ticket. - * - * \return 0 if successful, - * or a specific MBEDTLS_ERR_XXX error code - */ -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime); - -/** - * \brief Rotate session ticket encryption key to new specified key. - * Provides for external control of session ticket encryption - * key rotation, e.g. for synchronization between different - * machines. If this function is not used, or if not called - * before ticket lifetime expires, then a new session ticket - * encryption key is generated internally in order to avoid - * unbounded session ticket encryption key lifetimes. - * - * \param ctx Context to be set up - * \param name Session ticket encryption key name - * \param nlength Session ticket encryption key name length in bytes - * \param k Session ticket encryption key - * \param klength Session ticket encryption key length in bytes - * \param lifetime Tickets lifetime in seconds - * Recommended value: 86400 (one day). - * - * \note \c name and \c k are recommended to be cryptographically - * random data. - * - * \note \c nlength must match sizeof( ctx->name ) - * - * \note \c klength must be sufficient for use by cipher specified - * to \c mbedtls_ssl_ticket_setup - * - * \note It is recommended to pick a reasonable lifetime so as not - * to negate the benefits of forward secrecy. - * - * \note The TLS 1.3 specification states that ticket lifetime must - * be smaller than seven days. If ticket lifetime has been - * set to a value greater than seven days in this module then - * if the TLS 1.3 is configured to send tickets after the - * handshake it will fail the connection when trying to send - * the first ticket. - * - * \return 0 if successful, - * or a specific MBEDTLS_ERR_XXX error code - */ -int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, - const unsigned char *name, size_t nlength, - const unsigned char *k, size_t klength, - uint32_t lifetime); - -/** - * \brief Implementation of the ticket write callback - * - * \note See \c mbedtls_ssl_ticket_write_t for description - */ -mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; - -/** - * \brief Implementation of the ticket parse callback - * - * \note See \c mbedtls_ssl_ticket_parse_t for description - */ -mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; - -/** - * \brief Free a context's content and zeroize it. - * - * \param ctx Context to be cleaned up - */ -void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_ticket.h */ diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h deleted file mode 100644 index 62ae1022d..000000000 --- a/include/mbedtls/timing.h +++ /dev/null @@ -1,94 +0,0 @@ -/** - * \file timing.h - * - * \brief Portable interface to timeouts and to the CPU cycle counter - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_TIMING_H -#define MBEDTLS_TIMING_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_TIMING_ALT) -// Regular implementation -// - -/** - * \brief timer structure - */ -struct mbedtls_timing_hr_time { - uint64_t MBEDTLS_PRIVATE(opaque)[4]; -}; - -/** - * \brief Context for mbedtls_timing_set/get_delay() - */ -typedef struct mbedtls_timing_delay_context { - struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer); - uint32_t MBEDTLS_PRIVATE(int_ms); - uint32_t MBEDTLS_PRIVATE(fin_ms); -} mbedtls_timing_delay_context; - -#else /* MBEDTLS_TIMING_ALT */ -#include "timing_alt.h" -#endif /* MBEDTLS_TIMING_ALT */ - -/* Internal use */ -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); - -/** - * \brief Set a pair of delays to watch - * (See \c mbedtls_timing_get_delay().) - * - * \param data Pointer to timing data. - * Must point to a valid \c mbedtls_timing_delay_context struct. - * \param int_ms First (intermediate) delay in milliseconds. - * The effect if int_ms > fin_ms is unspecified. - * \param fin_ms Second (final) delay in milliseconds. - * Pass 0 to cancel the current delay. - * - * \note To set a single delay, either use \c mbedtls_timing_set_timer - * directly or use this function with int_ms == fin_ms. - */ -void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms); - -/** - * \brief Get the status of delays - * (Memory helper: number of delays passed.) - * - * \param data Pointer to timing data - * Must point to a valid \c mbedtls_timing_delay_context struct. - * - * \return -1 if cancelled (fin_ms = 0), - * 0 if none of the delays are passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. - */ -int mbedtls_timing_get_delay(void *data); - -/** - * \brief Get the final timing delay - * - * \param data Pointer to timing data - * Must point to a valid \c mbedtls_timing_delay_context struct. - * - * \return Final timing delay in milliseconds. - */ -uint32_t mbedtls_timing_get_final_delay( - const mbedtls_timing_delay_context *data); - -#ifdef __cplusplus -} -#endif - -#endif /* timing.h */ diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h deleted file mode 100644 index 637f9d38b..000000000 --- a/include/mbedtls/version.h +++ /dev/null @@ -1,78 +0,0 @@ -/** - * \file version.h - * - * \brief Run-time version information - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * This set of run-time variables can be used to determine the version number of - * the Mbed TLS library used. Compile-time version defines for the same can be - * found in build_info.h - */ -#ifndef MBEDTLS_VERSION_H -#define MBEDTLS_VERSION_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_VERSION_C) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Get the version number. - * - * \return The constructed version number in the format - * MMNNPP00 (Major, Minor, Patch). - */ -unsigned int mbedtls_version_get_number(void); - -/** - * Get the version string ("x.y.z"). - * - * \param string The string that will receive the value. - * (Should be at least 9 bytes in size) - */ -void mbedtls_version_get_string(char *string); - -/** - * Get the full version string ("Mbed TLS x.y.z"). - * - * \param string The string that will receive the value. The Mbed TLS version - * string will use 18 bytes AT MOST including a terminating - * null byte. - * (So the buffer should be at least 18 bytes to receive this - * version string). - */ -void mbedtls_version_get_string_full(char *string); - -/** - * \brief Check if support for a feature was compiled into this - * Mbed TLS binary. This allows you to see at runtime if the - * library was for instance compiled with or without - * Multi-threading support. - * - * \note only checks against defines in the sections "System - * support", "Mbed TLS modules" and "Mbed TLS feature - * support" in mbedtls_config.h - * - * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") - * - * \return 0 if the feature is present, - * -1 if the feature is not present and - * -2 if support for feature checking as a whole was not - * compiled in. - */ -int mbedtls_version_check_feature(const char *feature); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_VERSION_C */ - -#endif /* version.h */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h deleted file mode 100644 index 18df19ce6..000000000 --- a/include/mbedtls/x509.h +++ /dev/null @@ -1,531 +0,0 @@ -/** - * \file x509.h - * - * \brief X.509 generic defines and structures - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_H -#define MBEDTLS_X509_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/pk.h" - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif - -/** - * \addtogroup x509_module - * \{ - */ - -#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA) -/** - * Maximum number of intermediate CAs in a verification chain. - * That is, maximum length of the chain, excluding the end-entity certificate - * and the trusted root certificate. - * - * Set this to a low value to prevent an adversary from making you waste - * resources verifying an overlong certificate chain. - */ -#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 -#endif - -/** - * \name X509 Error codes - * \{ - */ -/** Unavailable feature, e.g. RSA hashing/encryption combination. */ -#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 -/** Requested OID is unknown. */ -#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 -/** The CRT/CRL/CSR format is invalid, e.g. different type expected. */ -#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 -/** The CRT/CRL/CSR version element is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 -/** The serial tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 -/** The algorithm tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 -/** The name tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380 -/** The date tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 -/** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 -/** The extension tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 -/** CRT/CRL/CSR has an unsupported version number. */ -#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 -/** Signature algorithm (oid) is unsupported. */ -#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 -/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ -#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 -/** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 -/** Format not recognized as DER or PEM. */ -#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 -/** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 -/** Allocation of memory failed. */ -#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 -/** Read/write of file failed. */ -#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 -/** Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 -/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ -#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 -/** \} name X509 Error codes */ - -/** - * \name X509 Verify codes - * \{ - */ -/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ -#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ -#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ -#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ -#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ -#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ -#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ -#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */ -#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ -#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ -#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ -#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ -#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ -#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ -#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ -#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */ -#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ -#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ -#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ -#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ -#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ - -/** \} name X509 Verify codes */ -/** \} addtogroup x509_module */ - -/* - * X.509 v3 Subject Alternative Name types. - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER - */ -#define MBEDTLS_X509_SAN_OTHER_NAME 0 -#define MBEDTLS_X509_SAN_RFC822_NAME 1 -#define MBEDTLS_X509_SAN_DNS_NAME 2 -#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3 -#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 -#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5 -#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 -#define MBEDTLS_X509_SAN_IP_ADDRESS 7 -#define MBEDTLS_X509_SAN_REGISTERED_ID 8 - -/* - * X.509 v3 Key Usage Extension flags - * Reminder: update mbedtls_x509_info_key_usage() when adding new flags. - */ -#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ -#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ -#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ -#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ -#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */ -#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ -#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ -#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */ -#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */ - -/* - * Netscape certificate types - * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) - */ - -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ -#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ -#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ -#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ -#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ -#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ - -/* - * X.509 extension types - * - * Comments refer to the status for using certificates. Status can be - * different for writing certificates or reading CRLs or CSRs. - * - * Those are defined in oid.h as oid.c needs them in a data structure. Since - * these were previously defined here, let's have aliases for compatibility. - */ -#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE -#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES -#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS -#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ -#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME -#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS -#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ -#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS -#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS -#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE -#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS -#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY -#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL -#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE - -/* - * Storage format identifiers - * Recognized formats: PEM and DER - */ -#define MBEDTLS_X509_FORMAT_DER 1 -#define MBEDTLS_X509_FORMAT_PEM 2 - -#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures for parsing X.509 certificates, CRLs and CSRs - * \{ - */ - -/** - * Type-length-value structure that allows for ASN1 using DER. - */ -typedef mbedtls_asn1_buf mbedtls_x509_buf; - -/** - * Container for ASN1 bit strings. - */ -typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring; - -/** - * Container for ASN1 named information objects. - * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). - */ -typedef mbedtls_asn1_named_data mbedtls_x509_name; - -/** - * Container for a sequence of ASN.1 items - */ -typedef mbedtls_asn1_sequence mbedtls_x509_sequence; - -/* - * Container for the fields of the Authority Key Identifier object - */ -typedef struct mbedtls_x509_authority { - mbedtls_x509_buf keyIdentifier; - mbedtls_x509_sequence authorityCertIssuer; - mbedtls_x509_buf authorityCertSerialNumber; - mbedtls_x509_buf raw; -} -mbedtls_x509_authority; - -/** Container for date and time (precision in seconds). */ -typedef struct mbedtls_x509_time { - int year, mon, day; /**< Date. */ - int hour, min, sec; /**< Time. */ -} -mbedtls_x509_time; - -/** - * From RFC 5280 section 4.2.1.6: - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * Future versions of the library may add new fields to this structure or - * to its embedded union and structure. - */ -typedef struct mbedtls_x509_san_other_name { - /** - * The type_id is an OID as defined in RFC 5280. - * To check the value of the type id, you should use - * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. - */ - mbedtls_x509_buf type_id; /**< The type id. */ - union { - /** - * From RFC 4108 section 5: - * HardwareModuleName ::= SEQUENCE { - * hwType OBJECT IDENTIFIER, - * hwSerialNum OCTET STRING } - */ - struct { - mbedtls_x509_buf oid; /**< The object identifier. */ - mbedtls_x509_buf val; /**< The named value. */ - } - hardware_module_name; - } - value; -} -mbedtls_x509_san_other_name; - -/** - * A structure for holding the parsed Subject Alternative Name, - * according to type. - * - * Future versions of the library may add new fields to this structure or - * to its embedded union and structure. - */ -typedef struct mbedtls_x509_subject_alternative_name { - int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ - union { - mbedtls_x509_san_other_name other_name; - mbedtls_x509_name directory_name; - mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */ - } - san; /**< A union of the supported SAN types */ -} -mbedtls_x509_subject_alternative_name; - -typedef struct mbedtls_x509_san_list { - mbedtls_x509_subject_alternative_name node; - struct mbedtls_x509_san_list *next; -} -mbedtls_x509_san_list; - -/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ -/** \} addtogroup x509_module */ - -/** - * \brief Store the certificate DN in printable form into buf; - * no more than size characters will be written. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param dn The X509 name to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); - -/** - * \brief Convert the certificate DN string \p name into - * a linked list of mbedtls_x509_name (equivalent to - * mbedtls_asn1_named_data). - * - * \note This function allocates a linked list, and places the head - * pointer in \p head. This list must later be freed by a - * call to mbedtls_asn1_free_named_data_list(). - * - * \param[out] head Address in which to store the pointer to the head of the - * allocated list of mbedtls_x509_name - * \param[in] name The string representation of a DN to convert - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); - -/** - * \brief Return the next relative DN in an X509 name. - * - * \note Intended use is to compare function result to dn->next - * in order to detect boundaries of multi-valued RDNs. - * - * \param dn Current node in the X509 name - * - * \return Pointer to the first attribute-value pair of the - * next RDN in sequence, or NULL if end is reached. - */ -static inline mbedtls_x509_name *mbedtls_x509_dn_get_next( - mbedtls_x509_name *dn) -{ - while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) { - dn = dn->next; - } - return dn->next; -} - -/** - * \brief Store the certificate serial in printable form into buf; - * no more than size characters will be written. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param serial The X509 serial to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial); - -/** - * \brief Compare pair of mbedtls_x509_time. - * - * \param t1 mbedtls_x509_time to compare - * \param t2 mbedtls_x509_time to compare - * - * \return < 0 if t1 is before t2 - * 0 if t1 equals t2 - * > 0 if t1 is after t2 - */ -int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2); - -#if defined(MBEDTLS_HAVE_TIME_DATE) -/** - * \brief Fill mbedtls_x509_time with provided mbedtls_time_t. - * - * \param tt mbedtls_time_t to convert - * \param now mbedtls_x509_time to fill with converted mbedtls_time_t - * - * \return \c 0 on success - * \return A non-zero return value on failure. - */ -int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now); -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -/** - * \brief Check a given mbedtls_x509_time against the system time - * and tell if it's in the past. - * - * \note Intended usage is "if( is_past( valid_to ) ) ERROR". - * Hence the return value of 1 if on internal errors. - * - * \param to mbedtls_x509_time to check - * - * \return 1 if the given time is in the past or an error occurred, - * 0 otherwise. - */ -int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); - -/** - * \brief Check a given mbedtls_x509_time against the system time - * and tell if it's in the future. - * - * \note Intended usage is "if( is_future( valid_from ) ) ERROR". - * Hence the return value of 1 if on internal errors. - * - * \param from mbedtls_x509_time to check - * - * \return 1 if the given time is in the future or an error occurred, - * 0 otherwise. - */ -int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); - -/** - * \brief This function parses an item in the SubjectAlternativeNames - * extension. Please note that this function might allocate - * additional memory for a subject alternative name, thus - * mbedtls_x509_free_subject_alt_name has to be called - * to dispose of this additional memory afterwards. - * - * \param san_buf The buffer holding the raw data item of the subject - * alternative name. - * \param san The target structure to populate with the parsed presentation - * of the subject alternative name encoded in \p san_buf. - * - * \note Supported GeneralName types, as defined in RFC 5280: - * "rfc822Name", "dnsName", "directoryName", - * "uniformResourceIdentifier" and "hardware_module_name" - * of type "otherName", as defined in RFC 4108. - * - * \note This function should be called on a single raw data of - * subject alternative name. For example, after successful - * certificate parsing, one must iterate on every item in the - * \c crt->subject_alt_names sequence, and pass it to - * this function. - * - * \warning The target structure contains pointers to the raw data of the - * parsed certificate, and its lifetime is restricted by the - * lifetime of the certificate. - * - * \return \c 0 on success - * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported - * SAN type. - * \return Another negative value for any other failure. - */ -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san); -/** - * \brief Unallocate all data related to subject alternative name - * - * \param san SAN structure - extra memory owned by this structure will be freed - */ -void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san); - -/** - * \brief This function parses a CN string as an IP address. - * - * \param cn The CN string to parse. CN string MUST be null-terminated. - * \param dst The target buffer to populate with the binary IP address. - * The buffer MUST be 16 bytes to save IPv6, and should be - * 4-byte aligned if the result will be used as struct in_addr. - * e.g. uint32_t dst[4] - * - * \note \p cn is parsed as an IPv6 address if string contains ':', - * else \p cn is parsed as an IPv4 address. - * - * \return Length of binary IP address; num bytes written to target. - * \return \c 0 on failure to parse CN string as an IP address. - */ -size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); - -#define MBEDTLS_X509_SAFE_SNPRINTF \ - do { \ - if (ret < 0 || (size_t) ret >= n) \ - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \ - \ - n -= (size_t) ret; \ - p += (size_t) ret; \ - } while (0) - -/** - * \brief Translate an ASN.1 OID into its numeric representation - * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") - * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate - * - * \return Length of the string written (excluding final NULL) or - * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error - */ -int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); - -/** - * \brief Translate a string containing a dotted-decimal - * representation of an ASN.1 OID into its encoded form - * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). - * On success, this function allocates oid->buf from the - * heap. It must be freed by the caller using mbedtls_free(). - * - * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse - * \param size length of the OID string, not including any null terminator - * - * \return 0 if successful - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not - * represent a valid OID - * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to - * allocate oid->buf - */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_X509_H */ diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h deleted file mode 100644 index e08767e92..000000000 --- a/include/mbedtls/x509_crl.h +++ /dev/null @@ -1,181 +0,0 @@ -/** - * \file x509_crl.h - * - * \brief X.509 certificate revocation list parsing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_CRL_H -#define MBEDTLS_X509_CRL_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures and functions for parsing CRLs - * \{ - */ - -/** - * Certificate revocation list entry. - * Contains the CA-specific serial numbers and revocation dates. - * - * Some fields of this structure are publicly readable. Do not modify - * them except via Mbed TLS library functions: the effect of modifying - * those fields or the data that those fields points to is unspecified. - */ -typedef struct mbedtls_x509_crl_entry { - /** Direct access to the whole entry inside the containing buffer. */ - mbedtls_x509_buf raw; - /** The serial number of the revoked certificate. */ - mbedtls_x509_buf serial; - /** The revocation date of this entry. */ - mbedtls_x509_time revocation_date; - /** Direct access to the list of CRL entry extensions - * (an ASN.1 constructed sequence). - * - * If there are no extensions, `entry_ext.len == 0` and - * `entry_ext.p == NULL`. */ - mbedtls_x509_buf entry_ext; - - /** Next element in the linked list of entries. - * \p NULL indicates the end of the list. - * Do not modify this field directly. */ - struct mbedtls_x509_crl_entry *next; -} -mbedtls_x509_crl_entry; - -/** - * Certificate revocation list structure. - * Every CRL may have multiple entries. - */ -typedef struct mbedtls_x509_crl { - mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ - mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - - int version; /**< CRL version (1=v1, 2=v2) */ - mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ - - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ - - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ - - mbedtls_x509_time this_update; - mbedtls_x509_time next_update; - - mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ - - mbedtls_x509_buf crl_ext; - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - - /** Next element in the linked list of CRL. - * \p NULL indicates the end of the list. - * Do not modify this field directly. */ - struct mbedtls_x509_crl *next; -} -mbedtls_x509_crl; - -/** - * \brief Parse a DER-encoded CRL and append it to the chained list - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param buf buffer holding the CRL data in DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen); -/** - * \brief Parse one or more CRLs and append them to the chained list - * - * \note Multiple CRLs are accepted only if using PEM format - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param buf buffer holding the CRL data in PEM or DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load one or more CRLs and append them to the chained list - * - * \note Multiple CRLs are accepted only if using PEM format - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param path filename to read the CRLs from (in PEM or DER encoding) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path); -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the CRL. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param crl The X509 CRL to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Initialize a CRL (chain) - * - * \param crl CRL chain to initialize - */ -void mbedtls_x509_crl_init(mbedtls_x509_crl *crl); - -/** - * \brief Unallocate all CRL data - * - * \param crl CRL chain to free - */ -void mbedtls_x509_crl_free(mbedtls_x509_crl *crl); - -/** \} name Structures and functions for parsing CRLs */ -/** \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_crl.h */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h deleted file mode 100644 index 491343f89..000000000 --- a/include/mbedtls/x509_crt.h +++ /dev/null @@ -1,1203 +0,0 @@ -/** - * \file x509_crt.h - * - * \brief X.509 certificate parsing and writing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_CRT_H -#define MBEDTLS_X509_CRT_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/bignum.h" - -/** - * \addtogroup x509_module - * \{ - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name Structures and functions for parsing and writing X.509 certificates - * \{ - */ - -/** - * Container for an X.509 certificate. The certificate may be chained. - * - * Some fields of this structure are publicly readable. Do not modify - * them except via Mbed TLS library functions: the effect of modifying - * those fields or the data that those fields points to is unspecified. - */ -typedef struct mbedtls_x509_crt { - int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned - * by the structure or not. */ - mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ - mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - - int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ - mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ - mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ - - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ - mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ - - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ - mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ - - mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ - mbedtls_x509_time valid_to; /**< End time of certificate validity. */ - - mbedtls_x509_buf pk_raw; - mbedtls_pk_context pk; /**< Container for the public key context. */ - - mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ - mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ - mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ - mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */ - mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */ - - mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ - - int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ - int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ - int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ - - unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */ - - mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ - - unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - - /** Next certificate in the linked list that constitutes the CA chain. - * \p NULL indicates the end of the list. - * Do not modify this field directly. */ - struct mbedtls_x509_crt *next; -} -mbedtls_x509_crt; - -/** - * Build flag from an algorithm/curve identifier (pk, md, ecp) - * Since 0 is always XXX_NONE, ignore it. - */ -#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) - -/** - * Security profile for certificate verification. - * - * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). - * - * The fields of this structure are part of the public API and can be - * manipulated directly by applications. Future versions of the library may - * add extra fields or reorder existing fields. - * - * You can create custom profiles by starting from a copy of - * an existing profile, such as mbedtls_x509_crt_profile_default or - * mbedtls_x509_ctr_profile_none and then tune it to your needs. - * - * For example to allow SHA-224 in addition to the default: - * - * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; - * my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); - * - * Or to allow only RSA-3072+ with SHA-256: - * - * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; - * my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); - * my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); - * my_profile.rsa_min_bitlen = 3072; - */ -typedef struct mbedtls_x509_crt_profile { - uint32_t allowed_mds; /**< MDs for signatures */ - uint32_t allowed_pks; /**< PK algs for public keys; - * this applies to all certificates - * in the provided chain. */ - uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ - uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ -} -mbedtls_x509_crt_profile; - -#define MBEDTLS_X509_CRT_VERSION_1 0 -#define MBEDTLS_X509_CRT_VERSION_2 1 -#define MBEDTLS_X509_CRT_VERSION_3 2 - -#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20 -#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 - -#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN) -#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 -#endif - -/* This macro unfolds to the concatenation of macro invocations - * X509_CRT_ERROR_INFO( error code, - * error code as string, - * human readable description ) - * where X509_CRT_ERROR_INFO is defined by the user. - * See x509_crt.c for an example of how to use this. */ -#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \ - "MBEDTLS_X509_BADCERT_EXPIRED", \ - "The certificate validity has expired") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \ - "MBEDTLS_X509_BADCERT_REVOKED", \ - "The certificate has been revoked (is on a CRL)") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_CN_MISMATCH, \ - "MBEDTLS_X509_BADCERT_CN_MISMATCH", \ - "The certificate Common Name (CN) does not match with the expected CN") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NOT_TRUSTED, \ - "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \ - "The certificate is not correctly signed by the trusted CA") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \ - "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \ - "The CRL is not correctly signed by the trusted CA") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \ - "MBEDTLS_X509_BADCRL_EXPIRED", \ - "The CRL is expired") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \ - "MBEDTLS_X509_BADCERT_MISSING", \ - "Certificate was missing") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \ - "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \ - "Certificate verification was skipped") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \ - "MBEDTLS_X509_BADCERT_OTHER", \ - "Other reason (can be used by verify callback)") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \ - "MBEDTLS_X509_BADCERT_FUTURE", \ - "The certificate validity starts in the future") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \ - "MBEDTLS_X509_BADCRL_FUTURE", \ - "The CRL is from the future") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \ - "MBEDTLS_X509_BADCERT_KEY_USAGE", \ - "Usage does not match the keyUsage extension") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \ - "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \ - "Usage does not match the extendedKeyUsage extension") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \ - "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \ - "Usage does not match the nsCertType extension") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_MD, \ - "MBEDTLS_X509_BADCERT_BAD_MD", \ - "The certificate is signed with an unacceptable hash.") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_PK, \ - "MBEDTLS_X509_BADCERT_BAD_PK", \ - "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_KEY, \ - "MBEDTLS_X509_BADCERT_BAD_KEY", \ - "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \ - "MBEDTLS_X509_BADCRL_BAD_MD", \ - "The CRL is signed with an unacceptable hash.") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_PK, \ - "MBEDTLS_X509_BADCRL_BAD_PK", \ - "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \ - "MBEDTLS_X509_BADCRL_BAD_KEY", \ - "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).") - -/** - * Container for writing a certificate (CRT) - */ -typedef struct mbedtls_x509write_cert { - int MBEDTLS_PRIVATE(version); - unsigned char MBEDTLS_PRIVATE(serial)[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN]; - size_t MBEDTLS_PRIVATE(serial_len); - mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key); - mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer); - mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); -} -mbedtls_x509write_cert; - -/** - * \brief Set Subject Alternative Name - * - * \param ctx Certificate context to use - * \param san_list List of SAN values - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - * - * \note "dnsName", "uniformResourceIdentifier", "IP address", - * "otherName", and "DirectoryName", as defined in RFC 5280, - * are supported. - */ -int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, - const mbedtls_x509_san_list *san_list); - -/** - * Item in a verification chain: cert and flags for it - */ -typedef struct { - mbedtls_x509_crt *MBEDTLS_PRIVATE(crt); - uint32_t MBEDTLS_PRIVATE(flags); -} mbedtls_x509_crt_verify_chain_item; - -/** - * Max size of verification chain: end-entity + intermediates + trusted root - */ -#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) - -/** - * Verification chain as built by \c mbedtls_crt_verify_chain() - */ -typedef struct { - mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; - unsigned MBEDTLS_PRIVATE(len); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* This stores the list of potential trusted signers obtained from - * the CA callback used for the CRT verification, if configured. - * We must track it somewhere because the callback passes its - * ownership to the caller. */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} mbedtls_x509_crt_verify_chain; - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - -/** - * \brief Context for resuming X.509 verify operations - */ -typedef struct { - /* for check_signature() */ - mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk); - - /* for find_parent_in() */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent); - int MBEDTLS_PRIVATE(fallback_signature_is_good); - - /* for find_parent() */ - int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */ - - /* for verify_chain() */ - enum { - x509_crt_rs_none, - x509_crt_rs_find_parent, - } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */ - int MBEDTLS_PRIVATE(self_cnt); - mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain); - -} mbedtls_x509_crt_restart_ctx; - -#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -/* Now we can declare functions that take a pointer to that */ -typedef void mbedtls_x509_crt_restart_ctx; - -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * Default security profile. Should provide a good balance between security - * and compatibility with current deployments. - * - * This profile permits: - * - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512. - * - Elliptic curves with 255 bits and above except secp256k1. - * - RSA with 2048 bits and above. - * - * New minor versions of Mbed TLS may extend this profile, for example if - * new algorithms are added to the library. New minor versions of Mbed TLS will - * not reduce this profile unless serious security concerns require it. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; - -/** - * Expected next default profile. Recommended for new deployments. - * Currently targets a 128-bit security level, except for allowing RSA-2048. - * This profile may change at any time. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; - -/** - * NSA Suite B profile. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; - -/** - * Empty profile that allows nothing. Useful as a basis for constructing - * custom profiles. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none; - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * - * \note This function makes an internal copy of the CRT buffer - * \p buf. In particular, \p buf may be destroyed or reused - * after this call returns. To avoid duplicating the CRT - * buffer (at the cost of stricter lifetime constraints), - * use mbedtls_x509_crt_parse_der_nocopy() instead. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen); - -/** - * \brief The type of certificate extension callbacks. - * - * Callbacks of this type are passed to and used by the - * mbedtls_x509_crt_parse_der_with_ext_cb() routine when - * it encounters either an unsupported extension or a - * "certificate policies" extension containing any - * unsupported certificate policies. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \param p_ctx An opaque context passed to the callback. - * \param crt The certificate being parsed. - * \param oid The OID of the extension. - * \param critical Whether the extension is critical. - * \param p Pointer to the start of the extension value - * (the content of the OCTET STRING). - * \param end End of extension value. - * - * \note The callback must fail and return a negative error code - * if it can not parse or does not support the extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, - mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end); - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * \param make_copy When not zero this function makes an internal copy of the - * CRT buffer \p buf. In particular, \p buf may be destroyed - * or reused after this call returns. - * When zero this function avoids duplicating the CRT buffer - * by taking temporary ownership thereof until the CRT - * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) - * \param cb A callback invoked for every unsupported certificate - * extension. - * \param p_ctx An opaque context passed to the callback. - * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), and/or - * mbedtls_x509_crt_parse_der_nocopy() - * but it calls the callback with every unsupported - * certificate extension and additionally the - * "certificate policies" extension if it contains any - * unsupported certificate policies. - * The callback must return a negative error code if it - * does not know how to handle such an extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx); - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. This is a - * variant of mbedtls_x509_crt_parse_der() which takes - * temporary ownership of the CRT buffer until the CRT - * is destroyed. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The address of the readable buffer holding the DER encoded - * certificate to use. On success, this buffer must be - * retained and not be changed for the lifetime of the - * CRT chain \p chain, that is, until \p chain is destroyed - * through a call to mbedtls_x509_crt_free(). - * \param buflen The size in Bytes of \p buf. - * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), but it avoids creating a - * copy of the input buffer at the cost of stronger lifetime - * constraints. This is useful in constrained environments - * where duplication of the CRT cannot be tolerated. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen); - -/** - * \brief Parse one DER-encoded or one or more concatenated PEM-encoded - * certificates and add them to the chained list. - * - * For CRTs in PEM encoding, the function parses permissively: - * if at least one certificate can be parsed, the function - * returns the number of certificates for which parsing failed - * (hence \c 0 if all certificates were parsed successfully). - * If no certificate could be parsed, the function returns - * the first (negative) error encountered during parsing. - * - * PEM encoded certificates may be interleaved by other data - * such as human readable descriptions of their content, as - * long as the certificates are enclosed in the PEM specific - * '-----{BEGIN/END} CERTIFICATE-----' delimiters. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The chain to which to add the parsed certificates. - * \param buf The buffer holding the certificate data in PEM or DER format. - * For certificates in PEM encoding, this may be a concatenation - * of multiple certificates; for DER encoding, the buffer must - * comprise exactly one certificate. - * \param buflen The size of \p buf, including the terminating \c NULL byte - * in case of PEM encoded data. - * - * \return \c 0 if all certificates were parsed successfully. - * \return The (positive) number of certificates that couldn't - * be parsed if parsing was partly successful (see above). - * \return A negative X509 or PEM error code otherwise. - * - */ -int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load one or more certificates and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param path filename to read the certificates from - * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code - */ -int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); - -/** - * \brief Load one or more certificate files from a path and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. - * - * \param chain points to the start of the chain - * \param path directory / folder to read the certificate files from - * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code - */ -int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); - -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the - * certificate. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param crt The X509 certificate to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt); - -/** - * \brief Returns an informational string about the - * verification status of a certificate. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param flags Verification flags created by mbedtls_x509_crt_verify() - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Verify a chain of certificates. - * - * The verify callback is a user-supplied callback that - * can clear / modify / add flags for a certificate. If set, - * the verification callback is called for each - * certificate in the chain (from the trust-ca down to the - * presented crt). The parameters for the callback are: - * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, - * int *flags). With the flags representing current flags for - * that specific certificate and the certificate depth from - * the bottom (Peer cert depth = 0). - * - * All flags left after returning from the callback - * are also returned to the application. The function should - * return 0 for anything (including invalid certificates) - * other than fatal error, as a non-zero return code - * immediately aborts the verification process. For fatal - * errors, a specific error code should be used (different - * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not - * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR - * can be used if no better code is available. - * - * \note In case verification failed, the results can be displayed - * using \c mbedtls_x509_crt_verify_info() - * - * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the - * default security profile. - * - * \note It is your responsibility to provide up-to-date CRLs for - * all trusted CAs. If no CRL is provided for the CA that was - * used to sign the certificate, CRL verification is skipped - * silently, that is *without* setting any flag. - * - * \note The \c trust_ca list can contain two types of certificates: - * (1) those of trusted root CAs, so that certificates - * chaining up to those CAs will be trusted, and (2) - * self-signed end-entity certificates to be trusted (for - * specific peers you know) - in that case, the self-signed - * certificate doesn't need to have the CA bit set. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param cn The expected Common Name. This will be checked to be - * present in the certificate's subjectAltNames extension or, - * if this extension is absent, as a CN component in its - * Subject name. DNS names and IP addresses are fully - * supported, while the URI subtype is partially supported: - * only exact matching, without any normalization procedures - * described in 7.4 of RFC5280, will result in a positive - * URI verification. - * This may be \c NULL if the CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return \c 0 if the chain is valid with respect to the - * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the - * certificate chain verification failed. In this case, - * \c *flags will have one or more - * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX - * flags set. - * \return Another negative error code in case of a fatal error - * encountered during the verification process. - */ -int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); - -/** - * \brief Verify a chain of certificates with respect to - * a configurable security profile. - * - * \note Same as \c mbedtls_x509_crt_verify(), but with explicit - * security profile. - * - * \note The restrictions on keys (RSA minimum size, allowed curves - * for ECDSA) apply to all certificates: trusted root, - * intermediate CAs if any, and end entity certificate. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param profile The security profile to use for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return \c 0 if the chain is valid with respect to the - * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the - * certificate chain verification failed. In this case, - * \c *flags will have one or more - * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX - * flags set. - * \return Another negative error code in case of a fatal error - * encountered during the verification process. - */ -int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); - -/** - * \brief Restartable version of \c mbedtls_crt_verify_with_profile() - * - * \note Performs the same job as \c mbedtls_crt_verify_with_profile() - * but can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param profile The security profile to use for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * \param rs_ctx The restart context to use. This may be set to \c NULL - * to disable restartable ECC. - * - * \return See \c mbedtls_crt_verify_with_profile(), or - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - */ -int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx); - -/** - * \brief The type of trusted certificate callbacks. - * - * Callbacks of this type are passed to and used by the CRT - * verification routine mbedtls_x509_crt_verify_with_ca_cb() - * when looking for trusted signers of a given certificate. - * - * On success, the callback returns a list of trusted - * certificates to be considered as potential signers - * for the input certificate. - * - * \param p_ctx An opaque context passed to the callback. - * \param child The certificate for which to search a potential signer. - * This will point to a readable certificate. - * \param candidate_cas The address at which to store the address of the first - * entry in the generated linked list of candidate signers. - * This will not be \c NULL. - * - * \note The callback must only return a non-zero value on a - * fatal error. If, in contrast, the search for a potential - * signer completes without a single candidate, the - * callback must return \c 0 and set \c *candidate_cas - * to \c NULL. - * - * \return \c 0 on success. In this case, \c *candidate_cas points - * to a heap-allocated linked list of instances of - * ::mbedtls_x509_crt, and ownership of this list is passed - * to the caller. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx, - mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidate_cas); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/** - * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which - * uses a callback to acquire the list of trusted CA - * certificates. - * - * \param crt The certificate chain to be verified. - * \param f_ca_cb The callback to be used to query for potential signers - * of a given child certificate. See the documentation of - * ::mbedtls_x509_crt_ca_cb_t for more information. - * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. - * \param profile The security profile for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return See \c mbedtls_crt_verify_with_profile(). - */ -int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); - -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/** - * \brief Check usage of certificate against keyUsage extension. - * - * \param crt Leaf certificate used. - * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT - * before using the certificate to perform an RSA key - * exchange). - * - * \note Except for decipherOnly and encipherOnly, a bit set in the - * usage argument means this bit MUST be set in the - * certificate. For decipherOnly and encipherOnly, it means - * that bit MAY be set. - * - * \return 0 is these uses of the certificate are allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension - * is present but does not match the usage argument. - * - * \note You should only call this function on leaf certificates, on - * (intermediate) CAs the keyUsage extension is automatically - * checked by \c mbedtls_x509_crt_verify(). - */ -int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, - unsigned int usage); - -/** - * \brief Check usage of certificate against extendedKeyUsage. - * - * \param crt Leaf certificate used. - * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or - * MBEDTLS_OID_CLIENT_AUTH). - * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). - * - * \return 0 if this use of the certificate is allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. - * - * \note Usually only makes sense on leaf certificates. - */ -int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len); - -#if defined(MBEDTLS_X509_CRL_PARSE_C) -/** - * \brief Verify the certificate revocation status - * - * \param crt a certificate to be verified - * \param crl the CRL to verify against - * - * \return 1 if the certificate is revoked, 0 otherwise - * - */ -int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl); -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -/** - * \brief Initialize a certificate (chain) - * - * \param crt Certificate chain to initialize - */ -void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); - -/** - * \brief Unallocate all certificate data - * - * \param crt Certificate chain to free - */ -void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Initialize a restart context - */ -void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); - -/** - * \brief Free the components of a restart context - */ -void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Query certificate for given extension type - * - * \param[in] ctx Certificate context to be queried, must not be \c NULL - * \param ext_type Extension type being queried for, must be a valid - * extension type. Must be one of the MBEDTLS_X509_EXT_XXX - * values - * - * \return 0 if the given extension type is not present, - * non-zero otherwise - */ -static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, - int ext_type) -{ - return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type; -} - -/** - * \brief Access the ca_istrue field - * - * \param[in] crt Certificate to be queried, must not be \c NULL - * - * \return \c 1 if this a CA certificate \c 0 otherwise. - * \return MBEDTLS_ERR_X509_INVALID_EXTENSIONS if the certificate does not contain - * the Optional Basic Constraint extension. - * - */ -int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt); - -/** \} name Structures and functions for parsing and writing X.509 certificates */ - -#if defined(MBEDTLS_X509_CRT_WRITE_C) -/** - * \brief Initialize a CRT writing context - * - * \param ctx CRT context to initialize - */ -void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx); - -/** - * \brief Set the version for a Certificate - * Default: MBEDTLS_X509_CRT_VERSION_3 - * - * \param ctx CRT context to use - * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or - * MBEDTLS_X509_CRT_VERSION_3) - */ -void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version); - -#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the serial number for a Certificate. - * - * \deprecated This function is deprecated and will be removed in a - * future version of the library. Please use - * mbedtls_x509write_crt_set_serial_raw() instead. - * - * \note Even though the MBEDTLS_BIGNUM_C guard looks redundant since - * X509 depends on PK and PK depends on BIGNUM, this emphasizes - * a direct dependency between X509 and BIGNUM which is going - * to be deprecated in the future. - * - * \param ctx CRT context to use - * \param serial serial number to set - * - * \return 0 if successful - */ -int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial( - mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial); -#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED - -/** - * \brief Set the serial number for a Certificate. - * - * \param ctx CRT context to use - * \param serial A raw array of bytes containing the serial number in big - * endian format - * \param serial_len Length of valid bytes (expressed in bytes) in \p serial - * input buffer - * - * \return 0 if successful, or - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer - * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) - */ -int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - unsigned char *serial, size_t serial_len); - -/** - * \brief Set the validity period for a Certificate - * Timestamps should be in string format for UTC timezone - * i.e. "YYYYMMDDhhmmss" - * e.g. "20131231235959" for December 31st 2013 - * at 23:59:59 - * - * \param ctx CRT context to use - * \param not_before not_before timestamp - * \param not_after not_after timestamp - * - * \return 0 if timestamp was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, - const char *not_after); - -/** - * \brief Set the issuer name for a Certificate - * Issuer names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=Mbed TLS CA" - * - * \param ctx CRT context to use - * \param issuer_name issuer name to set - * - * \return 0 if issuer name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, - const char *issuer_name); - -/** - * \brief Set the subject name for a Certificate - * Subject names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" - * - * \param ctx CRT context to use - * \param subject_name subject name to set - * - * \return 0 if subject name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, - const char *subject_name); - -/** - * \brief Set the subject public key for the certificate - * - * \param ctx CRT context to use - * \param key public key to include - */ -void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); - -/** - * \brief Set the issuer key used for signing the certificate - * - * \param ctx CRT context to use - * \param key private key to sign with - */ -void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); - -/** - * \brief Set the MD algorithm to use for the signature - * (e.g. MBEDTLS_MD_SHA1) - * - * \param ctx CRT context to use - * \param md_alg MD algorithm to use - */ -void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg); - -/** - * \brief Generic function to add to or replace an extension in the - * CRT - * - * \param ctx CRT context to use - * \param oid OID of the extension - * \param oid_len length of the OID - * \param critical if the extension is critical (per the RFC's definition) - * \param val value of the extension OCTET STRING - * \param val_len length of the value data - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len); - -/** - * \brief Set the basicConstraints extension for a CRT - * - * \param ctx CRT context to use - * \param is_ca is this a CA certificate - * \param max_pathlen maximum length of certificate chains below this - * certificate (only for CA certificates, -1 is - * unlimited) - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen); - -#if defined(PSA_WANT_ALG_SHA_1) -/** - * \brief Set the subjectKeyIdentifier extension for a CRT - * Requires that mbedtls_x509write_crt_set_subject_key() has been - * called before - * - * \param ctx CRT context to use - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); - -/** - * \brief Set the authorityKeyIdentifier extension for a CRT - * Requires that mbedtls_x509write_crt_set_issuer_key() has been - * called before - * - * \param ctx CRT context to use - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); -#endif /* PSA_WANT_ALG_SHA_1 */ - -/** - * \brief Set the Key Usage Extension flags - * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) - * - * \param ctx CRT context to use - * \param key_usage key usage flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, - unsigned int key_usage); - -/** - * \brief Set the Extended Key Usage Extension - * (e.g. MBEDTLS_OID_SERVER_AUTH) - * - * \param ctx CRT context to use - * \param exts extended key usage extensions to set, a sequence of - * MBEDTLS_ASN1_OID objects - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, - const mbedtls_asn1_sequence *exts); - -/** - * \brief Set the Netscape Cert Type flags - * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) - * - * \param ctx CRT context to use - * \param ns_cert_type Netscape Cert Type flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type); - -/** - * \brief Free the contents of a CRT write context - * - * \param ctx CRT context to free - */ -void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); - -/** - * \brief Write a built up certificate to a X509 DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx certificate to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return length of data written if successful, or a specific - * error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a built up certificate to a X509 PEM string - * - * \param ctx certificate to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return 0 if successful, or a specific error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_X509_CRT_WRITE_C */ - -/** \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_crt.h */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h deleted file mode 100644 index 08e585f3f..000000000 --- a/include/mbedtls/x509_csr.h +++ /dev/null @@ -1,379 +0,0 @@ -/** - * \file x509_csr.h - * - * \brief X.509 certificate signing request parsing and writing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_CSR_H -#define MBEDTLS_X509_CSR_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures and functions for X.509 Certificate Signing Requests (CSR) - * \{ - */ - -/** - * Certificate Signing Request (CSR) structure. - * - * Some fields of this structure are publicly readable. Do not modify - * them except via Mbed TLS library functions: the effect of modifying - * those fields or the data that those fields point to is unspecified. - */ -typedef struct mbedtls_x509_csr { - mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ - mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ - - int version; /**< CSR version (1=v1). */ - - mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */ - mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ - - mbedtls_pk_context pk; /**< Container for the public key context. */ - - unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ - unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ - - int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ - - mbedtls_x509_buf sig_oid; - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ -} -mbedtls_x509_csr; - -/** - * Container for writing a CSR - */ -typedef struct mbedtls_x509write_csr { - mbedtls_pk_context *MBEDTLS_PRIVATE(key); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); - mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); -} -mbedtls_x509write_csr; - -#if defined(MBEDTLS_X509_CSR_PARSE_C) -/** - * \brief Load a Certificate Signing Request (CSR) in DER format - * - * \note Any unsupported requested extensions are silently - * ignored, unless the critical flag is set, in which case - * the CSR is rejected. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * - * \return 0 if successful, or a specific X509 error code - */ -int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen); - -/** - * \brief The type of certificate extension callbacks. - * - * Callbacks of this type are passed to and used by the - * mbedtls_x509_csr_parse_der_with_ext_cb() routine when - * it encounters either an unsupported extension. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \param p_ctx An opaque context passed to the callback. - * \param csr The CSR being parsed. - * \param oid The OID of the extension. - * \param critical Whether the extension is critical. - * \param p Pointer to the start of the extension value - * (the content of the OCTET STRING). - * \param end End of extension value. - * - * \note The callback must fail and return a negative error code - * if it can not parse or does not support the extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_csr_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_csr_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx, - mbedtls_x509_csr const *csr, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end); - -/** - * \brief Load a Certificate Signing Request (CSR) in DER format - * - * \note Any unsupported requested extensions are silently - * ignored, unless the critical flag is set, in which case - * the result of the callback function decides whether - * CSR is rejected. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * \param cb A callback invoked for every unsupported certificate - * extension. - * \param p_ctx An opaque context passed to the callback. - * - * \return 0 if successful, or a specific X509 error code - */ -int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx); - -/** - * \brief Load a Certificate Signing Request (CSR), DER or PEM format - * - * \note See notes for \c mbedtls_x509_csr_parse_der() - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load a Certificate Signing Request (CSR) - * - * \note See notes for \c mbedtls_x509_csr_parse() - * - * \param csr CSR context to fill - * \param path filename to read the CSR from - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path); -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the - * CSR. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param csr The X509 CSR to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Initialize a CSR - * - * \param csr CSR to initialize - */ -void mbedtls_x509_csr_init(mbedtls_x509_csr *csr); - -/** - * \brief Unallocate all CSR data - * - * \param csr CSR to free - */ -void mbedtls_x509_csr_free(mbedtls_x509_csr *csr); -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) -/** - * \brief Initialize a CSR context - * - * \param ctx CSR context to initialize - */ -void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx); - -/** - * \brief Set the subject name for a CSR - * Subject names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" - * - * \param ctx CSR context to use - * \param subject_name subject name to set - * - * \return 0 if subject name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, - const char *subject_name); - -/** - * \brief Set the key for a CSR (public key will be included, - * private key used to sign the CSR when writing it) - * - * \param ctx CSR context to use - * \param key Asymmetric key to include - */ -void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key); - -/** - * \brief Set the MD algorithm to use for the signature - * (e.g. MBEDTLS_MD_SHA1) - * - * \param ctx CSR context to use - * \param md_alg MD algorithm to use - */ -void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg); - -/** - * \brief Set the Key Usage Extension flags - * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) - * - * \param ctx CSR context to use - * \param key_usage key usage flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - * - * \note The decipherOnly flag from the Key Usage - * extension is represented by bit 8 (i.e. - * 0x8000), which cannot typically be represented - * in an unsigned char. Therefore, the flag - * decipherOnly (i.e. - * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this - * function. - */ -int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage); - -/** - * \brief Set Subject Alternative Name - * - * \param ctx CSR context to use - * \param san_list List of SAN values - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - * - * \note Only "dnsName", "uniformResourceIdentifier" and "otherName", - * as defined in RFC 5280, are supported. - */ -int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx, - const mbedtls_x509_san_list *san_list); - -/** - * \brief Set the Netscape Cert Type flags - * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) - * - * \param ctx CSR context to use - * \param ns_cert_type Netscape Cert Type flags to set - * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type); - -/** - * \brief Generic function to add to or replace an extension in the - * CSR - * - * \param ctx CSR context to use - * \param oid OID of the extension - * \param oid_len length of the OID - * \param critical Set to 1 to mark the extension as critical, 0 otherwise. - * \param val value of the extension OCTET STRING - * \param val_len length of the value data - * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED - */ -int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len); - -/** - * \brief Free the contents of a CSR context - * - * \param ctx CSR context to free - */ -void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); - -/** - * \brief Write a CSR (Certificate Signing Request) to a - * DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx CSR to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return length of data written if successful, or a specific - * error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a CSR (Certificate Signing Request) to a - * PEM string - * - * \param ctx CSR to write away - * \param buf buffer to write to - * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter - * - * \return 0 if successful, or a specific error code - * - * \note \p f_rng is used for the signature operation. - */ -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - -/** \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_csr.h */ diff --git a/library/.gitignore b/library/.gitignore deleted file mode 100644 index 9794129d9..000000000 --- a/library/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -libmbed* -*.sln -*.vcxproj - -###START_GENERATED_FILES### -/error.c -/version_features.c -/ssl_debug_helpers_generated.c -###END_GENERATED_FILES### diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt deleted file mode 100644 index a32b4bc26..000000000 --- a/library/CMakeLists.txt +++ /dev/null @@ -1,235 +0,0 @@ -set(src_x509 - error.c - pkcs7.c - x509.c - x509_create.c - x509_crl.c - x509_crt.c - x509_csr.c - x509write.c - x509write_crt.c - x509write_csr.c -) - -set(src_tls - debug.c - mps_reader.c - mps_trace.c - net_sockets.c - ssl_cache.c - ssl_ciphersuites.c - ssl_client.c - ssl_cookie.c - ssl_debug_helpers_generated.c - ssl_msg.c - ssl_ticket.c - ssl_tls.c - ssl_tls12_client.c - ssl_tls12_server.c - ssl_tls13_keys.c - ssl_tls13_server.c - ssl_tls13_client.c - ssl_tls13_generic.c - timing.c - version.c - version_features.c -) - -if(GEN_FILES) - find_package(Perl REQUIRED) - - file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/*.h) - file(GLOB tls_error_headers ${MBEDTLS_DIR}/include/mbedtls/*.h) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/error.c - COMMAND - ${PERL_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls - ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files - ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c - DEPENDS - ${MBEDTLS_DIR}/scripts/generate_errors.pl - ${crypto_error_headers} - ${tls_error_headers} - ${MBEDTLS_DIR}/scripts/data_files/error.fmt - ) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/version_features.c - COMMAND - ${PERL_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files - ${CMAKE_CURRENT_BINARY_DIR}/version_features.c - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt - ) - - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py - --mbedtls-root ${CMAKE_CURRENT_SOURCE_DIR}/.. - ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py - ${tls_error_headers} - ) -else() - link_to_source(error.c) - link_to_source(version_features.c) - link_to_source(ssl_debug_helpers_generated.c) -endif() - -if(CMAKE_COMPILER_IS_GNUCC) - set(LIBS_C_FLAGS -Wmissing-declarations) -endif(CMAKE_COMPILER_IS_GNUCC) - -if(CMAKE_COMPILER_IS_CLANG) - set(LIBS_C_FLAGS -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) -endif(CMAKE_COMPILER_IS_CLANG) - -if(CMAKE_COMPILER_IS_MSVC) - option(MSVC_STATIC_RUNTIME "Build the libraries with /MT compiler flag" OFF) - if(MSVC_STATIC_RUNTIME) - foreach(flag_var - CMAKE_C_FLAGS CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELEASE - CMAKE_C_FLAGS_MINSIZEREL CMAKE_C_FLAGS_RELWITHDEBINFO - CMAKE_C_FLAGS_CHECK) - string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}") - endforeach(flag_var) - endif() -endif() - -if(CMAKE_C_COMPILER_ID MATCHES "AppleClang") - set(CMAKE_C_ARCHIVE_CREATE " Scr ") - set(CMAKE_C_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") -endif() -if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang") - set(CMAKE_CXX_ARCHIVE_CREATE " Scr ") - set(CMAKE_CXX_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") -endif() - -if(HAIKU) - set(libs ${libs} network) -endif(HAIKU) - -if(LINK_WITH_PTHREAD) - set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT}) -endif() - -if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) - message(FATAL_ERROR "Need to choose static or shared mbedtls build!") -endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) - -set(mbedtls_target "${MBEDTLS_TARGET_PREFIX}mbedtls") -set(mbedx509_target "${MBEDTLS_TARGET_PREFIX}mbedx509") - -set(mbedtls_target ${mbedtls_target} PARENT_SCOPE) -set(mbedx509_target ${mbedx509_target} PARENT_SCOPE) - -if (USE_STATIC_MBEDTLS_LIBRARY) - set(mbedtls_static_target ${mbedtls_target}) - set(mbedx509_static_target ${mbedx509_target}) -endif() - -set(target_libraries ${mbedx509_target} ${mbedtls_target}) - -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - string(APPEND mbedtls_static_target "_static") - string(APPEND mbedx509_static_target "_static") - - list(APPEND target_libraries - ${mbedx509_static_target} - ${mbedtls_static_target}) -endif() - -if(USE_STATIC_MBEDTLS_LIBRARY) - add_library(${mbedx509_static_target} STATIC ${src_x509}) - set_base_compile_options(${mbedx509_static_target}) - target_compile_options(${mbedx509_static_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) - target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${tfpsacrypto_static_target}) - - add_library(${mbedtls_static_target} STATIC ${src_tls}) - set_base_compile_options(${mbedtls_static_target}) - target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) - target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) -endif(USE_STATIC_MBEDTLS_LIBRARY) - -if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(${mbedx509_target} SHARED ${src_x509}) - set_base_compile_options(${mbedx509_target}) - target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7) - target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) - - add_library(${mbedtls_target} SHARED ${src_tls}) - set_base_compile_options(${mbedtls_target}) - target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) - target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) -endif(USE_SHARED_MBEDTLS_LIBRARY) - -foreach(target IN LISTS target_libraries) - add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support - # Include public header files from /include, /tf-psa-crypto/include/ and - # tf-psa-crypto/drivers/builtin/include/. Include private header files - # from /library, tf-psa-crypto/core/ and tf-psa-crypto/drivers/builtin/src/. - target_include_directories(${target} - PUBLIC $ - $ - $ - $ - PRIVATE ${MBEDTLS_DIR}/library/ - ${MBEDTLS_DIR}/tf-psa-crypto/core - ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src) - set_config_files_compile_definitions(${target}) - install( - TARGETS ${target} - EXPORT MbedTLSTargets - ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} - LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} - RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) -endforeach(target) - -set(lib_target "${MBEDTLS_TARGET_PREFIX}lib") - -add_custom_target(${lib_target} DEPENDS ${mbedx509_target} ${mbedtls_target}) -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - add_dependencies(${lib_target} ${mbedx509_static_target} ${mbedtls_static_target}) -endif() - -foreach(target IN LISTS tf_psa_crypto_library_targets) - get_target_property(target_type ${target} TYPE) - if (target_type STREQUAL STATIC_LIBRARY) - add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ ${CMAKE_BINARY_DIR}/library) - else() - add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) - add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) - endif() -endforeach(target) diff --git a/library/Makefile b/library/Makefile deleted file mode 100644 index b874acf27..000000000 --- a/library/Makefile +++ /dev/null @@ -1,417 +0,0 @@ -ifndef MBEDTLS_PATH -MBEDTLS_PATH := .. -endif - -TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - -GENERATED_FILES := \ - error.c \ - version_features.c \ - ssl_debug_helpers_generated.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c - -ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) - ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message -$(MBEDTLS_PATH)/framework/exported.make not found. -Run `git submodule update --init` to fetch the submodule contents. -This is a fatal error - endef - $(error $(error_message)) - endif - include $(MBEDTLS_PATH)/framework/exported.make -endif - -# Also see "include/mbedtls/mbedtls_config.h" - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -LDFLAGS ?= - -# Include ../include, ../tf-psa-crypto/include and -# ../tf-psa-crypto/drivers/builtin/include for public headers and ., -# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for -# private headers. -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \ - -I../tf-psa-crypto/drivers/builtin/src \ - -I../include -I../tf-psa-crypto/include \ - -I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = - -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - -# MicroBlaze specific options: -# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift - -# To compile on Plan9: -# CFLAGS += -D_BSD_EXTENSION - -PERL ?= perl - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - -# if were running on Windows build for Windows -ifdef WINDOWS -WINDOWS_BUILD=1 -else ifeq ($(shell uname -s),Darwin) -ifeq ($(AR),ar) -APPLE_BUILD ?= 1 -endif -endif - -ifdef WINDOWS_BUILD -LOCAL_LDFLAGS += -lbcrypt -endif - -# To compile as a shared library: -ifdef SHARED -# all code is position-indep with mingw, avoid warning about useless flag -ifndef WINDOWS_BUILD -LOCAL_CFLAGS += -fPIC -fpic -endif -endif - -SOEXT_TLS?=so.21 -SOEXT_X509?=so.7 -SOEXT_CRYPTO?=so.16 - -# Set AR_DASH= (empty string) to use an ar implementation that does not accept -# the - prefix for command line options (e.g. llvm-ar) -AR_DASH ?= - - -ARFLAGS = $(AR_DASH)src -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) -ARFLAGS = $(AR_DASH)Src -RLFLAGS = -no_warning_for_no_symbols -c -RL ?= ranlib -endif -endif - -DLEXT ?= so -ifdef WINDOWS_BUILD -# Windows shared library extension: -DLEXT = dll -else ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) -# Mac OS X shared library extension: -DLEXT = dylib -endif -endif - -OBJS_CRYPTO= \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aes.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesni.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesce.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aria.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1parse.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1write.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/base64.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_core.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod_raw.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/block_cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/camellia.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ccm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chacha20.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chachapoly.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher_wrap.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cmac.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/dhm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves_new.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy_poll.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/gcm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hkdf.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hmac_drbg.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lmots.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lms.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md5.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/memory_buffer_alloc.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/nist_kw.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/oid.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pem.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_ecc.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_wrap.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs12.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs5.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkparse.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkwrite.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform_util.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/poly1305.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_aead.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ecp.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ffdh.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_hash.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_mac.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_pake.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_rsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_util.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ripemd160.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa_alt_helpers.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha1.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha256.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \ - # This line is intentionally left blank - -THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) -OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) - -OBJS_X509= \ - x509.o \ - x509_create.o \ - x509_crl.o \ - x509_crt.o \ - x509_csr.o \ - x509write.o \ - x509write_crt.o \ - x509write_csr.o \ - pkcs7.o \ - error.o \ - # This line is intentionally left blank - -OBJS_TLS= \ - debug.o \ - mps_reader.o \ - mps_trace.o \ - net_sockets.o \ - ssl_cache.o \ - ssl_ciphersuites.o \ - ssl_client.o \ - ssl_cookie.o \ - ssl_debug_helpers_generated.o \ - ssl_msg.o \ - ssl_ticket.o \ - ssl_tls.o \ - ssl_tls12_client.o \ - ssl_tls12_server.o \ - ssl_tls13_keys.o \ - ssl_tls13_client.o \ - ssl_tls13_server.o \ - ssl_tls13_generic.o \ - timing.o \ - version.o \ - version_features.o \ - # This line is intentionally left blank - -.SILENT: - -.PHONY: all static shared clean - -ifndef SHARED -all: static -else -all: shared static -endif - -static: libmbedcrypto.a libmbedx509.a libmbedtls.a - cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile - cd ../tf-psa-crypto/tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile - -shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) - -# Windows builds under Mingw can fail if make tries to create archives in the same -# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002. -# This forces builds of the .a files to be serialised. -ifdef WINDOWS -libmbedtls.a: | libmbedx509.a -libmbedx509.a: | libmbedcrypto.a -endif - -# tls -libmbedtls.a: $(OBJS_TLS) - echo " AR $@" - $(AR) $(ARFLAGS) $@ $(OBJS_TLS) -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) - echo " RL $@" - $(RL) $(RLFLAGS) $@ -endif -endif - -libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -ifneq ($(SOEXT_TLS),so) -libmbedtls.so: libmbedtls.$(SOEXT_TLS) - echo " LN $@ -> $<" - ln -sf $< $@ -endif - -libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib - echo " LD $@" - $(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) - -# x509 -libmbedx509.a: $(OBJS_X509) - echo " AR $@" - $(AR) $(ARFLAGS) $@ $(OBJS_X509) -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) - echo " RL $@" - $(RL) $(RLFLAGS) $@ -endif -endif - -libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -ifneq ($(SOEXT_X509),so) -libmbedx509.so: libmbedx509.$(SOEXT_X509) - echo " LN $@ -> $<" - ln -sf $< $@ -endif - -libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib - echo " LD $@" - $(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) - -# crypto -libmbedcrypto.a: $(OBJS_CRYPTO) - echo " AR $@" - $(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO) -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) - echo " RL $@" - $(RL) $(RLFLAGS) $@ -endif -endif - -libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO) - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS) - -ifneq ($(SOEXT_CRYPTO),so) -libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO) - echo " LN $@ -> $<" - ln -sf $< $@ -endif - -libmbedcrypto.dylib: $(OBJS_CRYPTO) - echo " LD $@" - $(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS) - -libmbedcrypto.dll: $(OBJS_CRYPTO) - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) - -.c.o: - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -.c.s: - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< - -.PHONY: generated_files -generated_files: $(GENERATED_FILES) - -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - -error.c: $(gen_file_dep) ../scripts/generate_errors.pl -error.c: $(gen_file_dep) ../scripts/data_files/error.fmt -error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) -error.c: - echo " Gen $@" - $(PERL) ../scripts/generate_errors.pl - -ssl_debug_helpers_generated.c: $(gen_file_dep) ../framework/scripts/generate_ssl_debug_helpers.py -ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) -ssl_debug_helpers_generated.c: - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_ssl_debug_helpers.py --mbedtls-root .. . - -version_features.c: $(gen_file_dep) ../scripts/generate_features.pl -version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt -## The generated file only depends on the options that are present in mbedtls_config.h, -## not on which options are set. To avoid regenerating this file all the time -## when switching between configurations, don't declare mbedtls_config.h as a -## dependency. Remove this file from your working tree if you've just added or -## removed an option in mbedtls_config.h. -#version_features.c: ../include/mbedtls/mbedtls_config.h -version_features.c: - echo " Gen $@" - $(PERL) ../scripts/generate_features.pl - -GENERATED_WRAPPER_FILES = \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja -$(GENERATED_WRAPPER_FILES): - echo " Gen $(GENERATED_WRAPPER_FILES)" - $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) - -$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h - -clean: -ifndef WINDOWS - rm -f *.o *.s libmbed* - rm -f $(OBJS_CRYPTO) $(OBJS_CRYPTO:.o=.s) -else - if exist *.o del /Q /F *.o - if exist *.s del /Q /F *.s - if exist libmbed* del /Q /F libmbed* - del /Q /F del_errors_out_if_the_file_list_is_empty_but_not_if_a_file_does_not_exist $(subst /,\,$(OBJS_CRYPTO)) -endif - -neat: clean -ifndef WINDOWS - rm -f $(GENERATED_FILES) -else - for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f -endif diff --git a/library/debug.c b/library/debug.c deleted file mode 100644 index a48635372..000000000 --- a/library/debug.c +++ /dev/null @@ -1,465 +0,0 @@ -/* - * Debugging routines - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_DEBUG_C) - -#include "mbedtls/platform.h" - -#include "debug_internal.h" -#include "mbedtls/error.h" - -#include -#include -#include - -/* DEBUG_BUF_SIZE must be at least 2 */ -#define DEBUG_BUF_SIZE 512 - -static int debug_threshold = 0; - -void mbedtls_debug_set_threshold(int threshold) -{ - debug_threshold = threshold; -} - -/* - * All calls to f_dbg must be made via this function - */ -static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *str) -{ - /* - * If in a threaded environment, we need a thread identifier. - * Since there is no portable way to get one, use the address of the ssl - * context instead, as it shouldn't be shared between threads. - */ -#if defined(MBEDTLS_THREADING_C) - char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf(idstr, sizeof(idstr), "%p: %s", (void *) ssl, str); - ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, idstr); -#else - ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, str); -#endif -} - -MBEDTLS_PRINTF_ATTRIBUTE(5, 6) -void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ...) -{ - va_list argp; - char str[DEBUG_BUF_SIZE]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small"); - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - va_start(argp, format); - ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); - va_end(argp); - - if (ret < 0) { - ret = 0; - } else { - if (ret >= DEBUG_BUF_SIZE - 1) { - ret = DEBUG_BUF_SIZE - 2; - } - } - str[ret] = '\n'; - str[ret + 1] = '\0'; - - debug_send_line(ssl, level, file, line, str); -} - -void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret) -{ - char str[DEBUG_BUF_SIZE]; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - /* - * With non-blocking I/O and examples that just retry immediately, - * the logs would be quickly flooded with WANT_READ, so ignore that. - * Don't ignore WANT_WRITE however, since it is usually rare. - */ - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n", - text, ret, (unsigned int) -ret); - - debug_send_line(ssl, level, file, line, str); -} - -void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len) -{ - char str[DEBUG_BUF_SIZE]; - char txt[17]; - size_t i, idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n", - text, (unsigned int) len); - - debug_send_line(ssl, level, file, line, str); - - memset(txt, 0, sizeof(txt)); - for (i = 0; i < len; i++) { - if (i >= 4096) { - break; - } - - if (i % 16 == 0) { - if (i > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); - debug_send_line(ssl, level, file, line, str); - - idx = 0; - memset(txt, 0, sizeof(txt)); - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ", - (unsigned int) i); - - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", - (unsigned int) buf[i]); - txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.'; - } - - if (len > 0) { - for (/* i = i */; i % 16 != 0; i++) { - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - } - - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); - debug_send_line(ssl, level, file, line, str); - } -} - -#if defined(MBEDTLS_ECP_LIGHT) -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X) -{ - char str[DEBUG_BUF_SIZE]; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X); - - mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y); -} -#endif /* MBEDTLS_ECP_LIGHT */ - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len) -{ - char str[DEBUG_BUF_SIZE]; - size_t i, idx = 0; - - mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) len * 8); - - debug_send_line(ssl, level, file, line, str); - - for (i = 0; i < len; i++) { - if (i >= 4096) { - break; - } - - if (i % 16 == 0) { - if (i > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - - idx = 0; - } - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", - (unsigned int) buf[i]); - } - - if (len > 0) { - for (/* i = i */; i % 16 != 0; i++) { - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - } - - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} - -void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - char str[DEBUG_BUF_SIZE]; - const uint8_t *coord_start; - size_t coord_len; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - /* For the description of pk->pk_raw content please refer to the description - * psa_export_public_key() function. */ - coord_len = (pk->pub_raw_len - 1)/2; - - /* X coordinate */ - coord_start = pk->pub_raw + 1; - mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); - - /* Y coordinate */ - coord_start = coord_start + coord_len; - mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); -} -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - -#if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X) -{ - char str[DEBUG_BUF_SIZE]; - size_t bitlen; - size_t idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == X || - level > debug_threshold) { - return; - } - - bitlen = mbedtls_mpi_bitlen(X); - - mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", - text, (unsigned) bitlen); - debug_send_line(ssl, level, file, line, str); - - if (bitlen == 0) { - str[0] = ' '; str[1] = '0'; str[2] = '0'; - idx = 3; - } else { - int n; - for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { - size_t limb_offset = n / sizeof(mbedtls_mpi_uint); - size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); - unsigned char octet = - (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); - idx += 3; - /* Wrap lines after 16 octets that each take 3 columns */ - if (idx >= 3 * 16) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - idx = 0; - } - } - } - - if (idx != 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - size_t i; - mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS]; - char name[16]; - - memset(items, 0, sizeof(items)); - - if (mbedtls_pk_debug(pk, items) != 0) { - debug_send_line(ssl, level, file, line, - "invalid PK context\n"); - return; - } - - for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) { - if (items[i].type == MBEDTLS_PK_DEBUG_NONE) { - return; - } - - mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); - name[sizeof(name) - 1] = '\0'; - -#if defined(MBEDTLS_RSA_C) - if (items[i].type == MBEDTLS_PK_DEBUG_MPI) { - mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) - if (items[i].type == MBEDTLS_PK_DEBUG_ECP) { - mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { - mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - { debug_send_line(ssl, level, file, line, - "should not happen\n"); } - } -} - -static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text) -{ - char str[DEBUG_BUF_SIZE]; - const char *start, *cur; - - start = text; - for (cur = text; *cur != '\0'; cur++) { - if (*cur == '\n') { - size_t len = (size_t) (cur - start) + 1; - if (len > DEBUG_BUF_SIZE - 1) { - len = DEBUG_BUF_SIZE - 1; - } - - memcpy(str, start, len); - str[len] = '\0'; - - debug_send_line(ssl, level, file, line, str); - - start = cur + 1; - } - } -} - -void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt) -{ - char str[DEBUG_BUF_SIZE]; - int i = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == crt || - level > debug_threshold) { - return; - } - - while (crt != NULL) { - char buf[1024]; - - mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i); - debug_send_line(ssl, level, file, line, str); - - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); - debug_print_line_by_line(ssl, level, file, line, buf); - - debug_print_pk(ssl, level, file, line, "crt->", &crt->pk); - - crt = crt->next; - } -} -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, - int level, const char *file, - int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr) -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - const mbedtls_ecdh_context *ctx = ecdh; -#else - const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh; -#endif - - switch (attr) { - case MBEDTLS_DEBUG_ECDH_Q: - mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q", - &ctx->Q); - break; - case MBEDTLS_DEBUG_ECDH_QP: - mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp", - &ctx->Qp); - break; - case MBEDTLS_DEBUG_ECDH_Z: - mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z", - &ctx->z); - break; - default: - break; - } -} - -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr) -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr); -#else - switch (ecdh->var) { - default: - mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, - attr); - } -#endif -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - -#endif /* MBEDTLS_DEBUG_C */ diff --git a/library/debug_internal.h b/library/debug_internal.h deleted file mode 100644 index 4523b4633..000000000 --- a/library/debug_internal.h +++ /dev/null @@ -1,172 +0,0 @@ -/** - * \file debug_internal.h - * - * \brief Internal part of the public "debug.h". - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_DEBUG_INTERNAL_H -#define MBEDTLS_DEBUG_INTERNAL_H - -#include "mbedtls/debug.h" - -/** - * \brief Print a message to the debug output. This function is always used - * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl - * context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the message has occurred in - * \param line line number the message has occurred at - * \param format format specifier, in printf format - * \param ... variables used by the format specifier - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); - -/** - * \brief Print the return value of a function to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text the name of the function that returned the error - * \param ret the return code value - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret); - -/** - * \brief Output a buffer of size len bytes to the debug output. This function - * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the buffer being dumped. Normally the - * variable or buffer name - * \param buf the buffer to be outputted - * \param len length of the buffer - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len); - -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Print a MPI variable to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the MPI being output. Normally the - * variable name - * \param X the MPI variable - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X); -#endif - -#if defined(MBEDTLS_ECP_LIGHT) -/** - * \brief Print an ECP point to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the ECP point being output. Normally the - * variable name - * \param X the ECP point - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X); -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Print a X.509 certificate structure to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the certificate being output - * \param crt X.509 certificate structure - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt); -#endif - -/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function - only works for the built-in implementation. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -typedef enum { - MBEDTLS_DEBUG_ECDH_Q, - MBEDTLS_DEBUG_ECDH_QP, - MBEDTLS_DEBUG_ECDH_Z, -} mbedtls_debug_ecdh_attr; - -/** - * \brief Print a field of the ECDH structure in the SSL context to the debug - * output. This function is always used through the - * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file - * and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param ecdh the ECDH context - * \param attr the identifier of the attribute being output - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - -#endif /* MBEDTLS_DEBUG_INTERNAL_H */ diff --git a/library/mps_common.h b/library/mps_common.h deleted file mode 100644 index f9fe09988..000000000 --- a/library/mps_common.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_common.h - * - * \brief Common functions and macros used by MPS - */ - -#ifndef MBEDTLS_MPS_COMMON_H -#define MBEDTLS_MPS_COMMON_H - -#include "mps_error.h" - -#include - -/** - * \name SECTION: MPS Configuration - * - * \{ - */ - -/*! This flag controls whether the MPS-internal components - * (reader, writer, Layer 1-3) perform validation of the - * expected abstract state at the entry of API calls. - * - * Context: All MPS API functions impose assumptions/preconditions on the - * context on which they operate. For example, every structure has a notion of - * state integrity which is established by `xxx_init()` and preserved by any - * calls to the MPS API which satisfy their preconditions and either succeed, - * or fail with an error code which is explicitly documented to not corrupt - * structure integrity (such as WANT_READ and WANT_WRITE); - * apart from `xxx_init()` any function assumes state integrity as a - * precondition (but usually more). If any of the preconditions is violated, - * the function's behavior is entirely undefined. - * In addition to state integrity, all MPS structures have a more refined - * notion of abstract state that the API operates on. For example, all layers - * have a notion of 'abstract read state' which indicates if incoming data has - * been passed to the user, e.g. through mps_l2_read_start() for Layer 2 - * or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to - * call these reading functions again until the incoming data has been - * explicitly 'consumed', e.g. through mps_l2_read_consume() for Layer 2 or - * mps_l3_read_consume() on Layer 3. However, even if it doesn't make sense, - * it's a design choice whether the API should fail gracefully on such - * non-sensical calls or not, and that's what this option is about: - * - * This option determines whether the expected abstract state - * is part of the API preconditions or not: If the option is set, - * then the abstract state is not part of the precondition and is - * thus required to be validated by the implementation. If an unexpected - * abstract state is encountered, the implementation must fail gracefully - * with error #MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED. - * Conversely, if this option is not set, then the expected abstract state - * is included in the preconditions of the respective API calls, and - * an implementation's behaviour is undefined if the abstract state is - * not as expected. - * - * For example: Enabling this makes mps_l2_read_done() fail if - * no incoming record is currently open; disabling this would - * lead to undefined behavior in this case. - * - * Comment this to remove state validation. - */ -#define MBEDTLS_MPS_STATE_VALIDATION - -/*! This flag enables/disables assertions on the internal state of MPS. - * - * Assertions are sanity checks that should never trigger when MPS - * is used within the bounds of its API and preconditions. - * - * Enabling this increases security by limiting the scope of - * potential bugs, but comes at the cost of increased code size. - * - * Note: So far, there is no guiding principle as to what - * expected conditions merit an assertion, and which don't. - * - * Comment this to disable assertions. - */ -#define MBEDTLS_MPS_ENABLE_ASSERTIONS - -/*! This flag controls whether tracing for MPS should be enabled. */ -//#define MBEDTLS_MPS_ENABLE_TRACE - -#if defined(MBEDTLS_MPS_STATE_VALIDATION) - -#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \ - do \ - { \ - if (!(cond)) \ - { \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \ - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED); \ - } \ - } while (0) - -#else /* MBEDTLS_MPS_STATE_VALIDATION */ - -#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \ - do \ - { \ - (cond); \ - } while (0) - -#endif /* MBEDTLS_MPS_STATE_VALIDATION */ - -#if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS) - -#define MBEDTLS_MPS_ASSERT_RAW(cond, string) \ - do \ - { \ - if (!(cond)) \ - { \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \ - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_INTERNAL_ERROR); \ - } \ - } while (0) - -#else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */ - -#define MBEDTLS_MPS_ASSERT_RAW(cond, string) do {} while (0) - -#endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */ - - -/* \} name SECTION: MPS Configuration */ - -/** - * \name SECTION: Common types - * - * Various common types used throughout MPS. - * \{ - */ - -/** \brief The type of buffer sizes and offsets used in MPS structures. - * - * This is an unsigned integer type that should be large enough to - * hold the length of any buffer or message processed by MPS. - * - * The reason to pick a value as small as possible here is - * to reduce the size of MPS structures. - * - * \warning Care has to be taken when using a narrower type - * than ::mbedtls_mps_size_t here because of - * potential truncation during conversion. - * - * \warning Handshake messages in TLS may be up to 2^24 ~ 16Mb in size. - * If mbedtls_mps_[opt_]stored_size_t is smaller than that, the - * maximum handshake message is restricted accordingly. - * - * For now, we use the default type of size_t throughout, and the use of - * smaller types or different types for ::mbedtls_mps_size_t and - * ::mbedtls_mps_stored_size_t is not yet supported. - * - */ -typedef size_t mbedtls_mps_stored_size_t; -#define MBEDTLS_MPS_STORED_SIZE_MAX (SIZE_MAX) - -/** \brief The type of buffer sizes and offsets used in the MPS API - * and implementation. - * - * This must be at least as wide as ::mbedtls_stored_size_t but - * may be chosen to be strictly larger if more suitable for the - * target architecture. - * - * For example, in a test build for ARM Thumb, using uint_fast16_t - * instead of uint16_t reduced the code size from 1060 Byte to 962 Byte, - * so almost 10%. - */ -typedef size_t mbedtls_mps_size_t; -#define MBEDTLS_MPS_SIZE_MAX (SIZE_MAX) - -#if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX -#error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t." -#endif - -/* \} SECTION: Common types */ - - -#endif /* MBEDTLS_MPS_COMMON_H */ diff --git a/library/mps_error.h b/library/mps_error.h deleted file mode 100644 index 016a84ce4..000000000 --- a/library/mps_error.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_error.h - * - * \brief Error codes used by MPS - */ - -#ifndef MBEDTLS_MPS_ERROR_H -#define MBEDTLS_MPS_ERROR_H - - -/* TODO: The error code allocation needs to be revisited: - * - * - Should we make (some of) the MPS Reader error codes public? - * If so, we need to adjust MBEDTLS_MPS_READER_MAKE_ERROR() to hit - * a gap in the Mbed TLS public error space. - * If not, we have to make sure we don't forward those errors - * at the level of the public API -- no risk at the moment as - * long as MPS is an experimental component not accessible from - * public API. - */ - -/** - * \name SECTION: MPS general error codes - * - * \{ - */ - -#ifndef MBEDTLS_MPS_ERR_BASE -#define MBEDTLS_MPS_ERR_BASE (0) -#endif - -#define MBEDTLS_MPS_MAKE_ERROR(code) \ - (-(MBEDTLS_MPS_ERR_BASE | (code))) - -#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR(0x1) -#define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR(0x2) - -/* \} name SECTION: MPS general error codes */ - -/** - * \name SECTION: MPS Reader error codes - * - * \{ - */ - -#ifndef MBEDTLS_MPS_READER_ERR_BASE -#define MBEDTLS_MPS_READER_ERR_BASE (1 << 8) -#endif - -#define MBEDTLS_MPS_READER_MAKE_ERROR(code) \ - (-(MBEDTLS_MPS_READER_ERR_BASE | (code))) - -/*! An attempt to reclaim the data buffer from a reader failed because - * the user hasn't yet read and committed all of it. */ -#define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR(0x1) - -/*! An invalid argument was passed to the reader. */ -#define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR(0x2) - -/*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed() - * after pausing failed because the provided data is not sufficient to serve the - * read requests that led to the pausing. */ -#define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR(0x3) - -/*! A get request failed because not enough data is available in the reader. */ -#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR(0x4) - -/*!< A get request after pausing and reactivating the reader failed because - * the request is not in line with the request made prior to pausing. The user - * must not change it's 'strategy' after pausing and reactivating a reader. */ -#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR(0x5) - -/*! An attempt to reclaim the data buffer from a reader failed because the reader - * has no accumulator it can use to backup the data that hasn't been processed. */ -#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR(0x6) - -/*! An attempt to reclaim the data buffer from a reader failed because the - * accumulator passed to the reader is not large enough to hold both the - * data that hasn't been processed and the excess of the last read-request. */ -#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR(0x7) - -/* \} name SECTION: MPS Reader error codes */ - -#endif /* MBEDTLS_MPS_ERROR_H */ diff --git a/library/mps_reader.c b/library/mps_reader.c deleted file mode 100644 index 0fe7dfe95..000000000 --- a/library/mps_reader.c +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Message Processing Stack, Reader implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "mps_reader.h" -#include "mps_common.h" -#include "mps_trace.h" - -#include - -#if defined(MBEDTLS_MPS_ENABLE_TRACE) -static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; -#endif /* MBEDTLS_MPS_ENABLE_TRACE */ - -/* - * GENERAL NOTE ON CODING STYLE - * - * The following code intentionally separates memory loads - * and stores from other operations (arithmetic or branches). - * This leads to the introduction of many local variables - * and significantly increases the C-code line count, but - * should not increase the size of generated assembly. - * - * The reason for this is twofold: - * (1) It will ease verification efforts using the VST - * (Verified Software Toolchain) - * whose program logic cannot directly reason - * about instructions containing a load or store in - * addition to other operations (e.g. *p = *q or - * tmp = *p + 42). - * (2) Operating on local variables and writing the results - * back to the target contexts on success only - * allows to maintain structure invariants even - * on failure - this in turn has two benefits: - * (2.a) If for some reason an error code is not caught - * and operation continues, functions are nonetheless - * called with sane contexts, reducing the risk - * of dangerous behavior. - * (2.b) Randomized testing is easier if structures - * remain intact even in the face of failing - * and/or non-sensical calls. - * Moreover, it might even reduce code-size because - * the compiler need not write back temporary results - * to memory in case of failure. - * - */ - -static inline int mps_reader_is_accumulating( - mbedtls_mps_reader const *rd) -{ - mbedtls_mps_size_t acc_remaining; - if (rd->acc == NULL) { - return 0; - } - - acc_remaining = rd->acc_share.acc_remaining; - return acc_remaining > 0; -} - -static inline int mps_reader_is_producing( - mbedtls_mps_reader const *rd) -{ - unsigned char *frag = rd->frag; - return frag == NULL; -} - -static inline int mps_reader_is_consuming( - mbedtls_mps_reader const *rd) -{ - return !mps_reader_is_producing(rd); -} - -static inline mbedtls_mps_size_t mps_reader_get_fragment_offset( - mbedtls_mps_reader const *rd) -{ - unsigned char *acc = rd->acc; - mbedtls_mps_size_t frag_offset; - - if (acc == NULL) { - return 0; - } - - frag_offset = rd->acc_share.frag_offset; - return frag_offset; -} - -static inline mbedtls_mps_size_t mps_reader_serving_from_accumulator( - mbedtls_mps_reader const *rd) -{ - mbedtls_mps_size_t frag_offset, end; - - frag_offset = mps_reader_get_fragment_offset(rd); - end = rd->end; - - return end < frag_offset; -} - -static inline void mps_reader_zero(mbedtls_mps_reader *rd) -{ - /* A plain memset() would likely be more efficient, - * but the current way of zeroing makes it harder - * to overlook fields which should not be zero-initialized. - * It's also more suitable for FV efforts since it - * doesn't require reasoning about structs being - * interpreted as unstructured binary blobs. */ - static mbedtls_mps_reader const zero = - { .frag = NULL, - .frag_len = 0, - .commit = 0, - .end = 0, - .pending = 0, - .acc = NULL, - .acc_len = 0, - .acc_available = 0, - .acc_share = { .acc_remaining = 0 } }; - *rd = zero; -} - -int mbedtls_mps_reader_init(mbedtls_mps_reader *rd, - unsigned char *acc, - mbedtls_mps_size_t acc_len) -{ - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_init"); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Accumulator size: %u bytes", (unsigned) acc_len); - mps_reader_zero(rd); - rd->acc = acc; - rd->acc_len = acc_len; - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_free(mbedtls_mps_reader *rd) -{ - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_free"); - mps_reader_zero(rd); - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_feed(mbedtls_mps_reader *rd, - unsigned char *new_frag, - mbedtls_mps_size_t new_frag_len) -{ - mbedtls_mps_size_t copy_to_acc; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_feed"); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Fragment length: %u bytes", (unsigned) new_frag_len); - - if (new_frag == NULL) { - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_INVALID_ARG); - } - - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_producing( - rd), - "mbedtls_mps_reader_feed() requires reader to be in producing mode"); - - if (mps_reader_is_accumulating(rd)) { - unsigned char *acc = rd->acc; - mbedtls_mps_size_t acc_remaining = rd->acc_share.acc_remaining; - mbedtls_mps_size_t acc_available = rd->acc_available; - - /* Skip over parts of the accumulator that have already been filled. */ - acc += acc_available; - - copy_to_acc = acc_remaining; - if (copy_to_acc > new_frag_len) { - copy_to_acc = new_frag_len; - } - - /* Copy new contents to accumulator. */ - memcpy(acc, new_frag, copy_to_acc); - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Copy new data of size %u of %u into accumulator at offset %u", - (unsigned) copy_to_acc, (unsigned) new_frag_len, - (unsigned) acc_available); - - /* Check if, with the new fragment, we have enough data. */ - acc_remaining -= copy_to_acc; - if (acc_remaining > 0) { - /* We need to accumulate more data. Stay in producing mode. */ - acc_available += copy_to_acc; - rd->acc_share.acc_remaining = acc_remaining; - rd->acc_available = acc_available; - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_NEED_MORE); - } - - /* We have filled the accumulator: Move to consuming mode. */ - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Enough data available to serve user request"); - - /* Remember overlap of accumulator and fragment. */ - rd->acc_share.frag_offset = acc_available; - acc_available += copy_to_acc; - rd->acc_available = acc_available; - } else { /* Not accumulating */ - rd->acc_share.frag_offset = 0; - } - - rd->frag = new_frag; - rd->frag_len = new_frag_len; - rd->commit = 0; - rd->end = 0; - MBEDTLS_MPS_TRACE_RETURN(0); -} - - -int mbedtls_mps_reader_get(mbedtls_mps_reader *rd, - mbedtls_mps_size_t desired, - unsigned char **buffer, - mbedtls_mps_size_t *buflen) -{ - unsigned char *frag; - mbedtls_mps_size_t frag_len, frag_offset, end, frag_fetched, frag_remaining; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_get"); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Bytes requested: %u", (unsigned) desired); - - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( - rd), - "mbedtls_mps_reader_get() requires reader to be in consuming mode"); - - end = rd->end; - frag_offset = mps_reader_get_fragment_offset(rd); - - /* Check if we're still serving from the accumulator. */ - if (mps_reader_serving_from_accumulator(rd)) { - /* Illustration of supported and unsupported cases: - * - * - Allowed #1 - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end+desired - * | | - * +-----v-------v-------------+ - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * - Allowed #2 - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end+desired - * | | - * +----------v----------------v - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * - Not allowed #1 (could be served, but we don't actually use it): - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end+desired - * | | - * +------v-------------v------+ - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * - * - Not allowed #2 (can't be served with a contiguous buffer): - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end + desired - * | | - * +------v--------------------+ v - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * In case of Allowed #2 we're switching to serve from - * `frag` starting from the next call to mbedtls_mps_reader_get(). - */ - - unsigned char *acc; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Serve the request from the accumulator"); - if (frag_offset - end < desired) { - mbedtls_mps_size_t acc_available; - acc_available = rd->acc_available; - if (acc_available - end != desired) { - /* It might be possible to serve some of these situations by - * making additional space in the accumulator, removing those - * parts that have already been committed. - * On the other hand, this brings additional complexity and - * enlarges the code size, while there doesn't seem to be a use - * case where we don't attempt exactly the same `get` calls when - * resuming on a reader than what we tried before pausing it. - * If we believe we adhere to this restricted usage throughout - * the library, this check is a good opportunity to - * validate this. */ - MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - } - } - - acc = rd->acc; - acc += end; - - *buffer = acc; - if (buflen != NULL) { - *buflen = desired; - } - - end += desired; - rd->end = end; - rd->pending = 0; - - MBEDTLS_MPS_TRACE_RETURN(0); - } - - /* Attempt to serve the request from the current fragment */ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Serve the request from the current fragment."); - - frag_len = rd->frag_len; - frag_fetched = end - frag_offset; /* The amount of data from the current - * fragment that has already been passed - * to the user. */ - frag_remaining = frag_len - frag_fetched; /* Remaining data in fragment */ - - /* Check if we can serve the read request from the fragment. */ - if (frag_remaining < desired) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There's not enough data in the current fragment " - "to serve the request."); - /* There's not enough data in the current fragment, - * so either just RETURN what we have or fail. */ - if (buflen == NULL) { - if (frag_remaining > 0) { - rd->pending = desired - frag_remaining; - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Remember to collect %u bytes before re-opening", - (unsigned) rd->pending); - } - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - } - - desired = frag_remaining; - } - - /* There's enough data in the current fragment to serve the - * (potentially modified) read request. */ - - frag = rd->frag; - frag += frag_fetched; - - *buffer = frag; - if (buflen != NULL) { - *buflen = desired; - } - - end += desired; - rd->end = end; - rd->pending = 0; - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_commit(mbedtls_mps_reader *rd) -{ - mbedtls_mps_size_t end; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_commit"); - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( - rd), - "mbedtls_mps_reader_commit() requires reader to be in consuming mode"); - - end = rd->end; - rd->commit = end; - - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *rd, - int *paused) -{ - unsigned char *frag, *acc; - mbedtls_mps_size_t pending, commit; - mbedtls_mps_size_t acc_len, frag_offset, frag_len; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_reclaim"); - - if (paused != NULL) { - *paused = 0; - } - - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( - rd), - "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode"); - - frag = rd->frag; - acc = rd->acc; - pending = rd->pending; - commit = rd->commit; - frag_len = rd->frag_len; - - frag_offset = mps_reader_get_fragment_offset(rd); - - if (pending == 0) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "No unsatisfied read-request has been logged."); - - /* Check if there's data left to be consumed. */ - if (commit < frag_offset || commit - frag_offset < frag_len) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There is data left to be consumed."); - rd->end = commit; - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_DATA_LEFT); - } - - rd->acc_available = 0; - rd->acc_share.acc_remaining = 0; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Fragment has been fully processed and committed."); - } else { - int overflow; - - mbedtls_mps_size_t acc_backup_offset; - mbedtls_mps_size_t acc_backup_len; - mbedtls_mps_size_t frag_backup_offset; - mbedtls_mps_size_t frag_backup_len; - - mbedtls_mps_size_t backup_len; - mbedtls_mps_size_t acc_len_needed; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There has been an unsatisfied read with %u bytes overhead.", - (unsigned) pending); - - if (acc == NULL) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "No accumulator present"); - MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR); - } - acc_len = rd->acc_len; - - /* Check if the upper layer has already fetched - * and committed the contents of the accumulator. */ - if (commit < frag_offset) { - /* No, accumulator is still being processed. */ - frag_backup_offset = 0; - frag_backup_len = frag_len; - acc_backup_offset = commit; - acc_backup_len = frag_offset - commit; - } else { - /* Yes, the accumulator is already processed. */ - frag_backup_offset = commit - frag_offset; - frag_backup_len = frag_len - frag_backup_offset; - acc_backup_offset = 0; - acc_backup_len = 0; - } - - backup_len = acc_backup_len + frag_backup_len; - acc_len_needed = backup_len + pending; - - overflow = 0; - overflow |= (backup_len < acc_backup_len); - overflow |= (acc_len_needed < backup_len); - - if (overflow || acc_len < acc_len_needed) { - /* Except for the different return code, we behave as if - * there hadn't been a call to mbedtls_mps_reader_get() - * since the last commit. */ - rd->end = commit; - rd->pending = 0; - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, - "The accumulator is too small to handle the backup."); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, - "* Size: %u", (unsigned) acc_len); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, - "* Needed: %u (%u + %u)", - (unsigned) acc_len_needed, - (unsigned) backup_len, (unsigned) pending); - MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - } - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Fragment backup: %u", (unsigned) frag_backup_len); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Accumulator backup: %u", (unsigned) acc_backup_len); - - /* Move uncommitted parts from the accumulator to the front - * of the accumulator. */ - memmove(acc, acc + acc_backup_offset, acc_backup_len); - - /* Copy uncommitted parts of the current fragment to the - * accumulator. */ - memcpy(acc + acc_backup_len, - frag + frag_backup_offset, frag_backup_len); - - rd->acc_available = backup_len; - rd->acc_share.acc_remaining = pending; - - if (paused != NULL) { - *paused = 1; - } - } - - rd->frag = NULL; - rd->frag_len = 0; - - rd->commit = 0; - rd->end = 0; - rd->pending = 0; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Final state: aa %u, al %u, ar %u", - (unsigned) rd->acc_available, (unsigned) rd->acc_len, - (unsigned) rd->acc_share.acc_remaining); - MBEDTLS_MPS_TRACE_RETURN(0); -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/mps_reader.h b/library/mps_reader.h deleted file mode 100644 index 3193a5e33..000000000 --- a/library/mps_reader.h +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_reader.h - * - * \brief This file defines reader objects, which together with their - * sibling writer objects form the basis for the communication - * between the various layers of the Mbed TLS messaging stack, - * as well as the communication between the messaging stack and - * the (D)TLS handshake protocol implementation. - * - * Readers provide a means of transferring incoming data from - * a 'producer' providing it in chunks of arbitrary size, to - * a 'consumer' which fetches and processes it in chunks of - * again arbitrary, and potentially different, size. - * - * Readers can thus be seen as datagram-to-stream converters, - * and they abstract away the following two tasks from the user: - * 1. The pointer arithmetic of stepping through a producer- - * provided chunk in smaller chunks. - * 2. The merging of incoming data chunks in case the - * consumer requests data in larger chunks than what the - * producer provides. - * - * The basic abstract flow of operation is the following: - * - Initially, the reader is in 'producing mode'. - * - The producer hands an incoming data buffer to the reader, - * moving it from 'producing' to 'consuming' mode. - * - The consumer subsequently fetches and processes the buffer - * content. Once that's done -- or partially done and a consumer's - * request can't be fulfilled -- the producer revokes the reader's - * access to the incoming data buffer, putting the reader back to - * producing mode. - * - The producer subsequently gathers more incoming data and hands - * it to the reader until it switches back to consuming mode - * if enough data is available for the last consumer request to - * be satisfiable. - * - Repeat the above. - * - * The abstract states of the reader from the producer's and - * consumer's perspective are as follows: - * - * - From the perspective of the consumer, the state of the - * reader consists of the following: - * - A byte stream representing (concatenation of) the data - * received through calls to mbedtls_mps_reader_get(), - * - A marker within that byte stream indicating which data - * can be considered processed, and hence need not be retained, - * when the reader is passed back to the producer via - * mbedtls_mps_reader_reclaim(). - * The marker is set via mbedtls_mps_reader_commit() - * which places it at the end of the current byte stream. - * The consumer need not be aware of the distinction between consumer - * and producer mode, because it only interfaces with the reader - * when the latter is in consuming mode. - * - * - From the perspective of the producer, the reader's state is one of: - * - Attached: The reader is in consuming mode. - * - Unset: No incoming data buffer is currently managed by the reader, - * and all previously handed incoming data buffers have been - * fully processed. More data needs to be fed into the reader - * via mbedtls_mps_reader_feed(). - * - * - Accumulating: No incoming data buffer is currently managed by the - * reader, but some data from the previous incoming data - * buffer hasn't been processed yet and is internally - * held back. - * The Attached state belongs to consuming mode, while the Unset and - * Accumulating states belong to producing mode. - * - * Transitioning from the Unset or Accumulating state to Attached is - * done via successful calls to mbedtls_mps_reader_feed(), while - * transitioning from Attached to either Unset or Accumulating (depending - * on what has been processed) is done via mbedtls_mps_reader_reclaim(). - * - * The following diagram depicts the producer-state progression: - * - * +------------------+ reclaim - * | Unset +<-------------------------------------+ get - * +--------|---------+ | +------+ - * | | | | - * | | | | - * | feed +---------+---+--+ | - * +--------------------------------------> <---+ - * | Attached | - * +--------------------------------------> <---+ - * | feed, enough data available +---------+---+--+ | - * | to serve previous consumer request | | | - * | | | | - * +--------+---------+ | +------+ - * +----> Accumulating |<-------------------------------------+ commit - * | +---+--------------+ reclaim, previous read request - * | | couldn't be fulfilled - * | | - * +--------+ - * feed, need more data to serve - * previous consumer request - * | - * | - * producing mode | consuming mode - * | - * - */ - -#ifndef MBEDTLS_READER_H -#define MBEDTLS_READER_H - -#include - -#include "mps_common.h" -#include "mps_error.h" - -struct mbedtls_mps_reader; -typedef struct mbedtls_mps_reader mbedtls_mps_reader; - -/* - * Structure definitions - */ - -struct mbedtls_mps_reader { - unsigned char *frag; /*!< The fragment of incoming data managed by - * the reader; it is provided to the reader - * through mbedtls_mps_reader_feed(). The reader - * does not own the fragment and does not - * perform any allocation operations on it, - * but does have read and write access to it. - * - * The reader is in consuming mode if - * and only if \c frag is not \c NULL. */ - mbedtls_mps_stored_size_t frag_len; - /*!< The length of the current fragment. - * Must be 0 if \c frag == \c NULL. */ - mbedtls_mps_stored_size_t commit; - /*!< The offset of the last commit, relative - * to the first byte in the fragment, if - * no accumulator is present. If an accumulator - * is present, it is viewed as a prefix to the - * current fragment, and this variable contains - * an offset from the beginning of the accumulator. - * - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ - mbedtls_mps_stored_size_t end; - /*!< The offset of the end of the last chunk - * passed to the user through a call to - * mbedtls_mps_reader_get(), relative to the first - * byte in the fragment, if no accumulator is - * present. If an accumulator is present, it is - * viewed as a prefix to the current fragment, and - * this variable contains an offset from the - * beginning of the accumulator. - * - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ - mbedtls_mps_stored_size_t pending; - /*!< The amount of incoming data missing on the - * last call to mbedtls_mps_reader_get(). - * In particular, it is \c 0 if the last call - * was successful. - * If a reader is reclaimed after an - * unsuccessful call to mbedtls_mps_reader_get(), - * this variable is used to have the reader - * remember how much data should be accumulated - * so that the call to mbedtls_mps_reader_get() - * succeeds next time. - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ - - /* The accumulator is only needed if we need to be able to pause - * the reader. A few bytes could be saved by moving this to a - * separate struct and using a pointer here. */ - - unsigned char *acc; /*!< The accumulator is used to gather incoming - * data if a read-request via mbedtls_mps_reader_get() - * cannot be served from the current fragment. */ - mbedtls_mps_stored_size_t acc_len; - /*!< The total size of the accumulator. */ - mbedtls_mps_stored_size_t acc_available; - /*!< The number of bytes currently gathered in - * the accumulator. This is both used in - * producing and in consuming mode: - * While producing, it is increased until - * it reaches the value of \c acc_remaining below. - * While consuming, it is used to judge if a - * get request can be served from the - * accumulator or not. - * Must not be larger than \c acc_len. */ - union { - mbedtls_mps_stored_size_t acc_remaining; - /*!< This indicates the amount of data still - * to be gathered in the accumulator. It is - * only used in producing mode. - * Must be at most acc_len - acc_available. */ - mbedtls_mps_stored_size_t frag_offset; - /*!< If an accumulator is present and in use, this - * field indicates the offset of the current - * fragment from the beginning of the - * accumulator. If no accumulator is present - * or the accumulator is not in use, this is \c 0. - * It is only used in consuming mode. - * Must not be larger than \c acc_available. */ - } acc_share; -}; - -/* - * API organization: - * A reader object is usually prepared and maintained - * by some lower layer and passed for usage to an upper - * layer, and the API naturally splits according to which - * layer is supposed to use the respective functions. - */ - -/* - * Maintenance API (Lower layer) - */ - -/** - * \brief Initialize a reader object - * - * \param reader The reader to be initialized. - * \param acc The buffer to be used as a temporary accumulator - * in case get requests through mbedtls_mps_reader_get() - * exceed the buffer provided by mbedtls_mps_reader_feed(). - * This buffer is owned by the caller and exclusive use - * for reading and writing is given to the reader for the - * duration of the reader's lifetime. It is thus the caller's - * responsibility to maintain (and not touch) the buffer for - * the lifetime of the reader, and to properly zeroize and - * free the memory after the reader has been destroyed. - * \param acc_len The size in Bytes of \p acc. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - */ -int mbedtls_mps_reader_init(mbedtls_mps_reader *reader, - unsigned char *acc, - mbedtls_mps_size_t acc_len); - -/** - * \brief Free a reader object - * - * \param reader The reader to be freed. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - */ -int mbedtls_mps_reader_free(mbedtls_mps_reader *reader); - -/** - * \brief Pass chunk of data for the reader to manage. - * - * \param reader The reader context to use. The reader must be - * in producing mode. - * \param buf The buffer to be managed by the reader. - * \param buflen The size in Bytes of \p buffer. - * - * \return \c 0 on success. In this case, the reader will be - * moved to consuming mode and obtains read access - * of \p buf until mbedtls_mps_reader_reclaim() - * is called. It is the responsibility of the caller - * to ensure that the \p buf persists and is not changed - * between successful calls to mbedtls_mps_reader_feed() - * and mbedtls_mps_reader_reclaim(). - * \return \c MBEDTLS_ERR_MPS_READER_NEED_MORE if more input data is - * required to fulfill a previous request to mbedtls_mps_reader_get(). - * In this case, the reader remains in producing mode and - * takes no ownership of the provided buffer (an internal copy - * is made instead). - * \return Another negative \c MBEDTLS_ERR_READER_XXX error code on - * different kinds of failures. - */ -int mbedtls_mps_reader_feed(mbedtls_mps_reader *reader, - unsigned char *buf, - mbedtls_mps_size_t buflen); - -/** - * \brief Reclaim reader's access to the current input buffer. - * - * \param reader The reader context to use. The reader must be - * in consuming mode. - * \param paused If not \c NULL, the integer at address \p paused will be - * modified to indicate whether the reader has been paused - * (value \c 1) or not (value \c 0). Pausing happens if there - * is uncommitted data and a previous request to - * mbedtls_mps_reader_get() has exceeded the bounds of the - * input buffer. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - */ -int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *reader, - int *paused); - -/* - * Usage API (Upper layer) - */ - -/** - * \brief Request data from the reader. - * - * \param reader The reader context to use. The reader must - * be in consuming mode. - * \param desired The desired amount of data to be read, in Bytes. - * \param buffer The address to store the buffer pointer in. - * This must not be \c NULL. - * \param buflen The address to store the actual buffer - * length in, or \c NULL. - * - * \return \c 0 on success. In this case, \c *buf holds the - * address of a buffer of size \c *buflen - * (if \c buflen != \c NULL) or \c desired - * (if \c buflen == \c NULL). The user has read access - * to the buffer and guarantee of stability of the data - * until the next call to mbedtls_mps_reader_reclaim(). - * \return #MBEDTLS_ERR_MPS_READER_OUT_OF_DATA if there is not enough - * data available to serve the get request. In this case, the - * reader remains intact and in consuming mode, and the consumer - * should retry the call after a successful cycle of - * mbedtls_mps_reader_reclaim() and mbedtls_mps_reader_feed(). - * If, after such a cycle, the consumer requests a different - * amount of data, the result is implementation-defined; - * progress is guaranteed only if the same amount of data - * is requested after a mbedtls_mps_reader_reclaim() and - * mbedtls_mps_reader_feed() cycle. - * \return Another negative \c MBEDTLS_ERR_READER_XXX error - * code for different kinds of failure. - * - * \note Passing \c NULL as \p buflen is a convenient way to - * indicate that fragmentation is not tolerated. - * It's functionally equivalent to passing a valid - * address as buflen and checking \c *buflen == \c desired - * afterwards. - */ -int mbedtls_mps_reader_get(mbedtls_mps_reader *reader, - mbedtls_mps_size_t desired, - unsigned char **buffer, - mbedtls_mps_size_t *buflen); - -/** - * \brief Mark data obtained from mbedtls_mps_reader_get() as processed. - * - * This call indicates that all data received from prior calls to - * mbedtls_mps_reader_get() has been or will have been - * processed when mbedtls_mps_reader_reclaim() is called, - * and thus need not be backed up. - * - * This function has no user observable effect until - * mbedtls_mps_reader_reclaim() is called. In particular, - * buffers received from mbedtls_mps_reader_get() remain - * valid until mbedtls_mps_reader_reclaim() is called. - * - * \param reader The reader context to use. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - * - */ -int mbedtls_mps_reader_commit(mbedtls_mps_reader *reader); - -#endif /* MBEDTLS_READER_H */ diff --git a/library/mps_trace.c b/library/mps_trace.c deleted file mode 100644 index 98449b5f7..000000000 --- a/library/mps_trace.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Message Processing Stack, Trace module - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "mps_common.h" - -#if defined(MBEDTLS_MPS_ENABLE_TRACE) - -#include "mps_trace.h" -#include - -static int trace_depth = 0; - -#define color_default "\x1B[0m" -#define color_red "\x1B[1;31m" -#define color_green "\x1B[1;32m" -#define color_yellow "\x1B[1;33m" -#define color_blue "\x1B[1;34m" -#define color_magenta "\x1B[1;35m" -#define color_cyan "\x1B[1;36m" -#define color_white "\x1B[1;37m" - -static char const *colors[] = -{ - color_default, - color_green, - color_yellow, - color_magenta, - color_cyan, - color_blue, - color_white -}; - -#define MPS_TRACE_BUF_SIZE 100 - -void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...) -{ - int ret; - char str[MPS_TRACE_BUF_SIZE]; - va_list argp; - va_start(argp, format); - ret = mbedtls_vsnprintf(str, MPS_TRACE_BUF_SIZE, format, argp); - va_end(argp); - - if (ret >= 0 && ret < MPS_TRACE_BUF_SIZE) { - str[ret] = '\0'; - mbedtls_printf("[%d|L%d]: %s\n", id, line, str); - } -} - -int mbedtls_mps_trace_get_depth() -{ - return trace_depth; -} -void mbedtls_mps_trace_dec_depth() -{ - trace_depth--; -} -void mbedtls_mps_trace_inc_depth() -{ - trace_depth++; -} - -void mbedtls_mps_trace_color(int id) -{ - if (id > (int) (sizeof(colors) / sizeof(*colors))) { - return; - } - printf("%s", colors[id]); -} - -void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty) -{ - if (level > 0) { - while (--level) { - printf("| "); - } - - printf("| "); - } - - switch (ty) { - case MBEDTLS_MPS_TRACE_TYPE_COMMENT: - mbedtls_printf("@ "); - break; - - case MBEDTLS_MPS_TRACE_TYPE_CALL: - mbedtls_printf("+--> "); - break; - - case MBEDTLS_MPS_TRACE_TYPE_ERROR: - mbedtls_printf("E "); - break; - - case MBEDTLS_MPS_TRACE_TYPE_RETURN: - mbedtls_printf("< "); - break; - - default: - break; - } -} - -#endif /* MBEDTLS_MPS_ENABLE_TRACE */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/mps_trace.h b/library/mps_trace.h deleted file mode 100644 index ac2b75f6b..000000000 --- a/library/mps_trace.h +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_trace.h - * - * \brief Tracing module for MPS - */ - -#ifndef MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H -#define MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H - -#include "ssl_misc.h" -#include "mps_common.h" -#include "mps_trace.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MPS_ENABLE_TRACE) - -/* - * Adapt this to enable/disable tracing output - * from the various layers of the MPS. - */ - -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_1 -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_2 -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_3 -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_4 -#define MBEDTLS_MPS_TRACE_ENABLE_READER -#define MBEDTLS_MPS_TRACE_ENABLE_WRITER - -/* - * To use the existing trace module, only change - * MBEDTLS_MPS_TRACE_ENABLE_XXX above, but don't modify the - * rest of this file. - */ - -typedef enum { - MBEDTLS_MPS_TRACE_TYPE_COMMENT, - MBEDTLS_MPS_TRACE_TYPE_CALL, - MBEDTLS_MPS_TRACE_TYPE_ERROR, - MBEDTLS_MPS_TRACE_TYPE_RETURN -} mbedtls_mps_trace_type; - -#define MBEDTLS_MPS_TRACE_BIT_LAYER_1 1 -#define MBEDTLS_MPS_TRACE_BIT_LAYER_2 2 -#define MBEDTLS_MPS_TRACE_BIT_LAYER_3 3 -#define MBEDTLS_MPS_TRACE_BIT_LAYER_4 4 -#define MBEDTLS_MPS_TRACE_BIT_WRITER 5 -#define MBEDTLS_MPS_TRACE_BIT_READER 6 - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_READER) -#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER) -#else -#define MBEDTLS_MPS_TRACE_MASK_READER 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER) -#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER) -#else -#define MBEDTLS_MPS_TRACE_MASK_WRITER 0 -#endif - -#define MBEDTLS_MPS_TRACE_MASK (MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \ - MBEDTLS_MPS_TRACE_MASK_READER | \ - MBEDTLS_MPS_TRACE_MASK_WRITER) - -/* We have to avoid globals because E-ACSL chokes on them... - * Wrap everything in stub functions. */ -int mbedtls_mps_trace_get_depth(void); -void mbedtls_mps_trace_inc_depth(void); -void mbedtls_mps_trace_dec_depth(void); - -void mbedtls_mps_trace_color(int id); -void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty); - -void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...); - -#define MBEDTLS_MPS_TRACE(type, ...) \ - do { \ - if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ - break; \ - mbedtls_mps_trace_indent(mbedtls_mps_trace_get_depth(), type); \ - mbedtls_mps_trace_color(mbedtls_mps_trace_id); \ - mbedtls_mps_trace_print_msg(mbedtls_mps_trace_id, __LINE__, __VA_ARGS__); \ - mbedtls_mps_trace_color(0); \ - } while (0) - -#define MBEDTLS_MPS_TRACE_INIT(...) \ - do { \ - if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ - break; \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__); \ - mbedtls_mps_trace_inc_depth(); \ - } while (0) - -#define MBEDTLS_MPS_TRACE_END(val) \ - do { \ - if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ - break; \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \ - (int) (val), -((unsigned) (val))); \ - mbedtls_mps_trace_dec_depth(); \ - } while (0) - -#define MBEDTLS_MPS_TRACE_RETURN(val) \ - do { \ - /* Breaks tail recursion. */ \ - int ret__ = val; \ - MBEDTLS_MPS_TRACE_END(ret__); \ - return ret__; \ - } while (0) - -#else /* MBEDTLS_MPS_TRACE */ - -#define MBEDTLS_MPS_TRACE(type, ...) do { } while (0) -#define MBEDTLS_MPS_TRACE_INIT(...) do { } while (0) -#define MBEDTLS_MPS_TRACE_END do { } while (0) - -#define MBEDTLS_MPS_TRACE_RETURN(val) return val; - -#endif /* MBEDTLS_MPS_TRACE */ - -#endif /* MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H */ diff --git a/library/net_sockets.c b/library/net_sockets.c deleted file mode 100644 index ca70f3797..000000000 --- a/library/net_sockets.c +++ /dev/null @@ -1,696 +0,0 @@ -/* - * TCP/IP or UDP/IP networking functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must - * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#ifndef _POSIX_C_SOURCE -#define _POSIX_C_SOURCE 200112L -#endif -#ifndef _XOPEN_SOURCE -#define _XOPEN_SOURCE 600 /* sockaddr_storage */ -#endif - -#include "ssl_misc.h" - -#if defined(MBEDTLS_NET_C) - -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) -#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in mbedtls_config.h" -#endif - -#include "mbedtls/platform.h" - -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" - -#include - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - -#define IS_EINTR(ret) ((ret) == WSAEINTR) - -#include - -#include -#include -#if (_WIN32_WINNT < 0x0501) -#include -#endif - -#if defined(_MSC_VER) -#if defined(_WIN32_WCE) -#pragma comment( lib, "ws2.lib" ) -#else -#pragma comment( lib, "ws2_32.lib" ) -#endif -#endif /* _MSC_VER */ - -#define read(fd, buf, len) recv(fd, (char *) (buf), (int) (len), 0) -#define write(fd, buf, len) send(fd, (char *) (buf), (int) (len), 0) -#define close(fd) closesocket(fd) - -static int wsa_init_done = 0; - -#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define IS_EINTR(ret) ((ret) == EINTR) -#define SOCKET int - -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -/* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard functions use socklen_t, so cast only for MSVC */ -#if defined(_MSC_VER) -#define MSVC_INT_CAST (int) -#else -#define MSVC_INT_CAST -#endif - -#include - -#if defined(MBEDTLS_HAVE_TIME) -#include -#endif - -#include - -/* - * Prepare for using the sockets interface - */ -static int net_prepare(void) -{ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - WSADATA wsaData; - - if (wsa_init_done == 0) { - if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) { - return MBEDTLS_ERR_NET_SOCKET_FAILED; - } - - wsa_init_done = 1; - } -#else -#if !defined(EFIX64) && !defined(EFI32) - signal(SIGPIPE, SIG_IGN); -#endif -#endif - return 0; -} - -/* - * Return 0 if the file descriptor is valid, an error otherwise. - * If for_select != 0, check whether the file descriptor is within the range - * allowed for fd_set used for the FD_xxx macros and the select() function. - */ -static int check_fd(int fd, int for_select) -{ - if (fd < 0) { - return MBEDTLS_ERR_NET_INVALID_CONTEXT; - } - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - (void) for_select; -#else - /* A limitation of select() is that it only works with file descriptors - * that are strictly less than FD_SETSIZE. This is a limitation of the - * fd_set type. Error out early, because attempting to call FD_SET on a - * large file descriptor is a buffer overflow on typical platforms. */ - if (for_select && fd >= FD_SETSIZE) { - return MBEDTLS_ERR_NET_POLL_FAILED; - } -#endif - - return 0; -} - -/* - * Initialize a context - */ -void mbedtls_net_init(mbedtls_net_context *ctx) -{ - ctx->fd = -1; -} - -/* - * Initiate a TCP connection with host:port and the given protocol - */ -int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, - const char *port, int proto) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - struct addrinfo hints, *addr_list, *cur; - - if ((ret = net_prepare()) != 0) { - return ret; - } - - /* Do name resolution with both IPv6 and IPv4 */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - - if (getaddrinfo(host, port, &hints, &addr_list) != 0) { - return MBEDTLS_ERR_NET_UNKNOWN_HOST; - } - - /* Try the sockaddrs until a connection succeeds */ - ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for (cur = addr_list; cur != NULL; cur = cur->ai_next) { - ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, - cur->ai_protocol); - if (ctx->fd < 0) { - ret = MBEDTLS_ERR_NET_SOCKET_FAILED; - continue; - } - - if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) { - ret = 0; - break; - } - - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_CONNECT_FAILED; - } - - freeaddrinfo(addr_list); - - return ret; -} - -/* - * Create a listening socket on bind_ip:port - */ -int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto) -{ - int n, ret; - struct addrinfo hints, *addr_list, *cur; - - if ((ret = net_prepare()) != 0) { - return ret; - } - - /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if (bind_ip == NULL) { - hints.ai_flags = AI_PASSIVE; - } - - if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) { - return MBEDTLS_ERR_NET_UNKNOWN_HOST; - } - - /* Try the sockaddrs until a binding succeeds */ - ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for (cur = addr_list; cur != NULL; cur = cur->ai_next) { - ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, - cur->ai_protocol); - if (ctx->fd < 0) { - ret = MBEDTLS_ERR_NET_SOCKET_FAILED; - continue; - } - - n = 1; - if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &n, sizeof(n)) != 0) { - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_SOCKET_FAILED; - continue; - } - - if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) { - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_BIND_FAILED; - continue; - } - - /* Listen only makes sense for TCP */ - if (proto == MBEDTLS_NET_PROTO_TCP) { - if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) { - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_LISTEN_FAILED; - continue; - } - } - - /* Bind was successful */ - ret = 0; - break; - } - - freeaddrinfo(addr_list); - - return ret; - -} - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) -/* - * Check if the requested operation would be blocking on a non-blocking socket - * and thus 'failed' with a negative return value. - */ -static int net_would_block(const mbedtls_net_context *ctx) -{ - ((void) ctx); - return WSAGetLastError() == WSAEWOULDBLOCK; -} -#else -/* - * Check if the requested operation would be blocking on a non-blocking socket - * and thus 'failed' with a negative return value. - * - * Note: on a blocking socket this function always returns 0! - */ -static int net_would_block(const mbedtls_net_context *ctx) -{ - int err = errno; - - /* - * Never return 'WOULD BLOCK' on a blocking socket - */ - if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) { - errno = err; - return 0; - } - - switch (errno = err) { -#if defined EAGAIN - case EAGAIN: -#endif -#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN - case EWOULDBLOCK: -#endif - return 1; - } - return 0; -} -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -/* - * Accept a connection from a remote client - */ -int mbedtls_net_accept(mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *cip_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int type; - - struct sockaddr_storage client_addr; - -#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ - defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) - socklen_t n = (socklen_t) sizeof(client_addr); - socklen_t type_len = (socklen_t) sizeof(type); -#else - int n = (int) sizeof(client_addr); - int type_len = (int) sizeof(type); -#endif - - /* Is this a TCP or UDP socket? */ - if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE, - (void *) &type, &type_len) != 0 || - (type != SOCK_STREAM && type != SOCK_DGRAM)) { - return MBEDTLS_ERR_NET_ACCEPT_FAILED; - } - - if (type == SOCK_STREAM) { - /* TCP: actual accept() */ - ret = client_ctx->fd = (int) accept(bind_ctx->fd, - (struct sockaddr *) &client_addr, &n); - } else { - /* UDP: wait for a message, but keep it in the queue */ - char buf[1] = { 0 }; - - ret = (int) recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK, - (struct sockaddr *) &client_addr, &n); - -#if defined(_WIN32) - if (ret == SOCKET_ERROR && - WSAGetLastError() == WSAEMSGSIZE) { - /* We know buf is too small, thanks, just peeking here */ - ret = 0; - } -#endif - } - - if (ret < 0) { - if (net_would_block(bind_ctx) != 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return MBEDTLS_ERR_NET_ACCEPT_FAILED; - } - - /* UDP: hijack the listening socket to communicate with the client, - * then bind a new socket to accept new connections */ - if (type != SOCK_STREAM) { - struct sockaddr_storage local_addr; - int one = 1; - - if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) { - return MBEDTLS_ERR_NET_ACCEPT_FAILED; - } - - client_ctx->fd = bind_ctx->fd; - bind_ctx->fd = -1; /* In case we exit early */ - - n = sizeof(struct sockaddr_storage); - if (getsockname(client_ctx->fd, - (struct sockaddr *) &local_addr, &n) != 0 || - (bind_ctx->fd = (int) socket(local_addr.ss_family, - SOCK_DGRAM, IPPROTO_UDP)) < 0 || - setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &one, sizeof(one)) != 0) { - return MBEDTLS_ERR_NET_SOCKET_FAILED; - } - - if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) { - return MBEDTLS_ERR_NET_BIND_FAILED; - } - } - - if (client_ip != NULL) { - if (client_addr.ss_family == AF_INET) { - struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; - *cip_len = sizeof(addr4->sin_addr.s_addr); - - if (buf_size < *cip_len) { - return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; - } - - memcpy(client_ip, &addr4->sin_addr.s_addr, *cip_len); - } else { - struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr; - *cip_len = sizeof(addr6->sin6_addr.s6_addr); - - if (buf_size < *cip_len) { - return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; - } - - memcpy(client_ip, &addr6->sin6_addr.s6_addr, *cip_len); - } - } - - return 0; -} - -/* - * Set the socket blocking or non-blocking - */ -int mbedtls_net_set_block(mbedtls_net_context *ctx) -{ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - u_long n = 0; - return ioctlsocket(ctx->fd, FIONBIO, &n); -#else - return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK); -#endif -} - -int mbedtls_net_set_nonblock(mbedtls_net_context *ctx) -{ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - u_long n = 1; - return ioctlsocket(ctx->fd, FIONBIO, &n); -#else - return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK); -#endif -} - -/* - * Check if data is available on the socket - */ - -int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - struct timeval tv; - - fd_set read_fds; - fd_set write_fds; - - int fd = ctx->fd; - - ret = check_fd(fd, 1); - if (ret != 0) { - return ret; - } - -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) - /* Ensure that memory sanitizers consider read_fds and write_fds as - * initialized even on platforms such as Glibc/x86_64 where FD_ZERO - * is implemented in assembly. */ - memset(&read_fds, 0, sizeof(read_fds)); - memset(&write_fds, 0, sizeof(write_fds)); -#endif -#endif - - FD_ZERO(&read_fds); - if (rw & MBEDTLS_NET_POLL_READ) { - rw &= ~MBEDTLS_NET_POLL_READ; - FD_SET((SOCKET) fd, &read_fds); - } - - FD_ZERO(&write_fds); - if (rw & MBEDTLS_NET_POLL_WRITE) { - rw &= ~MBEDTLS_NET_POLL_WRITE; - FD_SET((SOCKET) fd, &write_fds); - } - - if (rw != 0) { - return MBEDTLS_ERR_NET_BAD_INPUT_DATA; - } - - tv.tv_sec = timeout / 1000; - tv.tv_usec = (timeout % 1000) * 1000; - - do { - ret = select(fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1 ? NULL : &tv); - } while (IS_EINTR(ret)); - - if (ret < 0) { - return MBEDTLS_ERR_NET_POLL_FAILED; - } - - ret = 0; - if (FD_ISSET(fd, &read_fds)) { - ret |= MBEDTLS_NET_POLL_READ; - } - if (FD_ISSET(fd, &write_fds)) { - ret |= MBEDTLS_NET_POLL_WRITE; - } - - return ret; -} - -/* - * Portable usleep helper - */ -void mbedtls_net_usleep(unsigned long usec) -{ -#if defined(_WIN32) - Sleep((usec + 999) / 1000); -#else - struct timeval tv; - tv.tv_sec = usec / 1000000; -#if (defined(__unix__) || defined(__unix) || \ - (defined(__APPLE__) && defined(__MACH__))) && !defined(__DJGPP__) - tv.tv_usec = (suseconds_t) usec % 1000000; -#else - tv.tv_usec = usec % 1000000; -#endif - select(0, NULL, NULL, NULL, &tv); -#endif -} - -/* - * Read at most 'len' characters - */ -int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int fd = ((mbedtls_net_context *) ctx)->fd; - - ret = check_fd(fd, 0); - if (ret != 0) { - return ret; - } - - ret = (int) read(fd, buf, len); - - if (ret < 0) { - if (net_would_block(ctx) != 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - if (WSAGetLastError() == WSAECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } -#else - if (errno == EPIPE || errno == ECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } - - if (errno == EINTR) { - return MBEDTLS_ERR_SSL_WANT_READ; - } -#endif - - return MBEDTLS_ERR_NET_RECV_FAILED; - } - - return ret; -} - -/* - * Read at most 'len' characters, blocking for at most 'timeout' ms - */ -int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, - size_t len, uint32_t timeout) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - struct timeval tv; - fd_set read_fds; - int fd = ((mbedtls_net_context *) ctx)->fd; - - ret = check_fd(fd, 1); - if (ret != 0) { - return ret; - } - - FD_ZERO(&read_fds); - FD_SET((SOCKET) fd, &read_fds); - - tv.tv_sec = timeout / 1000; - tv.tv_usec = (timeout % 1000) * 1000; - - ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv); - - /* Zero fds ready means we timed out */ - if (ret == 0) { - return MBEDTLS_ERR_SSL_TIMEOUT; - } - - if (ret < 0) { -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - if (WSAGetLastError() == WSAEINTR) { - return MBEDTLS_ERR_SSL_WANT_READ; - } -#else - if (errno == EINTR) { - return MBEDTLS_ERR_SSL_WANT_READ; - } -#endif - - return MBEDTLS_ERR_NET_RECV_FAILED; - } - - /* This call will not block */ - return mbedtls_net_recv(ctx, buf, len); -} - -/* - * Write at most 'len' characters - */ -int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int fd = ((mbedtls_net_context *) ctx)->fd; - - ret = check_fd(fd, 0); - if (ret != 0) { - return ret; - } - - ret = (int) write(fd, buf, len); - - if (ret < 0) { - if (net_would_block(ctx) != 0) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - if (WSAGetLastError() == WSAECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } -#else - if (errno == EPIPE || errno == ECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } - - if (errno == EINTR) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } -#endif - - return MBEDTLS_ERR_NET_SEND_FAILED; - } - - return ret; -} - -/* - * Close the connection - */ -void mbedtls_net_close(mbedtls_net_context *ctx) -{ - if (ctx->fd == -1) { - return; - } - - close(ctx->fd); - - ctx->fd = -1; -} - -/* - * Gracefully close the connection - */ -void mbedtls_net_free(mbedtls_net_context *ctx) -{ - if (ctx == NULL || ctx->fd == -1) { - return; - } - - shutdown(ctx->fd, 2); - close(ctx->fd); - - ctx->fd = -1; -} - -#endif /* MBEDTLS_NET_C */ diff --git a/library/pkcs7.c b/library/pkcs7.c deleted file mode 100644 index ff0567c6f..000000000 --- a/library/pkcs7.c +++ /dev/null @@ -1,771 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#include "x509_internal.h" - -#if defined(MBEDTLS_PKCS7_C) -#include "mbedtls/pkcs7.h" -#include "mbedtls/asn1.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" -#include "mbedtls/error.h" - -#if defined(MBEDTLS_FS_IO) -#include -#include -#endif - -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#if defined(MBEDTLS_HAVE_TIME_DATE) -#include -#endif - -/** - * Initializes the mbedtls_pkcs7 structure. - */ -void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7) -{ - memset(pkcs7, 0, sizeof(*pkcs7)); -} - -static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end, - size_t *len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_CONTEXT_SPECIFIC); - if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } else if ((size_t) (end - *p) != *len) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return ret; -} - -/** - * version Version - * Version ::= INTEGER - **/ -static int pkcs7_get_version(unsigned char **p, unsigned char *end, int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_asn1_get_int(p, end, ver); - if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_VERSION, ret); - } - - /* If version != 1, return invalid version */ - if (*ver != MBEDTLS_PKCS7_SUPPORTED_VERSION) { - ret = MBEDTLS_ERR_PKCS7_INVALID_VERSION; - } - - return ret; -} - -/** - * ContentInfo ::= SEQUENCE { - * contentType ContentType, - * content - * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } - **/ -static int pkcs7_get_content_info_type(unsigned char **p, unsigned char *end, - unsigned char **seq_end, - mbedtls_pkcs7_buf *pkcs7) -{ - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *start = *p; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - *p = start; - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - *seq_end = *p + len; - ret = mbedtls_asn1_get_tag(p, *seq_end, &len, MBEDTLS_ASN1_OID); - if (ret != 0) { - *p = start; - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - - pkcs7->tag = MBEDTLS_ASN1_OID; - pkcs7->len = len; - pkcs7->p = *p; - *p += len; - - return ret; -} - -/** - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier - * - * This is from x509.h - **/ -static int pkcs7_get_digest_algorithm(unsigned char **p, unsigned char *end, - mbedtls_x509_buf *alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret); - } - - return ret; -} - -/** - * DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier - **/ -static int pkcs7_get_digest_algorithm_set(unsigned char **p, - unsigned char *end, - mbedtls_x509_buf *alg) -{ - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SET); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret); - } - - end = *p + len; - - ret = mbedtls_asn1_get_alg_null(p, end, alg); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret); - } - - /** For now, it assumes there is only one digest algorithm specified **/ - if (*p != end) { - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - return 0; -} - -/** - * certificates :: SET OF ExtendedCertificateOrCertificate, - * ExtendedCertificateOrCertificate ::= CHOICE { - * certificate Certificate -- x509, - * extendedCertificate[0] IMPLICIT ExtendedCertificate } - * Return number of certificates added to the signed data, - * 0 or higher is valid. - * Return negative error code for failure. - **/ -static int pkcs7_get_certificates(unsigned char **p, unsigned char *end, - mbedtls_x509_crt *certs) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len1 = 0; - size_t len2 = 0; - unsigned char *end_set, *end_cert, *start; - - ret = mbedtls_asn1_get_tag(p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_CONTEXT_SPECIFIC); - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - } - start = *p; - end_set = *p + len1; - - ret = mbedtls_asn1_get_tag(p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CERT, ret); - } - - end_cert = *p + len2; - - /* - * This is to verify that there is only one signer certificate. It seems it is - * not easy to differentiate between the chain vs different signer's certificate. - * So, we support only the root certificate and the single signer. - * The behaviour would be improved with addition of multiple signer support. - */ - if (end_cert != end_set) { - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - if ((ret = mbedtls_x509_crt_parse_der(certs, start, len1)) < 0) { - return MBEDTLS_ERR_PKCS7_INVALID_CERT; - } - - *p = end_cert; - - /* - * Since in this version we strictly support single certificate, and reaching - * here implies we have parsed successfully, we return 1. - */ - return 1; -} - -/** - * EncryptedDigest ::= OCTET STRING - **/ -static int pkcs7_get_signature(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_buf *signature) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING); - if (ret != 0) { - return ret; - } - - signature->tag = MBEDTLS_ASN1_OCTET_STRING; - signature->len = len; - signature->p = *p; - - *p = *p + len; - - return 0; -} - -static void pkcs7_free_signer_info(mbedtls_pkcs7_signer_info *signer) -{ - mbedtls_x509_name *name_cur; - mbedtls_x509_name *name_prv; - - if (signer == NULL) { - return; - } - - name_cur = signer->issuer.next; - while (name_cur != NULL) { - name_prv = name_cur; - name_cur = name_cur->next; - mbedtls_free(name_prv); - } - signer->issuer.next = NULL; -} - -/** - * SignerInfo ::= SEQUENCE { - * version Version; - * issuerAndSerialNumber IssuerAndSerialNumber, - * digestAlgorithm DigestAlgorithmIdentifier, - * authenticatedAttributes - * [0] IMPLICIT Attributes OPTIONAL, - * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, - * encryptedDigest EncryptedDigest, - * unauthenticatedAttributes - * [1] IMPLICIT Attributes OPTIONAL, - * Returns 0 if the signerInfo is valid. - * Return negative error code for failure. - * Structure must not contain vales for authenticatedAttributes - * and unauthenticatedAttributes. - **/ -static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_signer_info *signer, - mbedtls_x509_buf *alg) -{ - unsigned char *end_signer, *end_issuer_and_sn; - int asn1_ret = 0, ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - asn1_ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (asn1_ret != 0) { - goto out; - } - - end_signer = *p + len; - - ret = pkcs7_get_version(p, end_signer, &signer->version); - if (ret != 0) { - goto out; - } - - asn1_ret = mbedtls_asn1_get_tag(p, end_signer, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (asn1_ret != 0) { - goto out; - } - - end_issuer_and_sn = *p + len; - /* Parsing IssuerAndSerialNumber */ - signer->issuer_raw.p = *p; - - asn1_ret = mbedtls_asn1_get_tag(p, end_issuer_and_sn, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (asn1_ret != 0) { - goto out; - } - - ret = mbedtls_x509_get_name(p, *p + len, &signer->issuer); - if (ret != 0) { - goto out; - } - - signer->issuer_raw.len = (size_t) (*p - signer->issuer_raw.p); - - ret = mbedtls_x509_get_serial(p, end_issuer_and_sn, &signer->serial); - if (ret != 0) { - goto out; - } - - /* ensure no extra or missing bytes */ - if (*p != end_issuer_and_sn) { - ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - goto out; - } - - ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->alg_identifier); - if (ret != 0) { - goto out; - } - - /* Check that the digest algorithm used matches the one provided earlier */ - if (signer->alg_identifier.tag != alg->tag || - signer->alg_identifier.len != alg->len || - memcmp(signer->alg_identifier.p, alg->p, alg->len) != 0) { - ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - goto out; - } - - /* Assume authenticatedAttributes is nonexistent */ - ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->sig_alg_identifier); - if (ret != 0) { - goto out; - } - - ret = pkcs7_get_signature(p, end_signer, &signer->sig); - if (ret != 0) { - goto out; - } - - /* Do not permit any unauthenticated attributes */ - if (*p != end_signer) { - ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - } - -out: - if (asn1_ret != 0 || ret != 0) { - pkcs7_free_signer_info(signer); - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, - asn1_ret); - } - - return ret; -} - -/** - * SignerInfos ::= SET of SignerInfo - * Return number of signers added to the signed data, - * 0 or higher is valid. - * Return negative error code for failure. - **/ -static int pkcs7_get_signers_info_set(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_signer_info *signers_set, - mbedtls_x509_buf *digest_alg) -{ - unsigned char *end_set; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int count = 0; - size_t len = 0; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SET); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, ret); - } - - /* Detect zero signers */ - if (len == 0) { - return 0; - } - - end_set = *p + len; - - ret = pkcs7_get_signer_info(p, end_set, signers_set, digest_alg); - if (ret != 0) { - return ret; - } - count++; - - mbedtls_pkcs7_signer_info *prev = signers_set; - while (*p != end_set) { - mbedtls_pkcs7_signer_info *signer = - mbedtls_calloc(1, sizeof(mbedtls_pkcs7_signer_info)); - if (!signer) { - ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - goto cleanup; - } - - ret = pkcs7_get_signer_info(p, end_set, signer, digest_alg); - if (ret != 0) { - mbedtls_free(signer); - goto cleanup; - } - prev->next = signer; - prev = signer; - count++; - } - - return count; - -cleanup: - pkcs7_free_signer_info(signers_set); - mbedtls_pkcs7_signer_info *signer = signers_set->next; - while (signer != NULL) { - prev = signer; - signer = signer->next; - pkcs7_free_signer_info(prev); - mbedtls_free(prev); - } - signers_set->next = NULL; - return ret; -} - -/** - * SignedData ::= SEQUENCE { - * version Version, - * digestAlgorithms DigestAlgorithmIdentifiers, - * contentInfo ContentInfo, - * certificates - * [0] IMPLICIT ExtendedCertificatesAndCertificates - * OPTIONAL, - * crls - * [0] IMPLICIT CertificateRevocationLists OPTIONAL, - * signerInfos SignerInfos } - */ -static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, - mbedtls_pkcs7_signed_data *signed_data) -{ - unsigned char *p = buf; - unsigned char *end = buf + buflen; - unsigned char *end_content_info = NULL; - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_alg; - - ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - } - - if (p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Get version of signed data */ - ret = pkcs7_get_version(&p, end, &signed_data->version); - if (ret != 0) { - return ret; - } - - /* Get digest algorithm */ - ret = pkcs7_get_digest_algorithm_set(&p, end, - &signed_data->digest_alg_identifiers); - if (ret != 0) { - return ret; - } - - ret = mbedtls_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg); - if (ret != 0) { - return MBEDTLS_ERR_PKCS7_INVALID_ALG; - } - - mbedtls_pkcs7_buf content_type; - memset(&content_type, 0, sizeof(content_type)); - ret = pkcs7_get_content_info_type(&p, end, &end_content_info, &content_type); - if (ret != 0) { - return ret; - } - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &content_type)) { - return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO; - } - - if (p != end_content_info) { - /* Determine if valid content is present */ - ret = mbedtls_asn1_get_tag(&p, - end_content_info, - &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - p += len; - if (p != end_content_info) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - /* Valid content is present - this is not supported */ - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - /* Look for certificates, there may or may not be any */ - mbedtls_x509_crt_init(&signed_data->certs); - ret = pkcs7_get_certificates(&p, end, &signed_data->certs); - if (ret < 0) { - return ret; - } - - signed_data->no_of_certs = ret; - - /* - * Currently CRLs are not supported. If CRL exist, the parsing will fail - * at next step of getting signers info and return error as invalid - * signer info. - */ - - signed_data->no_of_crls = 0; - - /* Get signers info */ - ret = pkcs7_get_signers_info_set(&p, - end, - &signed_data->signers, - &signed_data->digest_alg_identifiers); - if (ret < 0) { - return ret; - } - - signed_data->no_of_signers = ret; - - /* Don't permit trailing data */ - if (p != end) { - return MBEDTLS_ERR_PKCS7_INVALID_FORMAT; - } - - return 0; -} - -int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, - const size_t buflen) -{ - unsigned char *p; - unsigned char *end; - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (pkcs7 == NULL) { - return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - - /* make an internal copy of the buffer for parsing */ - pkcs7->raw.p = p = mbedtls_calloc(1, buflen); - if (pkcs7->raw.p == NULL) { - ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - goto out; - } - memcpy(p, buf, buflen); - pkcs7->raw.len = buflen; - end = p + buflen; - - ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - goto out; - } - - if ((size_t) (end - p) != len) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - goto out; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { - if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - goto out; - } - p = pkcs7->raw.p; - len = buflen; - goto try_data; - } - - if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_DATA, p, len)) { - /* OID is not MBEDTLS_OID_PKCS7_SIGNED_DATA, which is the only supported feature */ - if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DIGESTED_DATA, p, len)) { - /* OID is valid according to the spec, but unsupported */ - ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } else { - /* OID is invalid according to the spec */ - ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - goto out; - } - - p += len; - - ret = pkcs7_get_next_content_len(&p, end, &len); - if (ret != 0) { - goto out; - } - - /* ensure no extra/missing data */ - if (p + len != end) { - ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - goto out; - } - -try_data: - ret = pkcs7_get_signed_data(p, len, &pkcs7->signed_data); - if (ret != 0) { - goto out; - } - - ret = MBEDTLS_PKCS7_SIGNED_DATA; - -out: - if (ret < 0) { - mbedtls_pkcs7_free(pkcs7); - } - - return ret; -} - -static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen, - const int is_data_hash) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *hash; - mbedtls_pk_context pk_cxt = cert->pk; - const mbedtls_md_info_t *md_info; - mbedtls_md_type_t md_alg; - mbedtls_pkcs7_signer_info *signer; - - if (pkcs7->signed_data.no_of_signers == 0) { - return MBEDTLS_ERR_PKCS7_INVALID_CERT; - } - - if (mbedtls_x509_time_is_past(&cert->valid_to) || - mbedtls_x509_time_is_future(&cert->valid_from)) { - return MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID; - } - - ret = mbedtls_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); - if (ret != 0) { - return ret; - } - - md_info = mbedtls_md_info_from_type(md_alg); - if (md_info == NULL) { - return MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } - - hash = mbedtls_calloc(mbedtls_md_get_size(md_info), 1); - if (hash == NULL) { - return MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - } - - /* BEGIN must free hash before jumping out */ - if (is_data_hash) { - if (datalen != mbedtls_md_get_size(md_info)) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } else { - memcpy(hash, data, datalen); - } - } else { - ret = mbedtls_md(md_info, data, datalen, hash); - } - if (ret != 0) { - mbedtls_free(hash); - return MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } - - /* assume failure */ - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - - /* - * Potential TODOs - * Currently we iterate over all signers and return success if any of them - * verify. - * - * However, we could make this better by checking against the certificate's - * identification and SignerIdentifier fields first. That would also allow - * us to distinguish between 'no signature for key' and 'signature for key - * failed to validate'. - */ - for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); - - if (ret == 0) { - break; - } - } - - mbedtls_free(hash); - /* END must free hash before jumping out */ - return ret; -} - -int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen) -{ - if (data == NULL) { - return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, data, datalen, 0); -} - -int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *hash, - size_t hashlen) -{ - if (hash == NULL) { - return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, hash, hashlen, 1); -} - -/* - * Unallocate all pkcs7 data - */ -void mbedtls_pkcs7_free(mbedtls_pkcs7 *pkcs7) -{ - mbedtls_pkcs7_signer_info *signer_cur; - mbedtls_pkcs7_signer_info *signer_prev; - - if (pkcs7 == NULL || pkcs7->raw.p == NULL) { - return; - } - - mbedtls_free(pkcs7->raw.p); - - mbedtls_x509_crt_free(&pkcs7->signed_data.certs); - mbedtls_x509_crl_free(&pkcs7->signed_data.crl); - - signer_cur = pkcs7->signed_data.signers.next; - pkcs7_free_signer_info(&pkcs7->signed_data.signers); - while (signer_cur != NULL) { - signer_prev = signer_cur; - signer_cur = signer_prev->next; - pkcs7_free_signer_info(signer_prev); - mbedtls_free(signer_prev); - } - - pkcs7->raw.p = NULL; -} - -#endif diff --git a/library/ssl_cache.c b/library/ssl_cache.c deleted file mode 100644 index 28d0cfbb7..000000000 --- a/library/ssl_cache.c +++ /dev/null @@ -1,409 +0,0 @@ -/* - * SSL session cache implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * These session callbacks use a simple chained list - * to store and retrieve the session information. - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CACHE_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_cache.h" -#include "mbedtls/error.h" - -#include - -void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache) -{ - memset(cache, 0, sizeof(mbedtls_ssl_cache_context)); - - cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT; - cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES; - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init(&cache->mutex); -#endif -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_cache_entry **dst) -{ - int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND; -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time(NULL); -#endif - mbedtls_ssl_cache_entry *cur; - - for (cur = cache->chain; cur != NULL; cur = cur->next) { -#if defined(MBEDTLS_HAVE_TIME) - if (cache->timeout != 0 && - (int) (t - cur->timestamp) > cache->timeout) { - continue; - } -#endif - - if (session_id_len != cur->session_id_len || - memcmp(session_id, cur->session_id, - cur->session_id_len) != 0) { - continue; - } - - break; - } - - if (cur != NULL) { - *dst = cur; - ret = 0; - } - - return ret; -} - - -int mbedtls_ssl_cache_get(void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; - mbedtls_ssl_cache_entry *entry; - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { - return ret; - } -#endif - - ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_ssl_session_load(session, - entry->session, - entry->session_len); - if (ret != 0) { - goto exit; - } - - ret = 0; - -exit: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&cache->mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -/* zeroize a cache entry */ -static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry) -{ - if (entry == NULL) { - return; - } - - /* zeroize and free session structure */ - if (entry->session != NULL) { - mbedtls_zeroize_and_free(entry->session, entry->session_len); - } - - /* zeroize the whole entry structure */ - mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_cache_entry **dst) -{ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; -#endif /* MBEDTLS_HAVE_TIME */ - - mbedtls_ssl_cache_entry *old = NULL; - int count = 0; - mbedtls_ssl_cache_entry *cur, *last; - - /* Check 1: Is there already an entry with the given session ID? - * - * If yes, overwrite it. - * - * If not, `count` will hold the size of the session cache - * at the end of this loop, and `last` will point to the last - * entry, both of which will be used later. */ - - last = NULL; - for (cur = cache->chain; cur != NULL; cur = cur->next) { - count++; - if (session_id_len == cur->session_id_len && - memcmp(session_id, cur->session_id, cur->session_id_len) == 0) { - goto found; - } - last = cur; - } - - /* Check 2: Is there an outdated entry in the cache? - * - * If so, overwrite it. - * - * If not, remember the oldest entry in `old` for later. - */ - -#if defined(MBEDTLS_HAVE_TIME) - for (cur = cache->chain; cur != NULL; cur = cur->next) { - if (cache->timeout != 0 && - (int) (t - cur->timestamp) > cache->timeout) { - goto found; - } - - if (oldest == 0 || cur->timestamp < oldest) { - oldest = cur->timestamp; - old = cur; - } - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* Check 3: Is there free space in the cache? */ - - if (count < cache->max_entries) { - /* Create new entry */ - cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry)); - if (cur == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - /* Append to the end of the linked list. */ - if (last == NULL) { - cache->chain = cur; - } else { - last->next = cur; - } - - goto found; - } - - /* Last resort: The cache is full and doesn't contain any outdated - * elements. In this case, we evict the oldest one, judged by timestamp - * (if present) or cache-order. */ - -#if defined(MBEDTLS_HAVE_TIME) - if (old == NULL) { - /* This should only happen on an ill-configured cache - * with max_entries == 0. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#else /* MBEDTLS_HAVE_TIME */ - /* Reuse first entry in chain, but move to last place. */ - if (cache->chain == NULL) { - /* This should never happen */ - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - - old = cache->chain; - cache->chain = old->next; - old->next = NULL; - last->next = old; -#endif /* MBEDTLS_HAVE_TIME */ - - /* Now `old` points to the oldest entry to be overwritten. */ - cur = old; - -found: - - /* If we're reusing an entry, free it first. */ - if (cur->session != NULL) { - /* `ssl_cache_entry_zeroize` would break the chain, - * so we reuse `old` to record `next` temporarily. */ - old = cur->next; - ssl_cache_entry_zeroize(cur); - cur->next = old; - } - -#if defined(MBEDTLS_HAVE_TIME) - cur->timestamp = t; -#endif - - *dst = cur; - return 0; -} - -int mbedtls_ssl_cache_set(void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; - mbedtls_ssl_cache_entry *cur; - - size_t session_serialized_len = 0; - unsigned char *session_serialized = NULL; - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { - return ret; - } -#endif - - ret = ssl_cache_pick_writing_slot(cache, - session_id, session_id_len, - &cur); - if (ret != 0) { - goto exit; - } - - /* Check how much space we need to serialize the session - * and allocate a sufficiently large buffer. */ - ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - goto exit; - } - - session_serialized = mbedtls_calloc(1, session_serialized_len); - if (session_serialized == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - /* Now serialize the session into the allocated buffer. */ - ret = mbedtls_ssl_session_save(session, - session_serialized, - session_serialized_len, - &session_serialized_len); - if (ret != 0) { - goto exit; - } - - if (session_id_len > sizeof(cur->session_id)) { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto exit; - } - cur->session_id_len = session_id_len; - memcpy(cur->session_id, session_id, session_id_len); - - cur->session = session_serialized; - cur->session_len = session_serialized_len; - session_serialized = NULL; - - ret = 0; - -exit: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&cache->mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - if (session_serialized != NULL) { - mbedtls_zeroize_and_free(session_serialized, session_serialized_len); - session_serialized = NULL; - } - - return ret; -} - -int mbedtls_ssl_cache_remove(void *data, - unsigned char const *session_id, - size_t session_id_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; - mbedtls_ssl_cache_entry *entry; - mbedtls_ssl_cache_entry *prev; - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { - return ret; - } -#endif - - ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry); - /* No valid entry found, exit with success */ - if (ret != 0) { - ret = 0; - goto exit; - } - - /* Now we remove the entry from the chain */ - if (entry == cache->chain) { - cache->chain = entry->next; - goto free; - } - for (prev = cache->chain; prev->next != NULL; prev = prev->next) { - if (prev->next == entry) { - prev->next = entry->next; - break; - } - } - -free: - ssl_cache_entry_zeroize(entry); - mbedtls_free(entry); - ret = 0; - -exit: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&cache->mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -#if defined(MBEDTLS_HAVE_TIME) -void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout) -{ - if (timeout < 0) { - timeout = 0; - } - - cache->timeout = timeout; -} -#endif /* MBEDTLS_HAVE_TIME */ - -void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max) -{ - if (max < 0) { - max = 0; - } - - cache->max_entries = max; -} - -void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache) -{ - mbedtls_ssl_cache_entry *cur, *prv; - - cur = cache->chain; - - while (cur != NULL) { - prv = cur; - cur = cur->next; - - ssl_cache_entry_zeroize(prv); - mbedtls_free(prv); - } - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free(&cache->mutex); -#endif - cache->chain = NULL; -} - -#endif /* MBEDTLS_SSL_CACHE_C */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c deleted file mode 100644 index f4621876b..000000000 --- a/library/ssl_ciphersuites.c +++ /dev/null @@ -1,1876 +0,0 @@ -/** - * \file ssl_ciphersuites.c - * - * \brief SSL ciphersuites for Mbed TLS - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl.h" -#include "ssl_misc.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/psa_util.h" -#endif - -#include - -/* - * Ordered from most preferred to least preferred in terms of security. - * - * Current rule (except weak and null which come last): - * 1. By key exchange: - * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK - * 2. By key length and cipher: - * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 - * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 - * 4. By hash function used when relevant - * 5. By key exchange/auth again: EC > non-EC - */ -static const int ciphersuite_preference[] = -{ -#if defined(MBEDTLS_SSL_CIPHERSUITES) - MBEDTLS_SSL_CIPHERSUITES, -#else -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* TLS 1.3 ciphersuites */ - MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS1_3_AES_256_GCM_SHA384, - MBEDTLS_TLS1_3_AES_128_GCM_SHA256, - MBEDTLS_TLS1_3_AES_128_CCM_SHA256, - MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* Chacha-Poly ephemeral suites */ - MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - - /* All AES-256 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, - - /* All CAMELLIA-256 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - - /* All ARIA-256 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - - /* All AES-128 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, - - /* All CAMELLIA-128 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - - /* All ARIA-128 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - - /* The PSK ephemeral suites */ - MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - - /* The ECJPAKE suite */ - MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, - - /* All AES-256 suites */ - MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, - - /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - - /* All ARIA-256 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - - /* All AES-128 suites */ - MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, - - /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - - /* All ARIA-128 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - - /* The PSK suites */ - MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_PSK_WITH_AES_256_CCM, - MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, - MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - - MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_128_CCM, - MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, - MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - - /* NULL suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, - - MBEDTLS_TLS_RSA_WITH_NULL_SHA256, - MBEDTLS_TLS_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_MD5, - MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, - MBEDTLS_TLS_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_PSK_WITH_NULL_SHA, - -#endif /* MBEDTLS_SSL_CIPHERSUITES */ - 0 -}; - -static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#endif /* PSA_WANT_ALG_GCM */ -#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, - { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, - "TLS1-3-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && - PSA_WANT_ALG_SHA_256 && - MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_ALG_MD5) - { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ - -#if defined(PSA_WANT_KEY_TYPE_ARIA) - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#endif /* PSA_WANT_KEY_TYPE_ARIA */ - - - { 0, "", - MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, - 0, 0, 0 } -}; - -#if defined(MBEDTLS_SSL_CIPHERSUITES) -const int *mbedtls_ssl_list_ciphersuites(void) -{ - return ciphersuite_preference; -} -#else -#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ - sizeof(ciphersuite_definitions[0]) -static int supported_ciphersuites[MAX_CIPHERSUITES]; -static int supported_init = 0; - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) -{ - (void) cs_info; - - return 0; -} - -const int *mbedtls_ssl_list_ciphersuites(void) -{ - /* - * On initial call filter out all ciphersuites not supported by current - * build based on presence in the ciphersuite_definitions. - */ - if (supported_init == 0) { - const int *p; - int *q; - - for (p = ciphersuite_preference, q = supported_ciphersuites; - *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; - p++) { - const mbedtls_ssl_ciphersuite_t *cs_info; - if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && - !ciphersuite_is_removed(cs_info)) { - *(q++) = *p; - } - } - *q = 0; - - supported_init = 1; - } - - return supported_ciphersuites; -} -#endif /* MBEDTLS_SSL_CIPHERSUITES */ - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( - const char *ciphersuite_name) -{ - const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - - if (NULL == ciphersuite_name) { - return NULL; - } - - while (cur->id != 0) { - if (0 == strcmp(cur->name, ciphersuite_name)) { - return cur; - } - - cur++; - } - - return NULL; -} - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - - while (cur->id != 0) { - if (cur->id == ciphersuite) { - return cur; - } - - cur++; - } - - return NULL; -} - -const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) -{ - const mbedtls_ssl_ciphersuite_t *cur; - - cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - - if (cur == NULL) { - return "unknown"; - } - - return cur->name; -} - -int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) -{ - const mbedtls_ssl_ciphersuite_t *cur; - - cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); - - if (cur == NULL) { - return 0; - } - - return cur->id; -} - -size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t key_type; - psa_algorithm_t alg; - size_t key_bits; - - status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, - info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, - &alg, &key_type, &key_bits); - - if (status != PSA_SUCCESS) { - return 0; - } - - return key_bits; -#else - const mbedtls_cipher_info_t * const cipher_info = - mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher); - - return mbedtls_cipher_info_get_key_bitlen(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} - -#if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; - - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; - - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return MBEDTLS_PK_ECKEY; - - default: - return MBEDTLS_PK_NONE; - } -} - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_ALG_RSA_PKCS1V15_CRYPT; - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_ALG_ECDH; - - default: - return PSA_ALG_NONE; - } -} - -psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_KEY_USAGE_DECRYPT; - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_KEY_USAGE_SIGN_HASH; - - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_KEY_USAGE_DERIVE; - - default: - return 0; - } -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; - - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; - - default: - return MBEDTLS_PK_NONE; - } -} - -#endif /* MBEDTLS_PK_C */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h deleted file mode 100644 index 4f71bc063..000000000 --- a/library/ssl_ciphersuites_internal.h +++ /dev/null @@ -1,152 +0,0 @@ -/** - * \file ssl_ciphersuites_internal.h - * - * \brief Internal part of the public "ssl_ciphersuites.h". - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H -#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H - -#include "mbedtls/pk.h" - -#if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); -#if defined(MBEDTLS_USE_PSA_CRYPTO) -psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); -psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); -#endif /* MBEDTLS_PK_C */ - -int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); -int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - -static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} - -static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_server_signature( - const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */ diff --git a/library/ssl_client.c b/library/ssl_client.c deleted file mode 100644 index 823708173..000000000 --- a/library/ssl_client.c +++ /dev/null @@ -1,1016 +0,0 @@ -/* - * TLS 1.2 and 1.3 client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#include - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "ssl_client.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t hostname_len; - - *olen = 0; - - if (ssl->hostname == NULL) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding server name extension: %s", - ssl->hostname)); - - hostname_len = strlen(ssl->hostname); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); - - /* - * Sect. 3, RFC 6066 (TLS Extensions Definitions) - * - * In order to provide any of the server names, clients MAY include an - * extension of type "server_name" in the (extended) client hello. The - * "extension_data" field of this extension SHALL contain - * "ServerNameList" where: - * - * struct { - * NameType name_type; - * select (name_type) { - * case host_name: HostName; - * } name; - * } ServerName; - * - * enum { - * host_name(0), (255) - * } NameType; - * - * opaque HostName<1..2^16-1>; - * - * struct { - * ServerName server_name_list<1..2^16-1> - * } ServerNameList; - * - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SERVERNAME, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(hostname_len + 5, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(hostname_len + 3, p, 0); - p += 2; - - *p++ = MBEDTLS_BYTE_0(MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME); - - MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); - p += 2; - - memcpy(p, ssl->hostname, hostname_len); - - *olen = hostname_len + 9; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - return 0; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) -/* - * ssl_write_alpn_ext() - * - * Structure of the application_layer_protocol_negotiation extension in - * ClientHello: - * - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - - *out_len = 0; - - if (ssl->conf->alpn_list == NULL) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension")); - - - /* Check we have enough space for the extension type (2 bytes), the - * extension length (2 bytes) and the protocol_name_list length (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0); - /* Skip writing extension and list length for now */ - p += 6; - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - */ - for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { - /* - * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of - * protocol names is less than 255. - */ - size_t protocol_name_len = strlen(*cur); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + protocol_name_len); - *p++ = (unsigned char) protocol_name_len; - memcpy(p, *cur, protocol_name_len); - p += protocol_name_len; - } - - *out_len = (size_t) (p - buf); - - /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4); - - /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */ - MBEDTLS_PUT_UINT16_BE(*out_len - 4, buf, 2); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - return 0; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* - * Function for writing a supported groups (TLS 1.3) or supported elliptic - * curves (TLS 1.2) extension. - * - * The "extension_data" field of a supported groups extension contains a - * "NamedGroupList" value (TLS 1.3 RFC8446): - * enum { - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - * - * The "extension_data" field of a supported elliptic curves extension contains - * a "NamedCurveList" value (TLS 1.2 RFC 8422): - * enum { - * deprecated(1..22), - * secp256r1 (23), secp384r1 (24), secp521r1 (25), - * x25519(29), x448(30), - * reserved (0xFE00..0xFEFF), - * deprecated(0xFF01..0xFF02), - * (0xFFFF) - * } NamedCurve; - * struct { - * NamedCurve named_curve_list<2..2^16-1> - * } NamedCurveList; - * - * The TLS 1.3 supported groups extension was defined to be a compatible - * generalization of the TLS 1.2 supported elliptic curves extension. They both - * share the same extension identifier. - * - */ -#define SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG 1 -#define SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG 2 - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - int flags, - size_t *out_len) -{ - unsigned char *p = buf; - unsigned char *named_group_list; /* Start of named_group_list */ - size_t named_group_list_len; /* Length of named_group_list */ - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding supported_groups extension")); - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - named_group_list_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - - named_group_list = p; - - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *group_list != 0; group_list++) { - int propose_group = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("got supported group(%04x)", *group_list)); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG) { -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list) && - (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) != - MBEDTLS_ECP_DP_NONE)) { - propose_group = 1; - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) { - propose_group = 1; - } -#endif - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) - if ((flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG) && - mbedtls_ssl_tls12_named_group_is_ecdhe(*group_list) && - (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) != - MBEDTLS_ECP_DP_NONE)) { - propose_group = 1; - } -#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC */ - - if (propose_group) { - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(*group_list, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", - mbedtls_ssl_named_group_to_str(*group_list), - *group_list)); - } - } - - /* Length of named_group_list */ - named_group_list_len = (size_t) (p - named_group_list); - if (named_group_list_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No group available.")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE(named_group_list_len + 2, buf, 2); - /* Write length of named_group_list */ - MBEDTLS_PUT_UINT16_BE(named_group_list_len, buf, 4); - - MBEDTLS_SSL_DEBUG_BUF(3, "Supported groups extension", - buf + 4, named_group_list_len + 2); - - *out_len = (size_t) (p - buf); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC || - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_hello_cipher_suites( - mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - int *tls12_uses_ec, - size_t *out_len) -{ - unsigned char *p = buf; - const int *ciphersuite_list; - unsigned char *cipher_suites; /* Start of the cipher_suites list */ - size_t cipher_suites_len; - - *tls12_uses_ec = 0; - *out_len = 0; - - /* - * Ciphersuite list - * - * This is a list of the symmetric cipher options supported by - * the client, specifically the record protection algorithm - * ( including secret key length ) and a hash to be used with - * HKDF, in descending order of client preference. - */ - ciphersuite_list = ssl->conf->ciphersuite_list; - - /* Check there is space for the cipher suite list length (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p += 2; - - /* Write cipher_suites - * CipherSuite cipher_suites<2..2^16-2>; - */ - cipher_suites = p; - for (size_t i = 0; ciphersuite_list[i] != 0; i++) { - int cipher_suite = ciphersuite_list[i]; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); - - if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, - ssl->handshake->min_tls_version, - ssl->tls_version) != 0) { - continue; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) - *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); -#endif - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %04x, %s", - (unsigned int) cipher_suite, - ciphersuite_info->name)); - - /* Check there is space for the cipher suite identifier (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(cipher_suite, p, 0); - p += 2; - } - - /* - * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV - */ - int renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); -#endif - if (!renegotiating) { - MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV")); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0); - p += 2; - } - - /* Write the cipher_suites length in number of bytes */ - cipher_suites_len = (size_t) (p - cipher_suites); - MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0); - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", - cipher_suites_len/2)); - - /* Output the total length of cipher_suites field. */ - *out_len = (size_t) (p - buf); - - return 0; -} - -/* - * Structure of the TLS 1.3 ClientHello message: - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id<0..32>; - * CipherSuite cipher_suites<2..2^16-2>; - * opaque legacy_compression_methods<1..2^8-1>; - * Extension extensions<8..2^16-1>; - * } ClientHello; - * - * Structure of the (D)TLS 1.2 ClientHello message: - * - * struct { - * ProtocolVersion client_version; - * Random random; - * SessionID session_id; - * opaque cookie<0..2^8-1>; // DTLS 1.2 ONLY - * CipherSuite cipher_suites<2..2^16-2>; - * CompressionMethod compression_methods<1..2^8-1>; - * select (extensions_present) { - * case false: - * struct {}; - * case true: - * Extension extensions<0..2^16-1>; - * }; - * } ClientHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len, - size_t *binders_len) -{ - int ret; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char *p = buf; - unsigned char *p_extensions_len; /* Pointer to extensions length */ - size_t output_len; /* Length of buffer used by function */ - size_t extensions_len; /* Length of the list of extensions*/ - int tls12_uses_ec = 0; - - *out_len = 0; - *binders_len = 0; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - unsigned char propose_tls12 = - (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) - && - (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version); -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - unsigned char propose_tls13 = - (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3) - && - (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version); -#endif - - /* - * Write client_version (TLS 1.2) or legacy_version (TLS 1.3) - * - * In all cases this is the TLS 1.2 version. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - mbedtls_ssl_write_version(p, ssl->conf->transport, - MBEDTLS_SSL_VERSION_TLS1_2); - p += 2; - - /* ... - * Random random; - * ... - * - * The random bytes have been prepared by ssl_prepare_client_hello() into - * the handshake->randbytes buffer and are copied here into the output - * buffer. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - memcpy(p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", - p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - - /* TLS 1.2: - * ... - * SessionID session_id; - * ... - * with - * opaque SessionID<0..32>; - * - * TLS 1.3: - * ... - * opaque legacy_session_id<0..32>; - * ... - * - * The (legacy) session identifier bytes have been prepared by - * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer - * and are copied here into the output buffer. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1); - *p++ = (unsigned char) ssl->session_negotiate->id_len; - memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); - p += ssl->session_negotiate->id_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - - /* DTLS 1.2 ONLY - * ... - * opaque cookie<0..2^8-1>; - * ... - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint8_t cookie_len = 0; -#else - uint16_t cookie_len = 0; -#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (handshake->cookie != NULL) { - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", - handshake->cookie, - handshake->cookie_len); - cookie_len = handshake->cookie_len; - } - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, cookie_len + 1); - *p++ = (unsigned char) cookie_len; - if (cookie_len > 0) { - memcpy(p, handshake->cookie, cookie_len); - p += cookie_len; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ - - /* Write cipher_suites */ - ret = ssl_write_client_hello_cipher_suites(ssl, p, end, - &tls12_uses_ec, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - - /* Write legacy_compression_methods (TLS 1.3) or - * compression_methods (TLS 1.2) - * - * For every TLS 1.3 ClientHello, this vector MUST contain exactly - * one byte set to zero, which corresponds to the 'null' compression - * method in prior versions of TLS. - * - * For TLS 1.2 ClientHello, for security reasons we do not support - * compression anymore, thus also just the 'null' compression method. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - *p++ = 1; - *p++ = MBEDTLS_SSL_COMPRESS_NULL; - - /* Write extensions */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* Keeping track of the included extensions */ - handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; -#endif - - /* First write extensions, then the total length */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /* Write server name extension */ - ret = ssl_write_hostname_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) - ret = ssl_write_alpn_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (propose_tls13) { - ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif - -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - { - int ssl_write_supported_groups_ext_flags = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - ssl_write_supported_groups_ext_flags |= - SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG; - } -#endif -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) - if (propose_tls12 && tls12_uses_ec) { - ssl_write_supported_groups_ext_flags |= - SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG; - } -#endif - if (ssl_write_supported_groups_ext_flags != 0) { - ret = ssl_write_supported_groups_ext(ssl, p, end, - ssl_write_supported_groups_ext_flags, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } - } -#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC || - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - int write_sig_alg_ext = 0; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - write_sig_alg_ext = write_sig_alg_ext || - (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - write_sig_alg_ext = write_sig_alg_ext || propose_tls12; -#endif - - if (write_sig_alg_ext) { - ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (propose_tls12) { - ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end, - tls12_uses_ec, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11) - * MUST be the last extension in the ClientHello. - */ - if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { - ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - ssl, p, end, &output_len, binders_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - - /* Write the length of the list of extensions. */ - extensions_len = (size_t) (p - p_extensions_len) - 2; - - if (extensions_len == 0) { - p = p_extensions_len; - } else { - MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" \ - MBEDTLS_PRINTF_SIZET, extensions_len)); - MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", - p_extensions_len, extensions_len); - } - - *out_len = (size_t) (p - buf); - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_generate_random(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *randbytes = ssl->handshake->randbytes; - size_t gmt_unix_time_len = 0; - - /* - * Generate the random bytes - * - * TLS 1.2 case: - * struct { - * uint32 gmt_unix_time; - * opaque random_bytes[28]; - * } Random; - * - * TLS 1.3 case: - * opaque Random[32]; - */ - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t gmt_unix_time = mbedtls_time(NULL); - MBEDTLS_PUT_UINT32_BE(gmt_unix_time, randbytes, 0); - gmt_unix_time_len = 4; - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) gmt_unix_time)); -#endif /* MBEDTLS_HAVE_TIME */ - } - - ret = ssl->conf->f_rng(ssl->conf->p_rng, - randbytes + gmt_unix_time_len, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) -{ - int ret; - size_t session_id_len; - mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; - - if (session_negotiate == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_HAVE_TIME) - - /* Check if a tls13 ticket has been configured. */ - if (ssl->handshake->resume != 0 && - session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - session_negotiate->ticket != NULL) { - mbedtls_ms_time_t now = mbedtls_ms_time(); - mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time; - if (age < 0 || - age > (mbedtls_ms_time_t) session_negotiate->ticket_lifetime * 1000) { - /* Without valid ticket, disable session resumption.*/ - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket expired, disable session resumption")); - ssl->handshake->resume = 0; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_HAVE_TIME */ - - /* Bet on the highest configured version if we are not in a TLS 1.2 - * renegotiation or session resumption. - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - ssl->handshake->min_tls_version = ssl->tls_version; - } else -#endif - { - if (ssl->handshake->resume) { - ssl->tls_version = session_negotiate->tls_version; - ssl->handshake->min_tls_version = ssl->tls_version; - } else { - ssl->handshake->min_tls_version = ssl->conf->min_tls_version; - } - } - - /* - * Generate the random bytes, except when responding to a verify request - * where we MUST reuse the previously generated random bytes - * (RFC 6347 4.2.1). - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->handshake->cookie == NULL)) -#endif - { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (!ssl->handshake->hello_retry_request_flag) -#endif - { - ret = ssl_generate_random(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret); - return ret; - } - } - } - - /* - * Prepare session identifier. At that point, the length of the session - * identifier in the SSL context `ssl->session_negotiate->id_len` is equal - * to zero, except in the case of a TLS 1.2 session renegotiation or - * session resumption. - */ - session_id_len = session_negotiate->id_len; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - if (session_id_len < 16 || session_id_len > 32 || -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || -#endif - ssl->handshake->resume == 0) { - session_id_len = 0; - } - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - /* - * RFC 5077 section 3.4: "When presenting a ticket, the client MAY - * generate and include a Session ID in the TLS ClientHello." - */ - int renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - renegotiating = 1; - } -#endif - if (!renegotiating) { - if ((session_negotiate->ticket != NULL) && - (session_negotiate->ticket_len != 0)) { - session_id_len = 32; - } - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* - * Create a legacy session identifier for the purpose of middlebox - * compatibility only if one has not been created already, which is - * the case if we are here for the TLS 1.3 second ClientHello. - * - * Versions of TLS before TLS 1.3 supported a "session resumption" - * feature which has been merged with pre-shared keys in TLS 1.3 - * version. A client which has a cached session ID set by a pre-TLS 1.3 - * server SHOULD set this field to that value. In compatibility mode, - * this field MUST be non-empty, so a client not offering a pre-TLS 1.3 - * session MUST generate a new 32-byte value. This value need not be - * random but SHOULD be unpredictable to avoid implementations fixating - * on a specific value (also known as ossification). Otherwise, it MUST - * be set as a zero-length vector ( i.e., a zero-valued single byte - * length field ). - */ - session_id_len = 32; - } -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - if (session_id_len != session_negotiate->id_len) { - session_negotiate->id_len = session_id_len; - if (session_id_len > 0) { - ret = ssl->conf->f_rng(ssl->conf->p_rng, - session_negotiate->id, - session_id_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); - return ret; - } - } - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ssl->handshake->resume) { - int hostname_mismatch = ssl->hostname != NULL || - session_negotiate->hostname != NULL; - if (ssl->hostname != NULL && session_negotiate->hostname != NULL) { - hostname_mismatch = strcmp( - ssl->hostname, session_negotiate->hostname) != 0; - } - - if (hostname_mismatch) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Hostname mismatch the session ticket, " - "disable session resumption.")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } else { - return mbedtls_ssl_session_set_hostname(session_negotiate, - ssl->hostname); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - return 0; -} -/* - * Write ClientHello handshake message. - * Handler for MBEDTLS_SSL_CLIENT_HELLO - */ -int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) -{ - int ret = 0; - unsigned char *buf; - size_t buf_len, msg_len, binders_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello")); - - MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf, - buf + buf_len, - &msg_len, - &binders_len)); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_msglen = msg_len + 4; - mbedtls_ssl_send_flight_completed(ssl); - - /* - * The two functions below may try to send data on the network and - * can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they - * fail to do so and the transmission has to be retried later. In that - * case as in fatal error cases, we return immediately. But we must have - * set the handshake state to the next state at that point to ensure - * that we will not write and send again a ClientHello when we - * eventually succeed in sending the pending data. - */ - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ - { - - ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, - msg_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_add_hs_hdr_to_checksum", ret); - return ret; - } - ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (binders_len > 0) { - MBEDTLS_SSL_PROC_CHK( - mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - ssl, buf + msg_len - binders_len, buf + msg_len)); - ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, - binders_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, - buf_len, - msg_len)); - - /* - * Set next state. Note that if TLS 1.3 is proposed, this may be - * overwritten by mbedtls_ssl_tls13_finalize_client_hello(). - */ - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && - MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) { - ret = mbedtls_ssl_tls13_finalize_client_hello(ssl); - } -#endif - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); -#endif - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello")); - return ret; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_PROTO_TLS1_2 */ -#endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_client.h b/library/ssl_client.h deleted file mode 100644 index 56e9bf857..000000000 --- a/library/ssl_client.h +++ /dev/null @@ -1,18 +0,0 @@ -/** - * TLS 1.2 and 1.3 client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_SSL_CLIENT_H -#define MBEDTLS_SSL_CLIENT_H - -#include "ssl_misc.h" - -#include - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl); - -#endif /* MBEDTLS_SSL_CLIENT_H */ diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c deleted file mode 100644 index 0e374671c..000000000 --- a/library/ssl_cookie.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - * DTLS cookie callbacks implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * These session callbacks use a simple chained list - * to store and retrieve the session information. - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_COOKIE_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/constant_time.h" - -#include - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/psa_util.h" -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -/* - * If DTLS is in use, then at least one of SHA-256 or SHA-384 is - * available. Try SHA-256 first as 384 wastes resources - */ -#if defined(PSA_WANT_ALG_SHA_256) -#define COOKIE_MD MBEDTLS_MD_SHA256 -#define COOKIE_MD_OUTLEN 32 -#define COOKIE_HMAC_LEN 28 -#elif defined(PSA_WANT_ALG_SHA_384) -#define COOKIE_MD MBEDTLS_MD_SHA384 -#define COOKIE_MD_OUTLEN 48 -#define COOKIE_HMAC_LEN 28 -#else -#error "DTLS hello verify needs SHA-256 or SHA-384" -#endif - -/* - * Cookies are formed of a 4-bytes timestamp (or serial number) and - * an HMAC of timestamp and client ID. - */ -#define COOKIE_LEN (4 + COOKIE_HMAC_LEN) - -void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_md_init(&ctx->hmac_ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if !defined(MBEDTLS_HAVE_TIME) - ctx->serial = 0; -#endif - ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init(&ctx->mutex); -#endif -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -} - -void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay) -{ - ctx->timeout = delay; -} - -void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) -{ - if (ctx == NULL) { - return; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(ctx->psa_hmac_key); -#else - mbedtls_md_free(&ctx->hmac_ctx); - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free(&ctx->mutex); -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); -} - -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - - (void) f_rng; - (void) p_rng; - - alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); - if (alg == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(alg), - COOKIE_HMAC_LEN); - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE | - PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, ctx->psa_hmac_alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(COOKIE_MD_OUTLEN)); - - if ((status = psa_generate_key(&attributes, - &ctx->psa_hmac_key)) != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char key[COOKIE_MD_OUTLEN]; - - if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) { - return ret; - } - - ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1); - if (ret != 0) { - return ret; - } - - ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key)); - if (ret != 0) { - return ret; - } - - mbedtls_platform_zeroize(key, sizeof(key)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - return 0; -} - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * Generate the HMAC part of a cookie - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx, - const unsigned char time[4], - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len) -{ - unsigned char hmac_out[COOKIE_MD_OUTLEN]; - - MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN); - - if (mbedtls_md_hmac_reset(hmac_ctx) != 0 || - mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 || - mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 || - mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(*p, hmac_out, COOKIE_HMAC_LEN); - *p += COOKIE_HMAC_LEN; - - return 0; -} -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - -/* - * Generate cookie for DTLS ClientHello verification - */ -int mbedtls_ssl_cookie_write(void *p_ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t sign_mac_length = 0; -#endif - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; - unsigned long t; - - if (ctx == NULL || cli_id == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_LEN); - -#if defined(MBEDTLS_HAVE_TIME) - t = (unsigned long) mbedtls_time(NULL); -#else - t = ctx->serial++; -#endif - - MBEDTLS_PUT_UINT32_BE(t, *p, 0); - *p += 4; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key, - ctx->psa_hmac_alg); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, *p - 4, 4); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, cli_id, cli_id_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN, - &sign_mac_length); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - *p += COOKIE_HMAC_LEN; - - ret = 0; -#else -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret); - } -#endif - - ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4, - p, end, cli_id, cli_id_len); - -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, - MBEDTLS_ERR_THREADING_MUTEX_ERROR); - } -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - status = psa_mac_abort(&operation); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - return ret; -} - -/* - * Check a cookie - */ -int mbedtls_ssl_cookie_check(void *p_ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - unsigned char ref_hmac[COOKIE_HMAC_LEN]; - unsigned char *p = ref_hmac; -#endif - int ret = 0; - mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; - unsigned long cur_time, cookie_time; - - if (ctx == NULL || cli_id == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (cookie_len != COOKIE_LEN) { - return -1; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key, - ctx->psa_hmac_alg); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, cookie, 4); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, cli_id, - cli_id_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_verify_finish(&operation, cookie + 4, - COOKIE_HMAC_LEN); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - ret = 0; -#else -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret); - } -#endif - - if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie, - &p, p + sizeof(ref_hmac), - cli_id, cli_id_len) != 0) { - ret = -1; - } - -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, - MBEDTLS_ERR_THREADING_MUTEX_ERROR); - } -#endif - - if (ret != 0) { - goto exit; - } - - if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) { - ret = -1; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_HAVE_TIME) - cur_time = (unsigned long) mbedtls_time(NULL); -#else - cur_time = ctx->serial; -#endif - - cookie_time = (unsigned long) MBEDTLS_GET_UINT32_BE(cookie, 0); - - if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) { - ret = -1; - goto exit; - } - -exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_mac_abort(&operation); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } -#else - mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - return ret; -} -#endif /* MBEDTLS_SSL_COOKIE_C */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h deleted file mode 100644 index 6f843404c..000000000 --- a/library/ssl_debug_helpers.h +++ /dev/null @@ -1,81 +0,0 @@ -/** - * \file ssl_debug_helpers.h - * - * \brief Automatically generated helper functions for debugging - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_SSL_DEBUG_HELPERS_H -#define MBEDTLS_SSL_DEBUG_HELPERS_H - -#include "ssl_misc.h" - -#if defined(MBEDTLS_DEBUG_C) - -#include "mbedtls/ssl.h" - -const char *mbedtls_ssl_states_str(mbedtls_ssl_states in); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -const char *mbedtls_ssl_early_data_status_str(mbedtls_ssl_early_data_status in); -const char *mbedtls_ssl_early_data_state_str(mbedtls_ssl_early_data_state in); -#endif - -const char *mbedtls_ssl_protocol_version_str(mbedtls_ssl_protocol_version in); - -const char *mbedtls_tls_prf_types_str(mbedtls_tls_prf_types in); - -const char *mbedtls_ssl_key_export_type_str(mbedtls_ssl_key_export_type in); - -const char *mbedtls_ssl_sig_alg_to_str(uint16_t in); - -const char *mbedtls_ssl_named_group_to_str(uint16_t in); - -const char *mbedtls_ssl_get_extension_name(unsigned int extension_type); - -void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, uint32_t extensions_mask, - const char *extra); - -void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, unsigned int extension_type, - const char *extra_msg0, const char *extra_msg1); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - unsigned int flags); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask) \ - mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \ - hs_msg_type, extensions_mask, NULL) - -#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra) \ - mbedtls_ssl_print_extension(ssl, level, __FILE__, __LINE__, \ - hs_msg_type, extension_type, \ - extra, NULL) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_PRINT_TICKET_FLAGS(level, flags) \ - mbedtls_ssl_print_ticket_flags(ssl, level, __FILE__, __LINE__, flags) -#endif - -#else - -#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extension_mask) - -#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_PRINT_TICKET_FLAGS(level, flags) -#endif - -#endif /* MBEDTLS_DEBUG_C */ - -#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h deleted file mode 100644 index 5bda91a28..000000000 --- a/library/ssl_misc.h +++ /dev/null @@ -1,3018 +0,0 @@ -/** - * \file ssl_misc.h - * - * \brief Internal functions shared by the SSL modules - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_MISC_H -#define MBEDTLS_SSL_MISC_H - -#include "common.h" -#include "mbedtls/build_info.h" - -#include "mbedtls/error.h" - -#include "mbedtls/ssl.h" -#include "mbedtls/cipher.h" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#include "psa/crypto.h" -#include "psa_util_internal.h" -#endif - -#if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/md5.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/sha1.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/sha256.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/sha512.h" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/ecjpake.h" -#endif - -#include "mbedtls/pk.h" -#include "ssl_ciphersuites_internal.h" -#include "x509_internal.h" -#include "pk_internal.h" - -/* Shorthand for restartable ECC */ -#if defined(MBEDTLS_ECP_RESTARTABLE) && \ - defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED -#endif - -#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 -#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ -#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ -#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ - -/* Faked handshake message identity for HelloRetryRequest. */ -#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST (-MBEDTLS_SSL_HS_SERVER_HELLO) - -/* - * Internal identity of handshake extensions - */ -#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0 -#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1 -#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1 -#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2 -#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4 -#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5 -#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6 -#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7 -#define MBEDTLS_SSL_EXT_ID_ALPN 8 -#define MBEDTLS_SSL_EXT_ID_SCT 9 -#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10 -#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11 -#define MBEDTLS_SSL_EXT_ID_PADDING 12 -#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13 -#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15 -#define MBEDTLS_SSL_EXT_ID_COOKIE 16 -#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17 -#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18 -#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19 -#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20 -#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21 -#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22 -#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24 -#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25 -#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26 -#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27 -#define MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT 28 - -/* Utility for translating IANA extension type. */ -uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type); -uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); -/* Macros used to define mask constants */ -#define MBEDTLS_SSL_EXT_MASK(id) (1ULL << (MBEDTLS_SSL_EXT_ID_##id)) -/* Reset value of extension mask */ -#define MBEDTLS_SSL_EXT_MASK_NONE 0 - -/* In messages containing extension requests, we should ignore unrecognized - * extensions. In messages containing extension responses, unrecognized - * extensions should result in handshake abortion. Messages containing - * extension requests include ClientHello, CertificateRequest and - * NewSessionTicket. Messages containing extension responses include - * ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate. - * - * RFC 8446 section 4.1.3 - * - * The ServerHello MUST only include extensions which are required to establish - * the cryptographic context and negotiate the protocol version. - * - * RFC 8446 section 4.2 - * - * If an implementation receives an extension which it recognizes and which is - * not specified for the message in which it appears, it MUST abort the handshake - * with an "illegal_parameter" alert. - */ - -/* Extensions that are not recognized by TLS 1.3 */ -#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \ - (MBEDTLS_SSL_EXT_MASK(SUPPORTED_POINT_FORMATS) | \ - MBEDTLS_SSL_EXT_MASK(ENCRYPT_THEN_MAC) | \ - MBEDTLS_SSL_EXT_MASK(EXTENDED_MASTER_SECRET) | \ - MBEDTLS_SSL_EXT_MASK(SESSION_TICKET) | \ - MBEDTLS_SSL_EXT_MASK(TRUNCATED_HMAC) | \ - MBEDTLS_SSL_EXT_MASK(UNRECOGNIZED)) - -/* RFC 8446 section 4.2. Allowed extensions for ClientHello */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \ - (MBEDTLS_SSL_EXT_MASK(SERVERNAME) | \ - MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH) | \ - MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG) | \ - MBEDTLS_SSL_EXT_MASK(USE_SRTP) | \ - MBEDTLS_SSL_EXT_MASK(HEARTBEAT) | \ - MBEDTLS_SSL_EXT_MASK(ALPN) | \ - MBEDTLS_SSL_EXT_MASK(SCT) | \ - MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(PADDING) | \ - MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \ - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | \ - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES) | \ - MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \ - MBEDTLS_SSL_EXT_MASK(COOKIE) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS) | \ - MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \ - MBEDTLS_SSL_EXT_MASK(POST_HANDSHAKE_AUTH) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \ - MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED) - -/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ - (MBEDTLS_SSL_EXT_MASK(SERVERNAME) | \ - MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | \ - MBEDTLS_SSL_EXT_MASK(USE_SRTP) | \ - MBEDTLS_SSL_EXT_MASK(HEARTBEAT) | \ - MBEDTLS_SSL_EXT_MASK(ALPN) | \ - MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \ - MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) - -/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \ - (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG) | \ - MBEDTLS_SSL_EXT_MASK(SCT) | \ - MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \ - MBEDTLS_SSL_EXT_MASK(OID_FILTERS) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED) - -/* RFC 8446 section 4.2. Allowed extensions for Certificate */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ - (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \ - MBEDTLS_SSL_EXT_MASK(SCT)) - -/* RFC 8446 section 4.2. Allowed extensions for ServerHello */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \ - (MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \ - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS)) - -/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \ - (MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \ - MBEDTLS_SSL_EXT_MASK(COOKIE) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS)) - -/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ - (MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED) - -/* - * Helper macros for function call with return check. - */ -/* - * Exit when return non-zero value - */ -#define MBEDTLS_SSL_PROC_CHK(f) \ - do { \ - ret = (f); \ - if (ret != 0) \ - { \ - goto cleanup; \ - } \ - } while (0) -/* - * Exit when return negative value - */ -#define MBEDTLS_SSL_PROC_CHK_NEG(f) \ - do { \ - ret = (f); \ - if (ret < 0) \ - { \ - goto cleanup; \ - } \ - } while (0) - -/* - * DTLS retransmission states, see RFC 6347 4.2.4 - * - * The SENDING state is merged in PREPARING for initial sends, - * but is distinct for resends. - * - * Note: initial state is wrong for server, but is not used anyway. - */ -#define MBEDTLS_SSL_RETRANS_PREPARING 0 -#define MBEDTLS_SSL_RETRANS_SENDING 1 -#define MBEDTLS_SSL_RETRANS_WAITING 2 -#define MBEDTLS_SSL_RETRANS_FINISHED 3 - -/* - * Allow extra bytes for record, authentication and encryption overhead: - * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). - */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -/* This macro determines whether CBC is supported. */ -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - (defined(PSA_WANT_KEY_TYPE_AES) || \ - defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \ - defined(PSA_WANT_KEY_TYPE_ARIA)) -#define MBEDTLS_SSL_SOME_SUITES_USE_CBC -#endif - -/* This macro determines whether a ciphersuite using a - * stream cipher can be used. */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM -#endif - -/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC -#endif - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) -#define MBEDTLS_SSL_SOME_SUITES_USE_MAC -#endif - -/* This macro determines whether a ciphersuite uses Encrypt-then-MAC with CBC */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -/* Ciphersuites using HMAC */ -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ -#elif defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ -#else -#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ -#endif -#else /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ -/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ -#define MBEDTLS_SSL_MAC_ADD 16 -#endif - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#define MBEDTLS_SSL_PADDING_ADD 256 -#else -#define MBEDTLS_SSL_PADDING_ADD 0 -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY -#else -#define MBEDTLS_SSL_MAX_CID_EXPANSION 0 -#endif - -#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ - MBEDTLS_SSL_MAC_ADD + \ - MBEDTLS_SSL_PADDING_ADD + \ - MBEDTLS_SSL_MAX_CID_EXPANSION \ - ) - -#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ - (MBEDTLS_SSL_IN_CONTENT_LEN)) - -#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ - (MBEDTLS_SSL_OUT_CONTENT_LEN)) - -/* The maximum number of buffered handshake messages. */ -#define MBEDTLS_SSL_MAX_BUFFERED_HS 4 - -/* Maximum length we can advertise as our max content length for - RFC 6066 max_fragment_length extension negotiation purposes - (the lesser of both sizes, if they are unequal.) - */ -#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ - (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ - ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \ - : (MBEDTLS_SSL_IN_CONTENT_LEN) \ - ) - -/* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ -#define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534 - -/* Minimum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ -#define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2 - -/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ -#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 - -#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20 - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(sig, hash) ((hash << 8) | sig) -#define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF) -#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8) -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Check that we obey the standard's message size bounds - */ - -#if MBEDTLS_SSL_IN_CONTENT_LEN > 16384 -#error "Bad configuration - incoming record content too large." -#endif - -#if MBEDTLS_SSL_OUT_CONTENT_LEN > 16384 -#error "Bad configuration - outgoing record content too large." -#endif - -#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_IN_CONTENT_LEN + 2048 -#error "Bad configuration - incoming protected record payload too large." -#endif - -#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN + 2048 -#error "Bad configuration - outgoing protected record payload too large." -#endif - -/* Calculate buffer sizes */ - -/* Note: Even though the TLS record header is only 5 bytes - long, we're internally using 8 bytes to store the - implicit sequence number. */ -#define MBEDTLS_SSL_HEADER_LEN 13 - -#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_IN_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN)) -#else -#define MBEDTLS_SSL_IN_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ - + (MBEDTLS_SSL_CID_IN_LEN_MAX)) -#endif - -#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_OUT_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN)) -#else -#define MBEDTLS_SSL_OUT_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ - + (MBEDTLS_SSL_CID_OUT_LEN_MAX)) -#endif - -#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 -#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32 - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/** - * \brief Return the maximum fragment length (payload, in bytes) for - * the output buffer. For the client, this is the configured - * value. For the server, it is the minimum of two - the - * configured value and the negotiated one. - * - * \sa mbedtls_ssl_conf_max_frag_len() - * \sa mbedtls_ssl_get_max_out_record_payload() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the maximum fragment length (payload, in bytes) for - * the input buffer. This is the negotiated maximum fragment - * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN. - * If it is not defined either, the value is 2^14. This function - * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). - * - * \sa mbedtls_ssl_conf_max_frag_len() - * \sa mbedtls_ssl_get_max_in_record_payload() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -/** - * \brief Get the size limit in bytes for the protected outgoing records - * as defined in RFC 8449 - * - * \param ssl SSL context - * - * \return The size limit in bytes for the protected outgoing - * records as defined in RFC 8449. - */ -size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) -{ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_output_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_OUT_LEN_MAX; -#else - return mbedtls_ssl_get_output_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; -#endif -} - -static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx) -{ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_input_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_IN_LEN_MAX; -#else - return mbedtls_ssl_get_input_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; -#endif -} -#endif - -/* - * TLS extension flags (for extensions with outgoing ServerHello content - * that need it (e.g. for RENEGOTIATION_INFO the server already knows because - * of state of the renegotiation flag, so no indicator is required) - */ -#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) -#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) - -/** - * \brief This function checks if the remaining size in a buffer is - * greater or equal than a needed space. - * - * \param cur Pointer to the current position in the buffer. - * \param end Pointer to one past the end of the buffer. - * \param need Needed space in bytes. - * - * \return Zero if the needed space is available in the buffer, non-zero - * otherwise. - */ -#if !defined(MBEDTLS_TEST_HOOKS) -static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, - const uint8_t *end, size_t need) -{ - return (cur > end) || (need > (size_t) (end - cur)); -} -#else -typedef struct { - const uint8_t *cur; - const uint8_t *end; - size_t need; -} mbedtls_ssl_chk_buf_ptr_args; - -void mbedtls_ssl_set_chk_buf_ptr_fail_args( - const uint8_t *cur, const uint8_t *end, size_t need); -void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args); - -static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, - const uint8_t *end, size_t need) -{ - if ((cur > end) || (need > (size_t) (end - cur))) { - mbedtls_ssl_set_chk_buf_ptr_fail_args(cur, end, need); - return 1; - } - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ - -/** - * \brief This macro checks if the remaining size in a buffer is - * greater or equal than a needed space. If it is not the case, - * it returns an SSL_BUFFER_TOO_SMALL error. - * - * \param cur Pointer to the current position in the buffer. - * \param end Pointer to one past the end of the buffer. - * \param need Needed space in bytes. - * - */ -#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need) \ - do { \ - if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ - { \ - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ - } \ - } while (0) - -/** - * \brief This macro checks if the remaining length in an input buffer is - * greater or equal than a needed length. If it is not the case, it - * returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a - * #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message. - * - * This is a function-like macro. It is guaranteed to evaluate each - * argument exactly once. - * - * \param cur Pointer to the current position in the buffer. - * \param end Pointer to one past the end of the buffer. - * \param need Needed length in bytes. - * - */ -#define MBEDTLS_SSL_CHK_BUF_READ_PTR(cur, end, need) \ - do { \ - if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ - { \ - MBEDTLS_SSL_DEBUG_MSG(1, \ - ("missing input data in %s", __func__)); \ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ - MBEDTLS_ERR_SSL_DECODE_ERROR); \ - return MBEDTLS_ERR_SSL_DECODE_ERROR; \ - } \ - } while (0) - -#ifdef __cplusplus -extern "C" { -#endif - -typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -/* cipher.h exports the maximum IV, key and block length from - * all ciphers enabled in the config, regardless of whether those - * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled - * in the default configuration and uses 64 Byte keys, but it is - * not used for record protection in SSL/TLS. - * - * In order to prevent unnecessary inflation of key structures, - * we introduce SSL-specific variants of the max-{key,block,IV} - * macros here which are meant to only take those ciphers into - * account which can be negotiated in SSL/TLS. - * - * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH - * in cipher.h are rough overapproximations of the real maxima, here - * we content ourselves with replicating those overapproximations - * for the maximum block and IV length, and excluding XTS from the - * computation of the maximum key length. */ -#define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16 -#define MBEDTLS_SSL_MAX_IV_LENGTH 16 -#define MBEDTLS_SSL_MAX_KEY_LENGTH 32 - -/** - * \brief The data structure holding the cryptographic material (key and IV) - * used for record protection in TLS 1.3. - */ -struct mbedtls_ssl_key_set { - /*! The key for client->server records. */ - unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH]; - /*! The key for server->client records. */ - unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH]; - /*! The IV for client->server records. */ - unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH]; - /*! The IV for server->client records. */ - unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH]; - - size_t key_len; /*!< The length of client_write_key and - * server_write_key, in Bytes. */ - size_t iv_len; /*!< The length of client_write_iv and - * server_write_iv, in Bytes. */ -}; -typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; - -typedef struct { - unsigned char binder_key[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char client_early_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char early_exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; -} mbedtls_ssl_tls13_early_secrets; - -typedef struct { - unsigned char client_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char server_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; -} mbedtls_ssl_tls13_handshake_secrets; - -/* - * This structure contains the parameters only needed during handshake. - */ -struct mbedtls_ssl_handshake_params { - /* Frequently-used boolean or byte fields (placed early to take - * advantage of smaller code size for indirect access on Arm Thumb) */ - uint8_t resume; /*!< session resume indicator*/ - uint8_t cli_exts; /*!< client extension presence*/ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - uint8_t sni_authmode; /*!< authmode from SNI callback */ -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - /* Flag indicating if a CertificateRequest message has been sent - * to the client or not. */ - uint8_t certificate_request_sent; -#if defined(MBEDTLS_SSL_EARLY_DATA) - /* Flag indicating if the server has accepted early data or not. */ - uint8_t early_data_accepted; -#endif -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - uint8_t new_session_ticket; /*!< use NewSessionTicket? */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) - /** Minimum TLS version to be negotiated. - * - * It is set up in the ClientHello writing preparation stage and used - * throughout the ClientHello writing. Not relevant anymore as soon as - * the protocol version has been negotiated thus as soon as the - * ServerHello is received. - * For a fresh handshake not linked to any previous handshake, it is - * equal to the configured minimum minor version to be negotiated. When - * renegotiating or resuming a session, it is equal to the previously - * negotiated minor version. - * - * There is no maximum TLS version field in this handshake context. - * From the start of the handshake, we need to define a current protocol - * version for the record layer which we define as the maximum TLS - * version to be negotiated. The `tls_version` field of the SSL context is - * used to store this maximum value until it contains the actual - * negotiated value. - */ - mbedtls_ssl_protocol_version min_tls_version; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - uint8_t extended_ms; /*!< use Extended Master Secret? */ -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - uint8_t async_in_progress; /*!< an asynchronous operation is in progress */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - unsigned char retransmit_state; /*!< Retransmission state */ -#endif - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - unsigned char group_list_heap_allocated; - unsigned char sig_algs_heap_allocated; -#endif - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */ - enum { /* this complements ssl->state with info on intra-state operations */ - ssl_ecrs_none = 0, /*!< nothing going on (yet) */ - ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */ - ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */ - ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */ - ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */ - } ecrs_state; /*!< current (or last) operation */ - mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */ - size_t ecrs_n; /*!< place for saving a length */ -#endif - - mbedtls_ssl_ciphersuite_t const *ciphersuite_info; - - MBEDTLS_CHECK_RETURN_CRITICAL - int (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); - MBEDTLS_CHECK_RETURN_CRITICAL - int (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); - MBEDTLS_CHECK_RETURN_CRITICAL - int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); - mbedtls_ssl_tls_prf_cb *tls_prf; - - /* - * Handshake specific crypto variables - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint8_t key_exchange_mode; /*!< Selected key exchange mode */ - - /** - * Flag indicating if, in the course of the current handshake, an - * HelloRetryRequest message has been sent by the server or received by - * the client (<> 0) or not (0). - */ - uint8_t hello_retry_request_flag; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /** - * Flag indicating if, in the course of the current handshake, a dummy - * change_cipher_spec (CCS) record has already been sent. Used to send only - * one CCS per handshake while not complicating the handshake state - * transitions for that purpose. - */ - uint8_t ccs_sent; -#endif - -#if defined(MBEDTLS_SSL_SRV_C) -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ -#endif - /** selected_group of key_share extension in HelloRetryRequest message. */ - uint16_t hrr_selected_group; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - uint16_t new_session_tickets_count; /*!< number of session tickets */ -#endif -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; -#endif - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const uint16_t *group_list; - const uint16_t *sig_algs; -#endif - -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ -#endif - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif /* !MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) - psa_key_type_t xxdh_psa_type; - size_t xxdh_psa_bits; - mbedtls_svc_key_id_t xxdh_psa_privkey; - uint8_t xxdh_psa_privkey_is_external; - unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t xxdh_psa_peerkey_len; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_pake_operation_t psa_pake_ctx; /*!< EC J-PAKE key exchange */ - mbedtls_svc_key_id_t psa_pake_password; - uint8_t psa_pake_ctx_is_ok; -#else - mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SSL_CLI_C) - unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ - size_t ecjpake_cache_len; /*!< Length of cached data */ -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ - uint8_t psk_opaque_is_internal; -#else - unsigned char *psk; /*!< PSK from the callback */ - size_t psk_len; /*!< Length of PSK from callback */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - uint16_t selected_identity; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ - mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ - mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */ -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - struct { - size_t total_bytes_buffered; /*!< Cumulative size of heap allocated - * buffers used for message buffering. */ - - uint8_t seen_ccs; /*!< Indicates if a CCS message has - * been seen in the current flight. */ - - struct mbedtls_ssl_hs_buffer { - unsigned is_valid : 1; - unsigned is_fragmented : 1; - unsigned is_complete : 1; - unsigned char *data; - size_t data_len; - } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; - - struct { - unsigned char *data; - size_t len; - unsigned epoch; - } future_record; - - } buffering; - -#if defined(MBEDTLS_SSL_CLI_C) && \ - (defined(MBEDTLS_SSL_PROTO_DTLS) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_3)) - unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS - * HelloRetryRequest cookie for TLS 1.3 */ -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* RFC 6347 page 15 - ... - opaque cookie<0..2^8-1>; - ... - */ - uint8_t cookie_len; -#else - /* RFC 8446 page 39 - ... - opaque cookie<0..2^16-1>; - ... - If TLS1_3 is enabled, the max length is 2^16 - 1 - */ - uint16_t cookie_len; /*!< DTLS: HelloVerifyRequest cookie length - * TLS1_3: HelloRetryRequest cookie length */ -#endif -#endif /* MBEDTLS_SSL_CLI_C && - ( MBEDTLS_SSL_PROTO_DTLS || - MBEDTLS_SSL_PROTO_TLS1_3 ) */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_DTLS) - unsigned char cookie_verify_result; /*!< Srv: flag for sending a cookie */ -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ - unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ - - uint32_t retransmit_timeout; /*!< Current value of timeout */ - mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ - mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ - unsigned char *cur_msg_p; /*!< Position in current message */ - unsigned int in_flight_start_seq; /*!< Minimum message sequence in the - flight being received */ - mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for - resending messages */ - unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Alternative record epoch/counter - for resending messages */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* The state of CID configuration in this handshake. */ - - uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension - * has been negotiated. Possible values are - * #MBEDTLS_SSL_CID_ENABLED and - * #MBEDTLS_SSL_CID_DISABLED. */ - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; /*! The peer's CID */ - uint8_t peer_cid_len; /*!< The length of - * \c peer_cid. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * Checksum contexts - */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_operation_t fin_sha256_psa; -#else - mbedtls_md_context_t fin_sha256; -#endif -#endif -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_operation_t fin_sha384_psa; -#else - mbedtls_md_context_t fin_sha384; -#endif -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint16_t offered_group_id; /* The NamedGroup value for the group - * that is being used for ephemeral - * key exchange. - * - * On the client: Defaults to the first - * entry in the client's group list, - * but can be overwritten by the HRR. */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_CLI_C) - uint8_t client_auth; /*!< used to check if CertificateRequest has been - received from server side. If CertificateRequest - has been received, Certificate and CertificateVerify - should be sent to server */ -#endif /* MBEDTLS_SSL_CLI_C */ - /* - * State-local variables used during the processing - * of a specific handshake state. - */ - union { - /* Outgoing Finished message */ - struct { - uint8_t preparation_done; - - /* Buffer holding digest of the handshake up to - * but excluding the outgoing finished message. */ - unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t digest_len; - } finished_out; - - /* Incoming Finished message */ - struct { - uint8_t preparation_done; - - /* Buffer holding digest of the handshake up to but - * excluding the peer's incoming finished message. */ - unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t digest_len; - } finished_in; - - } state_local; - - /* End of state-local variables. */ - - unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN + - MBEDTLS_SERVER_HELLO_RANDOM_LEN]; - /*!< random bytes */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; - /*!< premaster secret */ - size_t pmslen; /*!< premaster length */ -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint32_t sent_extensions; /*!< extensions sent by endpoint */ - uint32_t received_extensions; /*!< extensions received by endpoint */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - unsigned char certificate_request_context_len; - unsigned char *certificate_request_context; -#endif - - /** TLS 1.3 transform for encrypted handshake messages. */ - mbedtls_ssl_transform *transform_handshake; - union { - unsigned char early[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char app[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - } tls13_master_secrets; - - mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; -#if defined(MBEDTLS_SSL_EARLY_DATA) - /** TLS 1.3 transform for early data and handshake messages. */ - mbedtls_ssl_transform *transform_earlydata; -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /** Asynchronous operation context. This field is meant for use by the - * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, - * mbedtls_ssl_config::f_async_decrypt_start, - * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). - * The library does not use it internally. */ - void *user_async_ctx; -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const unsigned char *sni_name; /*!< raw SNI */ - size_t sni_name_len; /*!< raw SNI len */ -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - const mbedtls_x509_crt *dn_hints; /*!< acceptable client cert issuers */ -#endif -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -}; - -typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; - -/* - * Representation of decryption/encryption transformations on records - * - * There are the following general types of record transformations: - * - Stream transformations (TLS versions == 1.2 only) - * Transformation adding a MAC and applying a stream-cipher - * to the authenticated message. - * - CBC block cipher transformations ([D]TLS versions == 1.2 only) - * For TLS 1.2, no IV is generated at key extraction time, but every - * encrypted record is explicitly prefixed by the IV with which it was - * encrypted. - * - AEAD transformations ([D]TLS versions == 1.2 only) - * These come in two fundamentally different versions, the first one - * used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second - * one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3. - * In the first transformation, the IV to be used for a record is obtained - * as the concatenation of an explicit, static 4-byte IV and the 8-byte - * record sequence number, and explicitly prepending this sequence number - * to the encrypted record. In contrast, in the second transformation - * the IV is obtained by XOR'ing a static IV obtained at key extraction - * time with the 8-byte record sequence number, without prepending the - * latter to the encrypted record. - * - * Additionally, DTLS 1.2 + CID as well as TLS 1.3 use an inner plaintext - * which allows to add flexible length padding and to hide a record's true - * content type. - * - * In addition to type and version, the following parameters are relevant: - * - The symmetric cipher algorithm to be used. - * - The (static) encryption/decryption keys for the cipher. - * - For stream/CBC, the type of message digest to be used. - * - For stream/CBC, (static) encryption/decryption keys for the digest. - * - For AEAD transformations, the size (potentially 0) of an explicit, - * random initialization vector placed in encrypted records. - * - For some transformations (currently AEAD) an implicit IV. It is static - * and (if present) is combined with the explicit IV in a transformation- - * -dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3). - * - For stream/CBC, a flag determining the order of encryption and MAC. - * - The details of the transformation depend on the SSL/TLS version. - * - The length of the authentication tag. - * - * The struct below refines this abstract view as follows: - * - The cipher underlying the transformation is managed in - * cipher contexts cipher_ctx_{enc/dec}, which must have the - * same cipher type. The mode of these cipher contexts determines - * the type of the transformation in the sense above: e.g., if - * the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM - * then the transformation has type CBC resp. AEAD. - * - The cipher keys are never stored explicitly but - * are maintained within cipher_ctx_{enc/dec}. - * - For stream/CBC transformations, the message digest contexts - * used for the MAC's are stored in md_ctx_{enc/dec}. These contexts - * are unused for AEAD transformations. - * - For stream/CBC transformations, the MAC keys are not stored explicitly - * but maintained within md_ctx_{enc/dec}. - * - The mac_enc and mac_dec fields are unused for EAD transformations. - * - For transformations using an implicit IV maintained within - * the transformation context, its contents are stored within - * iv_{enc/dec}. - * - The value of ivlen indicates the length of the IV. - * This is redundant in case of stream/CBC transformations - * which always use 0 resp. the cipher's block length as the - * IV length, but is needed for AEAD ciphers and may be - * different from the underlying cipher's block length - * in this case. - * - The field fixed_ivlen is nonzero for AEAD transformations only - * and indicates the length of the static part of the IV which is - * constant throughout the communication, and which is stored in - * the first fixed_ivlen bytes of the iv_{enc/dec} arrays. - * - tls_version denotes the 2-byte TLS version - * - For stream/CBC transformations, maclen denotes the length of the - * authentication tag, while taglen is unused and 0. - * - For AEAD transformations, taglen denotes the length of the - * authentication tag, while maclen is unused and 0. - * - For CBC transformations, encrypt_then_mac determines the - * order of encryption and authentication. This field is unused - * in other transformations. - * - */ -struct mbedtls_ssl_transform { - /* - * Session specific crypto layer - */ - size_t minlen; /*!< min. ciphertext length */ - size_t ivlen; /*!< IV length */ - size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ - size_t maclen; /*!< MAC(CBC) len */ - size_t taglen; /*!< TAG(AEAD) len */ - - unsigned char iv_enc[16]; /*!< IV (encryption) */ - unsigned char iv_dec[16]; /*!< IV (decryption) */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */ - mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */ - psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */ -#else - mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ - mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int encrypt_then_mac; /*!< flag for EtM activation */ -#endif - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - mbedtls_ssl_protocol_version tls_version; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ - mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */ - psa_algorithm_t psa_alg; /*!< psa algorithm */ -#else - mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ - mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t in_cid_len; - uint8_t out_cid_len; - unsigned char in_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, - * see ssl_tls12_populate_transform() */ - unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + - MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - /*!< ServerHello.random+ClientHello.random */ -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ -}; - -/* - * Return 1 if the transform uses an AEAD cipher, 0 otherwise. - * Equivalently, return 0 if a separate MAC is used, 1 otherwise. - */ -static inline int mbedtls_ssl_transform_uses_aead( - const mbedtls_ssl_transform *transform) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - return transform->maclen == 0 && transform->taglen != 0; -#else - (void) transform; - return 1; -#endif -} - -/* - * Internal representation of record frames - * - * Instances come in two flavors: - * (1) Encrypted - * These always have data_offset = 0 - * (2) Unencrypted - * These have data_offset set to the amount of - * pre-expansion during record protection. Concretely, - * this is the length of the fixed part of the explicit IV - * used for encryption, or 0 if no explicit IV is used - * (e.g. for stream ciphers). - * - * The reason for the data_offset in the unencrypted case - * is to allow for in-place conversion of an unencrypted to - * an encrypted record. If the offset wasn't included, the - * encrypted content would need to be shifted afterwards to - * make space for the fixed IV. - * - */ -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX -#else -#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX -#endif - -typedef struct { - uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /* In TLS: The implicit record sequence number. - * In DTLS: The 2-byte epoch followed by - * the 6-byte sequence number. - * This is stored as a raw big endian byte array - * as opposed to a uint64_t because we rarely - * need to perform arithmetic on this, but do - * need it as a Byte array for the purpose of - * MAC computations. */ - uint8_t type; /* The record content type. */ - uint8_t ver[2]; /* SSL/TLS version as present on the wire. - * Convert to internal presentation of versions - * using mbedtls_ssl_read_version() and - * mbedtls_ssl_write_version(). - * Keep wire-format for MAC computations. */ - - unsigned char *buf; /* Memory buffer enclosing the record content */ - size_t buf_len; /* Buffer length */ - size_t data_offset; /* Offset of record content */ - size_t data_len; /* Length of record content */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t cid_len; /* Length of the CID (0 if not present) */ - unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX]; /* The CID */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -} mbedtls_record; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/* - * List of certificate + private key pairs - */ -struct mbedtls_ssl_key_cert { - mbedtls_x509_crt *cert; /*!< cert */ - mbedtls_pk_context *key; /*!< private key */ - mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ -}; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -/* - * List of handshake messages kept around for resending - */ -struct mbedtls_ssl_flight_item { - unsigned char *p; /*!< message, including handshake headers */ - size_t len; /*!< length of p */ - unsigned char type; /*!< type of the message: handshake or CCS */ - mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ -}; -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.2 specific extensions of the ClientHello message. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the extensions - * \param[in] end End address of the buffer where to write the extensions - * \param uses_ec Whether one proposed ciphersuite uses an elliptic curve - * (<> 0) or not ( 0 ). - * \param[out] out_len Length of the data written into the buffer \p buf - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - int uses_ec, - size_t *out_len); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/** - * \brief Find the preferred hash for a given signature algorithm. - * - * \param[in] ssl SSL context - * \param[in] sig_alg A signature algorithm identifier as defined in the - * TLS 1.2 SignatureAlgorithm enumeration. - * - * \return The preferred hash algorithm for \p sig_alg. It is a hash algorithm - * identifier as defined in the TLS 1.2 HashAlgorithm enumeration. - */ -unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - mbedtls_ssl_context *ssl, - unsigned int sig_alg); - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -/** - * \brief Free referenced items in an SSL transform context and clear - * memory - * - * \param transform SSL transform context - */ -void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform); - -/** - * \brief Free referenced items in an SSL handshake context and clear - * memory - * - * \param ssl SSL context - */ -void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl); - -/* set inbound transform of ssl context */ -void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform); - -/* set outbound transform of ssl context */ -void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); -void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); -static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_states state) -{ - ssl->state = (int) state; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl); - -/** - * \brief Update record layer - * - * This function roughly separates the implementation - * of the logic of (D)TLS from the implementation - * of the secure transport. - * - * \param ssl The SSL context to use. - * \param update_hs_digest This indicates if the handshake digest - * should be automatically updated in case - * a handshake message is found. - * - * \return 0 or non-zero error code. - * - * \note A clarification on what is called 'record layer' here - * is in order, as many sensible definitions are possible: - * - * The record layer takes as input an untrusted underlying - * transport (stream or datagram) and transforms it into - * a serially multiplexed, secure transport, which - * conceptually provides the following: - * - * (1) Three datagram based, content-agnostic transports - * for handshake, alert and CCS messages. - * (2) One stream- or datagram-based transport - * for application data. - * (3) Functionality for changing the underlying transform - * securing the contents. - * - * The interface to this functionality is given as follows: - * - * a Updating - * [Currently implemented by mbedtls_ssl_read_record] - * - * Check if and on which of the four 'ports' data is pending: - * Nothing, a controlling datagram of type (1), or application - * data (2). In any case data is present, internal buffers - * provide access to the data for the user to process it. - * Consumption of type (1) datagrams is done automatically - * on the next update, invalidating that the internal buffers - * for previous datagrams, while consumption of application - * data (2) is user-controlled. - * - * b Reading of application data - * [Currently manual adaption of ssl->in_offt pointer] - * - * As mentioned in the last paragraph, consumption of data - * is different from the automatic consumption of control - * datagrams (1) because application data is treated as a stream. - * - * c Tracking availability of application data - * [Currently manually through decreasing ssl->in_msglen] - * - * For efficiency and to retain datagram semantics for - * application data in case of DTLS, the record layer - * provides functionality for checking how much application - * data is still available in the internal buffer. - * - * d Changing the transformation securing the communication. - * - * Given an opaque implementation of the record layer in the - * above sense, it should be possible to implement the logic - * of (D)TLS on top of it without the need to know anything - * about the record layer's internals. This is done e.g. - * in all the handshake handling functions, and in the - * application data reading function mbedtls_ssl_read. - * - * \note The above tries to give a conceptual picture of the - * record layer, but the current implementation deviates - * from it in some places. For example, our implementation of - * the update functionality through mbedtls_ssl_read_record - * discards datagrams depending on the current state, which - * wouldn't fall under the record layer's responsibility - * following the above definition. - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, - unsigned update_hs_digest); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want); - -/* - * Write handshake message header - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type, - unsigned char **buf, size_t *buf_len); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, - int update_checksum, - int force_flush); -static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */); -} - -/* - * Write handshake message tail - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl, - size_t buf_len, size_t msg_len); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl); - -void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info); - -/* - * Update checksum of handshake messages. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char const *msg, - size_t msg_len); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, - mbedtls_key_exchange_type_t key_ex); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_SSL_CLI_C) || defined(MBEDTLS_SSL_SRV_C) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf); -#endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * Get the first defined opaque PSK by order of precedence: - * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK - * callback - * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque() - * Return an opaque PSK - */ -static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( - const mbedtls_ssl_context *ssl) -{ - if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - return ssl->handshake->psk_opaque; - } - - if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) { - return ssl->conf->psk_opaque; - } - - return MBEDTLS_SVC_KEY_ID_INIT; -} -#else -/** - * Get the first defined PSK by order of precedence: - * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback - * 2. static PSK configured by \c mbedtls_ssl_conf_psk() - * Return a code and update the pair (PSK, PSK length) passed to this function - */ -static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl, - const unsigned char **psk, size_t *psk_len) -{ - if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) { - *psk = ssl->handshake->psk; - *psk_len = ssl->handshake->psk_len; - } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) { - *psk = ssl->conf->psk; - *psk_len = ssl->conf->psk_len; - } else { - *psk = NULL; - *psk_len = 0; - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - return 0; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_PK_C) -unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type); -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); -#endif - -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); -unsigned char mbedtls_ssl_hash_from_md_alg(int md); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md); -#endif - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id); -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -/** - * \brief Return PSA EC info for the specified TLS ID. - * - * \param tls_id The TLS ID to look for - * \param type If the TLD ID is supported, then proper \c psa_key_type_t - * value is returned here. Can be NULL. - * \param bits If the TLD ID is supported, then proper bit size is returned - * here. Can be NULL. - * \return PSA_SUCCESS if the TLS ID is supported, - * PSA_ERROR_NOT_SUPPORTED otherwise - * - * \note If either \c family or \c bits parameters are NULL, then - * the corresponding value is not returned. - * The function can be called with both parameters as NULL - * simply to check if a specific TLS ID is supported. - */ -int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, - psa_key_type_t *type, - size_t *bits); - -/** - * \brief Return \c mbedtls_ecp_group_id for the specified TLS ID. - * - * \param tls_id The TLS ID to look for - * \return Proper \c mbedtls_ecp_group_id if the TLS ID is supported, - * or MBEDTLS_ECP_DP_NONE otherwise - */ -mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id); - -/** - * \brief Return TLS ID for the specified \c mbedtls_ecp_group_id. - * - * \param grp_id The \c mbedtls_ecp_group_id ID to look for - * \return Proper TLS ID if the \c mbedtls_ecp_group_id is supported, - * or 0 otherwise - */ -uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id); - -#if defined(MBEDTLS_DEBUG_C) -/** - * \brief Return EC's name for the specified TLS ID. - * - * \param tls_id The TLS ID to look for - * \return A pointer to a const string with the proper name. If TLS - * ID is not supported, a NULL pointer is returned instead. - */ -const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id); -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value - (const uint16_t srtp_profile_value) -{ - switch (srtp_profile_value) { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return srtp_profile_value; - default: break; - } - return MBEDTLS_TLS_SRTP_UNSET; -} -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_key_cert *key_cert; - - if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { - key_cert = ssl->handshake->key_cert; - } else { - key_cert = ssl->conf->key_cert; - } - - return key_cert == NULL ? NULL : key_cert->key; -} - -static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_key_cert *key_cert; - - if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { - key_cert = ssl->handshake->key_cert; - } else { - key_cert = ssl->conf->key_cert; - } - - return key_cert == NULL ? NULL : key_cert->cert; -} - -/* - * Verify a certificate. - * - * [in/out] ssl: misc. things read - * ssl->session_negotiate->verify_result updated - * [in] authmode: one of MBEDTLS_SSL_VERIFY_{NONE,OPTIONAL,REQUIRED} - * [in] chain: the certificate chain to verify (ie the peer's chain) - * [in] ciphersuite_info: For TLS 1.2, this session's ciphersuite; - * for TLS 1.3, may be left NULL. - * [in] rs_ctx: restart context if restartable ECC is in use; - * leave NULL for no restartable behaviour. - * - * Return: - * - 0 if the handshake should continue. Depending on the - * authmode it means: - * - REQUIRED: the certificate was found to be valid, trusted & acceptable. - * ssl->session_negotiate->verify_result is 0. - * - OPTIONAL: the certificate may or may not be acceptable, but - * ssl->session_negotiate->verify_result was updated with the result. - * - NONE: the certificate wasn't even checked. - * - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED or MBEDTLS_ERR_SSL_BAD_CERTIFICATE if - * the certificate was found to be invalid/untrusted/unacceptable and the - * handshake should be aborted (can only happen with REQUIRED). - * - another error code if another error happened (out-of-memory, etc.) - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info, - void *rs_ctx); - -/* - * Check usage of a certificate wrt usage extensions: - * keyUsage and extendedKeyUsage. - * (Note: nSCertType is deprecated and not standard, we don't check it.) - * - * Note: if tls_version is 1.3, ciphersuite is ignored and can be NULL. - * - * Note: recv_endpoint is the receiver's endpoint. - * - * Return 0 if everything is OK, -1 if not. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int recv_endpoint, - mbedtls_ssl_protocol_version tls_version, - uint32_t *flags); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -void mbedtls_ssl_write_version(unsigned char version[2], int transport, - mbedtls_ssl_protocol_version tls_version); -uint16_t mbedtls_ssl_read_version(const unsigned char version[2], - int transport); - -static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl) -{ -#if !defined(MBEDTLS_SSL_PROTO_DTLS) - ((void) ssl); -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 13; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - return 5; - } -} - -static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl) -{ - return (size_t) (ssl->out_iv - ssl->out_hdr); -} - -static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 12; - } -#else - ((void) ssl); -#endif - return 4; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl); -void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_resend(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl); -#endif - -/* Visible for testing purposes only */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl); -void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl); -#endif - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#ifdef __cplusplus -} -#endif - -void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec); - -/* Length of the "epoch" field in the record header */ -static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 2; - } -#else - ((void) ssl); -#endif - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); - -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl); -void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform); -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); -void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, - int partial); - -/* - * Send pending alert - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl); - -/* - * Set pending fatal alert flag. - */ -void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl, - unsigned char alert_type, - int alert_reason); - -/* Alias of mbedtls_ssl_pend_fatal_alert */ -#define MBEDTLS_SSL_PEND_FATAL_ALERT(type, user_return_value) \ - mbedtls_ssl_pend_fatal_alert(ssl, type, user_return_value) - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl); -#endif - -void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl); -void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl); -void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/** - * ssl utils functions for checking configuration. - */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_conf_is_tls13_only(const mbedtls_ssl_config *conf) -{ - return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static inline int mbedtls_ssl_conf_is_tls12_only(const mbedtls_ssl_config *conf) -{ - return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -static inline int mbedtls_ssl_conf_is_tls13_enabled(const mbedtls_ssl_config *conf) -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && - conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3; -#else - ((void) conf); - return 0; -#endif -} - -static inline int mbedtls_ssl_conf_is_tls12_enabled(const mbedtls_ssl_config *conf) -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 && - conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2; -#else - ((void) conf); - return 0; -#endif -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13(const mbedtls_ssl_config *conf) -{ - return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ - MBEDTLS_SERVER_HELLO_RANDOM_LEN]; -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl); -void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl); - -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.3 specific extensions of the ClientHello message. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the extensions - * \param[in] end End address of the buffer where to write the extensions - * \param[out] out_len Length of the data written into the buffer \p buf - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len); - -/** - * \brief TLS 1.3 client side state machine entry - * - * \param ssl SSL context - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl); - -/** - * \brief TLS 1.3 server side state machine entry - * - * \param ssl SSL context - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl); - - -/* - * Helper functions around key exchange modes. - */ -static inline int mbedtls_ssl_conf_tls13_is_kex_mode_enabled(mbedtls_ssl_context *ssl, - int kex_mode_mask) -{ - return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0; -} - -static inline int mbedtls_ssl_conf_tls13_is_psk_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); -} - -static inline int mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); -} - -static inline int mbedtls_ssl_conf_tls13_is_ephemeral_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); -} - -static inline int mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); -} - -static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); -} - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/** - * Given a list of key exchange modes, check if at least one of them is - * supported by peer. - * - * \param[in] ssl SSL context - * \param kex_modes_mask Mask of the key exchange modes to check - * - * \return Non-zero if at least one of the key exchange modes is supported by - * the peer, otherwise \c 0. - */ -static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl, - int kex_modes_mask) -{ - return (ssl->handshake->tls13_kex_modes & kex_modes_mask) != 0; -} - -static inline int mbedtls_ssl_tls13_is_psk_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); -} - -static inline int mbedtls_ssl_tls13_is_psk_ephemeral_supported( - mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); -} - -static inline int mbedtls_ssl_tls13_is_ephemeral_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); -} - -static inline int mbedtls_ssl_tls13_is_some_ephemeral_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); -} - -static inline int mbedtls_ssl_tls13_is_some_psk_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); -} -#endif /* MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -/* - * Helper functions for extensions checking. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_check_received_extension( - mbedtls_ssl_context *ssl, - int hs_msg_type, - unsigned int received_extension_type, - uint32_t hs_msg_allowed_extensions_mask); - -static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask( - mbedtls_ssl_context *ssl, unsigned int extension_type) -{ - ssl->handshake->sent_extensions |= - mbedtls_ssl_get_extension_mask(extension_type); -} - -/* - * Helper functions to check the selected key exchange mode. - */ -static inline int mbedtls_ssl_tls13_key_exchange_mode_check( - mbedtls_ssl_context *ssl, int kex_mask) -{ - return (ssl->handshake->key_exchange_mode & kex_mask) != 0; -} - -static inline int mbedtls_ssl_tls13_key_exchange_mode_with_psk( - mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_key_exchange_mode_check(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); -} - -static inline int mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( - mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_key_exchange_mode_check(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); -} - -/* - * Fetch TLS 1.3 handshake message header - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buf_len); - -/** - * \brief Detect if a list of extensions contains a supported_versions - * extension or not. - * - * \param[in] ssl SSL context - * \param[in] buf Address of the first byte of the extensions vector. - * \param[in] end End of the buffer containing the list of extensions. - * \param[out] supported_versions_data If the extension is present, address of - * its first byte of data, NULL otherwise. - * \param[out] supported_versions_data_end If the extension is present, address - * of the first byte immediately - * following the extension data, NULL - * otherwise. - * \return 0 if the list of extensions does not contain a supported_versions - * extension. - * \return 1 if the list of extensions contains a supported_versions - * extension. - * \return A negative value if an error occurred while parsing the - * extensions. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - mbedtls_ssl_context *ssl, - const unsigned char *buf, const unsigned char *end, - const unsigned char **supported_versions_data, - const unsigned char **supported_versions_data_end); - -/* - * Handler of TLS 1.3 server certificate message - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * Handler of TLS 1.3 write Certificate message - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl); - -/* - * Handler of TLS 1.3 write Certificate Verify message - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl); - -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * Generic handler of Certificate Verify - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl); - -/* - * Write of dummy-CCS's for middlebox compatibility - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl); - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *out_len); -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, - int in_new_session_ticket, - unsigned char *buf, - const unsigned char *end, - size_t *out_len); - -int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, - size_t early_data_len); - -typedef enum { -/* - * The client has not sent the first ClientHello yet, the negotiation of early - * data has not started yet. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_IDLE, - -/* - * In its ClientHello, the client has not included an early data indication - * extension. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT, - -/* - * The client has sent an early data indication extension in its first - * ClientHello, it has not received the response (ServerHello or - * HelloRetryRequest) from the server yet. The transform to protect early data - * is not set either as for middlebox compatibility a dummy CCS may have to be - * sent in clear. Early data cannot be sent to the server yet. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT, - -/* - * The client has sent an early data indication extension in its first - * ClientHello, it has not received the response (ServerHello or - * HelloRetryRequest) from the server yet. The transform to protect early data - * has been set and early data can be written now. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, - -/* - * The client has indicated the use of early data and the server has accepted - * it. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED, - -/* - * The client has indicated the use of early data but the server has rejected - * it. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED, - -/* - * The client has sent an early data indication extension in its first - * ClientHello, the server has accepted them and the client has received the - * server Finished message. It cannot send early data to the server anymore. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED, - -} mbedtls_ssl_early_data_state; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Write Signature Algorithm extension - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *out_len); -/* - * Parse TLS Signature Algorithm extension - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* Get handshake transcript */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t md, - unsigned char *dst, - size_t dst_len, - size_t *olen); - -/* - * Return supported groups. - * - * In future, invocations can be changed to ssl->conf->group_list - * when mbedtls_ssl_conf_curves() is deleted. - * - * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group - * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to - * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked. - * - */ -static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl) -{ - #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C) - return ssl->conf->group_list; - #else - if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) { - return ssl->handshake->group_list; - } else { - return ssl->conf->group_list; - } - #endif -} - -/* - * Helper functions for NamedGroup. - */ -static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group) -{ - /* - * RFC 8422 section 5.1.1 - */ - return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 || - /* Below deprecated curves should be removed with notice to users */ - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1; -} - -static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group) -{ - return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448; -} - -static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group) -{ - return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 && - named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192; -} - -static inline int mbedtls_ssl_named_group_is_offered( - const mbedtls_ssl_context *ssl, uint16_t named_group) -{ - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); - - if (group_list == NULL) { - return 0; - } - - for (; *group_list != 0; group_list++) { - if (*group_list == named_group) { - return 1; - } - } - - return 0; -} - -static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) -{ -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { - if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) != - MBEDTLS_ECP_DP_NONE) { - return 1; - } - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { - return 1; - } -#endif -#if !defined(PSA_WANT_ALG_ECDH) && !defined(PSA_WANT_ALG_FFDH) - (void) named_group; -#endif - return 0; -} - -/* - * Return supported signature algorithms. - * - * In future, invocations can be changed to ssl->conf->sig_algs when - * mbedtls_ssl_conf_sig_hashes() is deleted. - * - * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been - * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has - * been more recently invoked. - * - */ -static inline const void *mbedtls_ssl_get_sig_algs( - const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake != NULL && - ssl->handshake->sig_algs_heap_allocated == 1 && - ssl->handshake->sig_algs != NULL) { - return ssl->handshake->sig_algs; - } -#endif - return ssl->conf->sig_algs; - -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - ((void) ssl); - return NULL; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -static inline int mbedtls_ssl_sig_alg_is_received(const mbedtls_ssl_context *ssl, - uint16_t own_sig_alg) -{ - const uint16_t *sig_alg = ssl->handshake->received_sig_algs; - if (sig_alg == NULL) { - return 0; - } - - for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) { - if (*sig_alg == own_sig_alg) { - return 1; - } - } - return 0; -} - -static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( - const uint16_t sig_alg) -{ - switch (sig_alg) { -#if defined(PSA_HAVE_ALG_SOME_ECDSA) -#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - break; -#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - break; -#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - break; -#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - -#if defined(MBEDTLS_PKCS1_V21) -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - break; -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - break; -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - break; -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V21 */ - default: - return 0; - } - return 1; - -} - -static inline int mbedtls_ssl_tls13_sig_alg_is_supported( - const uint16_t sig_alg) -{ - switch (sig_alg) { -#if defined(MBEDTLS_PKCS1_V15) -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - break; -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - break; -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - break; -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V15 */ - default: - return mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( - sig_alg); - } - return 1; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg, - mbedtls_pk_context *key); -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, - uint16_t proposed_sig_alg) -{ - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); - if (sig_alg == NULL) { - return 0; - } - - for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) { - if (*sig_alg == proposed_sig_alg) { - return 1; - } - } - return 0; -} - -static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg) -{ - *pk_type = mbedtls_ssl_pk_alg_from_sig(sig_alg & 0xff); - *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff); - - if (*pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE) { - return 0; - } - - switch (sig_alg) { -#if defined(MBEDTLS_PKCS1_V21) -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V21 */ - default: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static inline int mbedtls_ssl_tls12_sig_alg_is_supported( - const uint16_t sig_alg) -{ - /* High byte is hash */ - unsigned char hash = MBEDTLS_BYTE_1(sig_alg); - unsigned char sig = MBEDTLS_BYTE_0(sig_alg); - - switch (hash) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_SSL_HASH_MD5: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_SSL_HASH_SHA1: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_SSL_HASH_SHA224: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_HASH_SHA256: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_HASH_SHA384: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_SSL_HASH_SHA512: - break; -#endif - - default: - return 0; - } - - switch (sig) { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - break; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - case MBEDTLS_SSL_SIG_ECDSA: - break; -#endif - - default: - return 0; - } - - return 1; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -static inline int mbedtls_ssl_sig_alg_is_supported( - const mbedtls_ssl_context *ssl, - const uint16_t sig_alg) -{ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - return mbedtls_ssl_tls12_sig_alg_is_supported(sig_alg); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - return mbedtls_ssl_tls13_sig_alg_is_supported(sig_alg); - } -#endif - ((void) ssl); - ((void) sig_alg); - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. - * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is - * guaranteed to not be a valid PSA algorithm identifier. - */ -#define MBEDTLS_SSL_NULL_CIPHER 0x04000000 - -/** - * \brief Translate mbedtls cipher type/taglen pair to psa: - * algorithm, key type and key size. - * - * \param mbedtls_cipher_type [in] given mbedtls cipher type - * \param taglen [in] given tag length - * 0 - default tag length - * \param alg [out] corresponding PSA alg - * There is no corresponding PSA - * alg for MBEDTLS_CIPHER_NULL, so - * in this case MBEDTLS_SSL_NULL_CIPHER - * is returned via this parameter - * \param key_type [out] corresponding PSA key type - * \param key_size [out] corresponding PSA key size - * - * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if - * conversion is not supported. - */ -psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type, - size_t taglen, - psa_algorithm_t *alg, - psa_key_type_t *key_type, - size_t *key_size); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Convert given PSA status to mbedtls error code. - * - * \param status [in] given PSA status - * - * \return corresponding mbedtls error code - */ -static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_SIGNATURE: - return MBEDTLS_ERR_SSL_INVALID_MAC; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - case PSA_ERROR_BAD_STATE: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - -typedef enum { - MBEDTLS_ECJPAKE_ROUND_ONE, - MBEDTLS_ECJPAKE_ROUND_TWO -} mbedtls_ecjpake_rounds_t; - -/** - * \brief Parse the provided input buffer for getting the first round - * of key exchange. This code is common between server and client - * - * \param pake_ctx [in] the PAKE's operation/context structure - * \param buf [in] input buffer to parse - * \param len [in] length of the input buffer - * \param round [in] either MBEDTLS_ECJPAKE_ROUND_ONE or - * MBEDTLS_ECJPAKE_ROUND_TWO - * - * \return 0 on success or a negative error code in case of failure - */ -int mbedtls_psa_ecjpake_read_round( - psa_pake_operation_t *pake_ctx, - const unsigned char *buf, - size_t len, mbedtls_ecjpake_rounds_t round); - -/** - * \brief Write the first round of key exchange into the provided output - * buffer. This code is common between server and client - * - * \param pake_ctx [in] the PAKE's operation/context structure - * \param buf [out] the output buffer in which data will be written to - * \param len [in] length of the output buffer - * \param olen [out] the length of the data really written on the buffer - * \param round [in] either MBEDTLS_ECJPAKE_ROUND_ONE or - * MBEDTLS_ECJPAKE_ROUND_TWO - * - * \return 0 on success or a negative error code in case of failure - */ -int mbedtls_psa_ecjpake_write_round( - psa_pake_operation_t *pake_ctx, - unsigned char *buf, - size_t len, size_t *olen, - mbedtls_ecjpake_rounds_t round); - -#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO - -/** - * \brief TLS record protection modes - */ -typedef enum { - MBEDTLS_SSL_MODE_STREAM = 0, - MBEDTLS_SSL_MODE_CBC, - MBEDTLS_SSL_MODE_CBC_ETM, - MBEDTLS_SSL_MODE_AEAD -} mbedtls_ssl_mode_t; - -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( - const mbedtls_ssl_transform *transform); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( - int encrypt_then_mac, - const mbedtls_ssl_ciphersuite_t *suite); -#else -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( - const mbedtls_ssl_ciphersuite_t *suite); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t buf_len); - -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - -static inline int mbedtls_ssl_tls13_cipher_suite_is_offered( - mbedtls_ssl_context *ssl, int cipher_suite) -{ - const int *ciphersuite_list = ssl->conf->ciphersuite_list; - - /* Check whether we have offered this ciphersuite */ - for (size_t i = 0; ciphersuite_list[i] != 0; i++) { - if (ciphersuite_list[i] == cipher_suite) { - return 1; - } - } - return 0; -} - -/** - * \brief Validate cipher suite against config in SSL context. - * - * \param ssl SSL context - * \param suite_info Cipher suite to validate - * \param min_tls_version Minimal TLS version to accept a cipher suite - * \param max_tls_version Maximal TLS version to accept a cipher suite - * - * \return 0 if valid, negative value otherwise. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_validate_ciphersuite( - const mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *suite_info, - mbedtls_ssl_protocol_version min_tls_version, - mbedtls_ssl_protocol_version max_tls_version); - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2) -#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) /* As defined in RFC 8449 */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len); -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); - - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len); -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_context *ssl, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen); -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.3 specific Pre-Shared key extension. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the extension - * \param[in] end End address of the buffer where to write the extension - * \param[out] out_len Length in bytes of the Pre-Shared key extension: data - * written into the buffer \p buf by this function plus - * the length of the binders to be written. - * \param[out] binders_len Length of the binders to be written at the end of - * the extension. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end, - size_t *out_len, size_t *binders_len); - -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.3 specific Pre-Shared key extension binders at the end of the - * ClientHello. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the binders - * \param[in] end End address of the buffer where to write the binders - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end); -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - defined(MBEDTLS_SSL_CLI_C) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, - const char *hostname); -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) && \ - defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session, - const char *alpn); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - -#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) - -static inline unsigned int mbedtls_ssl_tls13_session_get_ticket_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - return session->ticket_flags & - (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -} - -/** - * Check if at least one of the given flags is set in - * the session ticket. See the definition of - * `MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK` to get all - * permitted flags. - */ -static inline int mbedtls_ssl_tls13_session_ticket_has_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - return mbedtls_ssl_tls13_session_get_ticket_flags(session, flags) != 0; -} - -static inline int mbedtls_ssl_tls13_session_ticket_allow_psk( - mbedtls_ssl_session *session) -{ - return mbedtls_ssl_tls13_session_ticket_has_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); -} - -static inline int mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral( - mbedtls_ssl_session *session) -{ - return mbedtls_ssl_tls13_session_ticket_has_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); -} - -static inline unsigned int mbedtls_ssl_tls13_session_ticket_allow_early_data( - mbedtls_ssl_session *session) -{ - return mbedtls_ssl_tls13_session_ticket_has_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); -} - -static inline void mbedtls_ssl_tls13_session_set_ticket_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -} - -static inline void mbedtls_ssl_tls13_session_clear_ticket_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl); -#endif - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -/** Compute the HMAC of variable-length data with constant flow. - * - * This function computes the HMAC of the concatenation of \p add_data and \p - * data, and does with a code flow and memory access pattern that does not - * depend on \p data_len_secret, but only on \p min_data_len and \p - * max_data_len. In particular, this function always reads exactly \p - * max_data_len bytes from \p data. - * - * \param ctx The HMAC context. It must have keys configured - * with mbedtls_md_hmac_starts() and use one of the - * following hashes: SHA-384, SHA-256, SHA-1 or MD-5. - * It is reset using mbedtls_md_hmac_reset() after - * the computation is complete to prepare for the - * next computation. - * \param add_data The first part of the message whose HMAC is being - * calculated. This must point to a readable buffer - * of \p add_data_len bytes. - * \param add_data_len The length of \p add_data in bytes. - * \param data The buffer containing the second part of the - * message. This must point to a readable buffer - * of \p max_data_len bytes. - * \param data_len_secret The length of the data to process in \p data. - * This must be no less than \p min_data_len and no - * greater than \p max_data_len. - * \param min_data_len The minimal length of the second part of the - * message, read from \p data. - * \param max_data_len The maximal length of the second part of the - * message, read from \p data. - * \param output The HMAC will be written here. This must point to - * a writable buffer of sufficient size to hold the - * HMAC value. - * - * \retval 0 on success. - * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED - * The hardware accelerator failed. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, - psa_algorithm_t mac_alg, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output); -#else -int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output); -#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ -#endif /* MBEDTLS_TEST_HOOKS && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) */ - -#endif /* ssl_misc.h */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c deleted file mode 100644 index 7000e93e5..000000000 --- a/library/ssl_msg.c +++ /dev/null @@ -1,6364 +0,0 @@ -/* - * Generic SSL/TLS messaging layer functions - * (record layer + retransmission state machine) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * http://www.ietf.org/rfc/rfc2246.txt - * http://www.ietf.org/rfc/rfc4346.txt - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/version.h" -#include "constant_time_internal.h" -#include "mbedtls/constant_time.h" - -#include - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa_util_internal.h" -#include "psa/crypto.h" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - -#if defined(PSA_WANT_ALG_SHA_384) -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384) -#elif defined(PSA_WANT_ALG_SHA_256) -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256) -#else /* See check_config.h */ -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1) -#endif - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, - psa_algorithm_t mac_alg, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output) -{ - /* - * This function breaks the HMAC abstraction and uses psa_hash_clone() - * extension in order to get constant-flow behaviour. - * - * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means - * concatenation, and okey/ikey are the XOR of the key with some fixed bit - * patterns (see RFC 2104, sec. 2). - * - * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by - * hashing up to minlen, then cloning the context, and for each byte up - * to maxlen finishing up the hash computation, keeping only the - * correct result. - * - * Then we only need to compute HASH(okey + inner_hash) and we're done. - */ - psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg); - const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg); - unsigned char key_buf[MAX_HASH_BLOCK_LENGTH]; - const size_t hash_size = PSA_HASH_LENGTH(hash_alg); - psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; - size_t hash_length; - - unsigned char aux_out[PSA_HASH_MAX_SIZE]; - psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT; - size_t offset; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t mac_key_length; - size_t i; - -#define PSA_CHK(func_call) \ - do { \ - status = (func_call); \ - if (status != PSA_SUCCESS) \ - goto cleanup; \ - } while (0) - - /* Export MAC key - * We assume key length is always exactly the output size - * which is never more than the block size, thus we use block_size - * as the key buffer size. - */ - PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length)); - - /* Calculate ikey */ - for (i = 0; i < mac_key_length; i++) { - key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36); - } - for (; i < block_size; ++i) { - key_buf[i] = 0x36; - } - - PSA_CHK(psa_hash_setup(&operation, hash_alg)); - - /* Now compute inner_hash = HASH(ikey + msg) */ - PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); - PSA_CHK(psa_hash_update(&operation, add_data, add_data_len)); - PSA_CHK(psa_hash_update(&operation, data, min_data_len)); - - /* Fill the hash buffer in advance with something that is - * not a valid hash (barring an attack on the hash and - * deliberately-crafted input), in case the caller doesn't - * check the return status properly. */ - memset(output, '!', hash_size); - - /* For each possible length, compute the hash up to that point */ - for (offset = min_data_len; offset <= max_data_len; offset++) { - PSA_CHK(psa_hash_clone(&operation, &aux_operation)); - PSA_CHK(psa_hash_finish(&aux_operation, aux_out, - PSA_HASH_MAX_SIZE, &hash_length)); - /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret), - output, aux_out, NULL, hash_size); - - if (offset < max_data_len) { - PSA_CHK(psa_hash_update(&operation, data + offset, 1)); - } - } - - /* Abort current operation to prepare for final operation */ - PSA_CHK(psa_hash_abort(&operation)); - - /* Calculate okey */ - for (i = 0; i < mac_key_length; i++) { - key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C); - } - for (; i < block_size; ++i) { - key_buf[i] = 0x5C; - } - - /* Now compute HASH(okey + inner_hash) */ - PSA_CHK(psa_hash_setup(&operation, hash_alg)); - PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); - PSA_CHK(psa_hash_update(&operation, output, hash_size)); - PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length)); - -#undef PSA_CHK - -cleanup: - mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH); - mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE); - - psa_hash_abort(&operation); - psa_hash_abort(&aux_operation); - return PSA_TO_MBEDTLS_ERR(status); -} - -#undef MAX_HASH_BLOCK_LENGTH - -#else -MBEDTLS_STATIC_TESTABLE -int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output) -{ - /* - * This function breaks the HMAC abstraction and uses the md_clone() - * extension to the MD API in order to get constant-flow behaviour. - * - * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means - * concatenation, and okey/ikey are the XOR of the key with some fixed bit - * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. - * - * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to - * minlen, then cloning the context, and for each byte up to maxlen - * finishing up the hash computation, keeping only the correct result. - * - * Then we only need to compute HASH(okey + inner_hash) and we're done. - */ - const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); - /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5, - * all of which have the same block size except SHA-384. */ - const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; - const unsigned char * const ikey = ctx->hmac_ctx; - const unsigned char * const okey = ikey + block_size; - const size_t hash_size = mbedtls_md_get_size(ctx->md_info); - - unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; - mbedtls_md_context_t aux; - size_t offset; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init(&aux); - -#define MD_CHK(func_call) \ - do { \ - ret = (func_call); \ - if (ret != 0) \ - goto cleanup; \ - } while (0) - - MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0)); - - /* After hmac_start() of hmac_reset(), ikey has already been hashed, - * so we can start directly with the message */ - MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len)); - MD_CHK(mbedtls_md_update(ctx, data, min_data_len)); - - /* Fill the hash buffer in advance with something that is - * not a valid hash (barring an attack on the hash and - * deliberately-crafted input), in case the caller doesn't - * check the return status properly. */ - memset(output, '!', hash_size); - - /* For each possible length, compute the hash up to that point */ - for (offset = min_data_len; offset <= max_data_len; offset++) { - MD_CHK(mbedtls_md_clone(&aux, ctx)); - MD_CHK(mbedtls_md_finish(&aux, aux_out)); - /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret), - output, aux_out, NULL, hash_size); - - if (offset < max_data_len) { - MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); - } - } - - /* The context needs to finish() before it starts() again */ - MD_CHK(mbedtls_md_finish(ctx, aux_out)); - - /* Now compute HASH(okey + inner_hash) */ - MD_CHK(mbedtls_md_starts(ctx)); - MD_CHK(mbedtls_md_update(ctx, okey, block_size)); - MD_CHK(mbedtls_md_update(ctx, output, hash_size)); - MD_CHK(mbedtls_md_finish(ctx, output)); - - /* Done, get ready for next time */ - MD_CHK(mbedtls_md_hmac_reset(ctx)); - -#undef MD_CHK - -cleanup: - mbedtls_md_free(&aux); - return ret; -} - -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); - -/* - * Start a timer. - * Passing millisecs = 0 cancels a running timer. - */ -void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs) -{ - if (ssl->f_set_timer == NULL) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("set_timer to %d ms", (int) millisecs)); - ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs); -} - -/* - * Return -1 is timer is expired, 0 if it isn't. - */ -int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl) -{ - if (ssl->f_get_timer == NULL) { - return 0; - } - - if (ssl->f_get_timer(ssl->p_timer) == 2) { - MBEDTLS_SSL_DEBUG_MSG(3, ("timer expired")); - return -1; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec); - -int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen) -{ - int ret = 0; - MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record")); - MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen); - - /* We don't support record checking in TLS because - * there doesn't seem to be a usecase for it. - */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - goto exit; - } -#if defined(MBEDTLS_SSL_PROTO_DTLS) - else { - mbedtls_record rec; - - ret = ssl_parse_record_header(ssl, buf, buflen, &rec); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(3, "ssl_parse_record_header", ret); - goto exit; - } - - if (ssl->transform_in != NULL) { - ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(3, "mbedtls_ssl_decrypt_buf", ret); - goto exit; - } - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -exit: - /* On success, we have decrypted the buffer in-place, so make - * sure we don't leak any plaintext data. */ - mbedtls_platform_zeroize(buf, buflen); - - /* For the purpose of this API, treat messages with unexpected CID - * as well as such from future epochs as unexpected. */ - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || - ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { - ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record")); - return ret; -} - -#define SSL_DONT_FORCE_FLUSH 0 -#define SSL_FORCE_FLUSH 1 - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -/* Forward declarations for functions related to message buffering. */ -static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, - uint8_t slot); -static void ssl_free_buffered_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, - mbedtls_record const *rec); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl); - -static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl) -{ - size_t mtu = mbedtls_ssl_get_current_mtu(ssl); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len; -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - - if (mtu != 0 && mtu < out_buf_len) { - return mtu; - } - - return out_buf_len; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl) -{ - size_t const bytes_written = ssl->out_left; - size_t const mtu = ssl_get_maximum_datagram_size(ssl); - - /* Double-check that the write-index hasn't gone - * past what we can transmit in a single datagram. */ - if (bytes_written > mtu) { - /* Should never happen... */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return (int) (mtu - bytes_written); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t remaining, expansion; - size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - - if (max_len > mfl) { - max_len = mfl; - } - - /* By the standard (RFC 6066 Sect. 4), the MFL extension - * only limits the maximum record payload size, so in theory - * we would be allowed to pack multiple records of payload size - * MFL into a single datagram. However, this would mean that there's - * no way to explicitly communicate MTU restrictions to the peer. - * - * The following reduction of max_len makes sure that we never - * write datagrams larger than MFL + Record Expansion Overhead. - */ - if (max_len <= ssl->out_left) { - return 0; - } - - max_len -= ssl->out_left; -#endif - - ret = ssl_get_remaining_space_in_datagram(ssl); - if (ret < 0) { - return ret; - } - remaining = (size_t) ret; - - ret = mbedtls_ssl_get_record_expansion(ssl); - if (ret < 0) { - return ret; - } - expansion = (size_t) ret; - - if (remaining <= expansion) { - return 0; - } - - remaining -= expansion; - if (remaining >= max_len) { - remaining = max_len; - } - - return (int) remaining; -} - -/* - * Double the retransmit timeout value, within the allowed range, - * returning -1 if the maximum value has already been reached. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl) -{ - uint32_t new_timeout; - - if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) { - return -1; - } - - /* Implement the final paragraph of RFC 6347 section 4.1.1.1 - * in the following way: after the initial transmission and a first - * retransmission, back off to a temporary estimated MTU of 508 bytes. - * This value is guaranteed to be deliverable (if not guaranteed to be - * delivered) of any compliant IPv4 (and IPv6) network, and should work - * on most non-IP stacks too. */ - if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) { - ssl->handshake->mtu = 508; - MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu)); - } - - new_timeout = 2 * ssl->handshake->retransmit_timeout; - - /* Avoid arithmetic overflow and range overflow */ - if (new_timeout < ssl->handshake->retransmit_timeout || - new_timeout > ssl->conf->hs_timeout_max) { - new_timeout = ssl->conf->hs_timeout_max; - } - - ssl->handshake->retransmit_timeout = new_timeout; - MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout)); - - return 0; -} - -static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl) -{ - ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; - MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout)); -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/* - * Encryption/decryption functions - */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - -static size_t ssl_compute_padding_length(size_t len, - size_t granularity) -{ - return (granularity - (len + 1) % granularity) % granularity; -} - -/* This functions transforms a (D)TLS plaintext fragment and a record content - * type into an instance of the (D)TLSInnerPlaintext structure. This is used - * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect - * a record's content type. - * - * struct { - * opaque content[DTLSPlaintext.length]; - * ContentType real_type; - * uint8 zeros[length_of_padding]; - * } (D)TLSInnerPlaintext; - * - * Input: - * - `content`: The beginning of the buffer holding the - * plaintext to be wrapped. - * - `*content_size`: The length of the plaintext in Bytes. - * - `max_len`: The number of Bytes available starting from - * `content`. This must be `>= *content_size`. - * - `rec_type`: The desired record content type. - * - * Output: - * - `content`: The beginning of the resulting (D)TLSInnerPlaintext structure. - * - `*content_size`: The length of the resulting (D)TLSInnerPlaintext structure. - * - * Returns: - * - `0` on success. - * - A negative error code if `max_len` didn't offer enough space - * for the expansion. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_build_inner_plaintext(unsigned char *content, - size_t *content_size, - size_t remaining, - uint8_t rec_type, - size_t pad) -{ - size_t len = *content_size; - - /* Write real content type */ - if (remaining == 0) { - return -1; - } - content[len] = rec_type; - len++; - remaining--; - - if (remaining < pad) { - return -1; - } - memset(content + len, 0, pad); - len += pad; - remaining -= pad; - - *content_size = len; - return 0; -} - -/* This function parses a (D)TLSInnerPlaintext structure. - * See ssl_build_inner_plaintext() for details. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_inner_plaintext(unsigned char const *content, - size_t *content_size, - uint8_t *rec_type) -{ - size_t remaining = *content_size; - - /* Determine length of padding by skipping zeroes from the back. */ - do { - if (remaining == 0) { - return -1; - } - remaining--; - } while (content[remaining] == 0); - - *content_size = remaining; - *rec_type = content[remaining]; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* The size of the `add_data` structure depends on various - * factors, namely - * - * 1) CID functionality disabled - * - * additional_data = - * 8: seq_num + - * 1: type + - * 2: version + - * 2: length of inner plaintext + - * - * size = 13 bytes - * - * 2) CID functionality based on RFC 9146 enabled - * - * size = 8 + 1 + 1 + 1 + 2 + 2 + 6 + 2 + CID-length - * = 23 + CID-length - * - * 3) CID functionality based on legacy CID version - according to draft-ietf-tls-dtls-connection-id-05 - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05 - * - * size = 13 + 1 + CID-length - * - * More information about the CID usage: - * - * Per Section 5.3 of draft-ietf-tls-dtls-connection-id-05 the - * size of the additional data structure is calculated as: - * - * additional_data = - * 8: seq_num + - * 1: tls12_cid + - * 2: DTLSCipherText.version + - * n: cid + - * 1: cid_length + - * 2: length_of_DTLSInnerPlaintext - * - * Per RFC 9146 the size of the add_data structure is calculated as: - * - * additional_data = - * 8: seq_num_placeholder + - * 1: tls12_cid + - * 1: cid_length + - * 1: tls12_cid + - * 2: DTLSCiphertext.version + - * 2: epoch + - * 6: sequence_number + - * n: cid + - * 2: length_of_DTLSInnerPlaintext - * - */ -static void ssl_extract_add_data_from_record(unsigned char *add_data, - size_t *add_data_len, - mbedtls_record *rec, - mbedtls_ssl_protocol_version - tls_version, - size_t taglen) -{ - /* Several types of ciphers have been defined for use with TLS and DTLS, - * and the MAC calculations for those ciphers differ slightly. Further - * variants were added when the CID functionality was added with RFC 9146. - * This implementations also considers the use of a legacy version of the - * CID specification published in draft-ietf-tls-dtls-connection-id-05, - * which is used in deployments. - * - * We will distinguish between the non-CID and the CID cases below. - * - * --- Non-CID cases --- - * - * Quoting RFC 5246 (TLS 1.2): - * - * additional_data = seq_num + TLSCompressed.type + - * TLSCompressed.version + TLSCompressed.length; - * - * For TLS 1.3, the record sequence number is dropped from the AAD - * and encoded within the nonce of the AEAD operation instead. - * Moreover, the additional data involves the length of the TLS - * ciphertext, not the TLS plaintext as in earlier versions. - * Quoting RFC 8446 (TLS 1.3): - * - * additional_data = TLSCiphertext.opaque_type || - * TLSCiphertext.legacy_record_version || - * TLSCiphertext.length - * - * We pass the tag length to this function in order to compute the - * ciphertext length from the inner plaintext length rec->data_len via - * - * TLSCiphertext.length = TLSInnerPlaintext.length + taglen. - * - * --- CID cases --- - * - * RFC 9146 uses a common pattern when constructing the data - * passed into a MAC / AEAD cipher. - * - * Data concatenation for MACs used with block ciphers with - * Encrypt-then-MAC Processing (with CID): - * - * data = seq_num_placeholder + - * tls12_cid + - * cid_length + - * tls12_cid + - * DTLSCiphertext.version + - * epoch + - * sequence_number + - * cid + - * DTLSCiphertext.length + - * IV + - * ENC(content + padding + padding_length) - * - * Data concatenation for MACs used with block ciphers (with CID): - * - * data = seq_num_placeholder + - * tls12_cid + - * cid_length + - * tls12_cid + - * DTLSCiphertext.version + - * epoch + - * sequence_number + - * cid + - * length_of_DTLSInnerPlaintext + - * DTLSInnerPlaintext.content + - * DTLSInnerPlaintext.real_type + - * DTLSInnerPlaintext.zeros - * - * AEAD ciphers use the following additional data calculation (with CIDs): - * - * additional_data = seq_num_placeholder + - * tls12_cid + - * cid_length + - * tls12_cid + - * DTLSCiphertext.version + - * epoch + - * sequence_number + - * cid + - * length_of_DTLSInnerPlaintext - * - * Section 5.3 of draft-ietf-tls-dtls-connection-id-05 (for legacy CID use) - * defines the additional data calculation as follows: - * - * additional_data = seq_num + - * tls12_cid + - * DTLSCipherText.version + - * cid + - * cid_length + - * length_of_DTLSInnerPlaintext - */ - - unsigned char *cur = add_data; - size_t ad_len_field = rec->data_len; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 - const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* In TLS 1.3, the AAD contains the length of the TLSCiphertext, - * which differs from the length of the TLSInnerPlaintext - * by the length of the authentication tag. */ - ad_len_field += taglen; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { - ((void) tls_version); - ((void) taglen); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 - if (rec->cid_len != 0) { - // seq_num_placeholder - memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder)); - cur += sizeof(seq_num_placeholder); - - // tls12_cid type - *cur = rec->type; - cur++; - - // cid_length - *cur = rec->cid_len; - cur++; - } else -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - { - // epoch + sequence number - memcpy(cur, rec->ctr, sizeof(rec->ctr)); - cur += sizeof(rec->ctr); - } - } - - // type - *cur = rec->type; - cur++; - - // version - memcpy(cur, rec->ver, sizeof(rec->ver)); - cur += sizeof(rec->ver); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1 - - if (rec->cid_len != 0) { - // CID - memcpy(cur, rec->cid, rec->cid_len); - cur += rec->cid_len; - - // cid_length - *cur = rec->cid_len; - cur++; - - // length of inner plaintext - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } else -#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 - - if (rec->cid_len != 0) { - // epoch + sequence number - memcpy(cur, rec->ctr, sizeof(rec->ctr)); - cur += sizeof(rec->ctr); - - // CID - memcpy(cur, rec->cid, rec->cid_len); - cur += rec->cid_len; - - // length of inner plaintext - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } else -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - { - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } - - *add_data_len = (size_t) (cur - add_data); -} - -#if defined(MBEDTLS_SSL_HAVE_AEAD) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_transform_aead_dynamic_iv_is_explicit( - mbedtls_ssl_transform const *transform) -{ - return transform->ivlen != transform->fixed_ivlen; -} - -/* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV ) - * - * Concretely, this occurs in two variants: - * - * a) Fixed and dynamic IV lengths add up to total IV length, giving - * IV = fixed_iv || dynamic_iv - * - * This variant is used in TLS 1.2 when used with GCM or CCM. - * - * b) Fixed IV lengths matches total IV length, giving - * IV = fixed_iv XOR ( 0 || dynamic_iv ) - * - * This variant occurs in TLS 1.3 and for TLS 1.2 when using ChaChaPoly. - * - * See also the documentation of mbedtls_ssl_transform. - * - * This function has the precondition that - * - * dst_iv_len >= max( fixed_iv_len, dynamic_iv_len ) - * - * which has to be ensured by the caller. If this precondition - * violated, the behavior of this function is undefined. - */ -static void ssl_build_record_nonce(unsigned char *dst_iv, - size_t dst_iv_len, - unsigned char const *fixed_iv, - size_t fixed_iv_len, - unsigned char const *dynamic_iv, - size_t dynamic_iv_len) -{ - /* Start with Fixed IV || 0 */ - memset(dst_iv, 0, dst_iv_len); - memcpy(dst_iv, fixed_iv, fixed_iv_len); - - dst_iv += dst_iv_len - dynamic_iv_len; - mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len); -} -#endif /* MBEDTLS_SSL_HAVE_AEAD */ - -int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - mbedtls_ssl_mode_t ssl_mode; - int auth_done = 0; - unsigned char *data; - /* For an explanation of the additional data length see - * the description of ssl_extract_add_data_from_record(). - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char add_data[23 + MBEDTLS_SSL_CID_OUT_LEN_MAX]; -#else - unsigned char add_data[13]; -#endif - size_t add_data_len; - size_t post_avail; - - /* The SSL context is only used for debugging purposes! */ -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for debug */ - ((void) ssl); -#endif - - /* The PRNG is used for dynamic IV generation that's used - * for CBC transformations in TLS 1.2. */ -#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2)) - ((void) f_rng); - ((void) p_rng); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); - - if (transform == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no transform provided to encrypt_buf")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - if (rec == NULL - || rec->buf == NULL - || rec->buf_len < rec->data_offset - || rec->buf_len - rec->data_offset < rec->data_len -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - || rec->cid_len != 0 -#endif - ) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to encrypt_buf")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); - - data = rec->buf + rec->data_offset; - post_avail = rec->buf_len - (rec->data_len + rec->data_offset); - MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload", - data, rec->data_len); - - if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET - " too large, maximum %" MBEDTLS_PRINTF_SIZET, - rec->data_len, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* The following two code paths implement the (D)TLSInnerPlaintext - * structure present in TLS 1.3 and DTLS 1.2 + CID. - * - * See ssl_build_inner_plaintext() for more information. - * - * Note that this changes `rec->data_len`, and hence - * `post_avail` needs to be recalculated afterwards. - * - * Note also that the two code paths cannot occur simultaneously - * since they apply to different versions of the protocol. There - * is hence no risk of double-addition of the inner plaintext. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - size_t padding = - ssl_compute_padding_length(rec->data_len, - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - if (ssl_build_inner_plaintext(data, - &rec->data_len, - post_avail, - rec->type, - padding) != 0) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* - * Add CID information - */ - rec->cid_len = transform->out_cid_len; - memcpy(rec->cid, transform->out_cid, transform->out_cid_len); - MBEDTLS_SSL_DEBUG_BUF(3, "CID", rec->cid, rec->cid_len); - - if (rec->cid_len != 0) { - size_t padding = - ssl_compute_padding_length(rec->data_len, - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - /* - * Wrap plaintext into DTLSInnerPlaintext structure. - * See ssl_build_inner_plaintext() for more information. - * - * Note that this changes `rec->data_len`, and hence - * `post_avail` needs to be recalculated afterwards. - */ - if (ssl_build_inner_plaintext(data, - &rec->data_len, - post_avail, - rec->type, - padding) != 0) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - rec->type = MBEDTLS_SSL_MSG_CID; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - post_avail = rec->buf_len - (rec->data_len + rec->data_offset); - - /* - * Add MAC before if needed - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || - ssl_mode == MBEDTLS_SSL_MODE_CBC) { - if (post_avail < transform->maclen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t sign_mac_length = 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, - transform->psa_mac_alg); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - status = psa_mac_update(&operation, add_data, add_data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - status = psa_mac_update(&operation, data, rec->data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - status = psa_mac_sign_finish(&operation, mac, MBEDTLS_SSL_MAC_ADD, - &sign_mac_length); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } -#else - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, - add_data_len); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } - ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } - ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - memcpy(data + rec->data_len, mac, transform->maclen); -#endif - - MBEDTLS_SSL_DEBUG_BUF(4, "computed mac", data + rec->data_len, - transform->maclen); - - rec->data_len += transform->maclen; - post_avail -= transform->maclen; - auth_done++; - -hmac_failed_etm_disabled: - mbedtls_platform_zeroize(mac, transform->maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = PSA_TO_MBEDTLS_ERR(status); - status = psa_mac_abort(&operation); - if (ret == 0 && status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - /* - * Encrypt - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { - MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %d bytes of padding", - rec->data_len, 0)); - - /* The only supported stream cipher is "NULL", - * so there's nothing to do here.*/ - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ - -#if defined(MBEDTLS_SSL_HAVE_AEAD) - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - unsigned char iv[12]; - unsigned char *dynamic_iv; - size_t dynamic_iv_len; - int dynamic_iv_is_explicit = - ssl_transform_aead_dynamic_iv_is_explicit(transform); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Check that there's space for the authentication tag. */ - if (post_avail < transform->taglen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Build nonce for AEAD encryption. - * - * Note: In the case of CCM and GCM in TLS 1.2, the dynamic - * part of the IV is prepended to the ciphertext and - * can be chosen freely - in particular, it need not - * agree with the record sequence number. - * However, since ChaChaPoly as well as all AEAD modes - * in TLS 1.3 use the record sequence number as the - * dynamic part of the nonce, we uniformly use the - * record sequence number here in all cases. - */ - dynamic_iv = rec->ctr; - dynamic_iv_len = sizeof(rec->ctr); - - ssl_build_record_nonce(iv, sizeof(iv), - transform->iv_enc, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len); - - /* - * Build additional data for AEAD encryption. - * This depends on the TLS version. - */ - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - - MBEDTLS_SSL_DEBUG_BUF(4, "IV used (internal)", - iv, transform->ivlen); - MBEDTLS_SSL_DEBUG_BUF(4, "IV used (transmitted)", - dynamic_iv, - dynamic_iv_is_explicit ? dynamic_iv_len : 0); - MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", - add_data, add_data_len); - MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including 0 bytes of padding", - rec->data_len)); - - /* - * Encrypt and authenticate - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_aead_encrypt(transform->psa_key_enc, - transform->psa_alg, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len, - data, rec->buf_len - (data - rec->buf), - &rec->data_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret); - return ret; - } -#else - if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len, /* src */ - data, rec->buf_len - (size_t) (data - rec->buf), /* dst */ - &rec->data_len, - transform->taglen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag", - data + rec->data_len - transform->taglen, - transform->taglen); - /* Account for authentication tag. */ - post_avail -= transform->taglen; - - /* - * Prefix record content with dynamic IV in case it is explicit. - */ - if (dynamic_iv_is_explicit != 0) { - if (rec->data_offset < dynamic_iv_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - memcpy(data - dynamic_iv_len, dynamic_iv, dynamic_iv_len); - rec->data_offset -= dynamic_iv_len; - rec->data_len += dynamic_iv_len; - } - - auth_done++; - } else -#endif /* MBEDTLS_SSL_HAVE_AEAD */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC || - ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t padlen, i; - size_t olen; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t part_len; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* Currently we're always using minimal padding - * (up to 255 bytes would be allowed). */ - padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; - if (padlen == transform->ivlen) { - padlen = 0; - } - - /* Check there's enough space in the buffer for the padding. */ - if (post_avail < padlen + 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - for (i = 0; i <= padlen; i++) { - data[rec->data_len + i] = (unsigned char) padlen; - } - - rec->data_len += padlen + 1; - post_avail -= padlen + 1; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Prepend per-record IV for block cipher in TLS v1.2 as per - * Method 1 (6.2.3.2. in RFC4346 and RFC5246) - */ - if (f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (rec->data_offset < transform->ivlen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Generate IV - */ - ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); - if (ret != 0) { - return ret; - } - - memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %" - MBEDTLS_PRINTF_SIZET - " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", - rec->data_len, transform->ivlen, - padlen + 1)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, transform->psa_alg); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret); - return ret; - } - - status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret); - return ret; - - } - - status = psa_cipher_update(&cipher_op, - data, rec->data_len, - data, rec->data_len, &olen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret); - return ret; - - } - - status = psa_cipher_finish(&cipher_op, - data + olen, rec->data_len - olen, - &part_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret); - return ret; - - } - - olen += part_len; -#else - if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - transform->iv_enc, - transform->ivlen, - data, rec->data_len, - data, &olen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (rec->data_len != olen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - data -= transform->ivlen; - rec->data_offset -= transform->ivlen; - rec->data_len += transform->ivlen; - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (auth_done == 0) { - unsigned char mac[MBEDTLS_SSL_MAC_ADD]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - size_t sign_mac_length = 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* MAC(MAC_write_key, add_data, IV, ENC(content + padding + padding_length)) - */ - - if (post_avail < transform->maclen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl_extract_add_data_from_record(add_data, &add_data_len, - rec, transform->tls_version, - transform->taglen); - - MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); - MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, - add_data_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, - transform->psa_mac_alg); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, add_data, add_data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, data, rec->data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_sign_finish(&operation, mac, MBEDTLS_SSL_MAC_ADD, - &sign_mac_length); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } -#else - - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, - add_data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, - data, rec->data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - memcpy(data + rec->data_len, mac, transform->maclen); - - rec->data_len += transform->maclen; - post_avail -= transform->maclen; - auth_done++; - -hmac_failed_etm_enabled: - mbedtls_platform_zeroize(mac, transform->maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = PSA_TO_MBEDTLS_ERR(status); - status = psa_mac_abort(&operation); - if (ret == 0 && status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Make extra sure authentication was performed, exactly once */ - if (auth_done != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= encrypt buf")); - - return 0; -} - -int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_SSL_HAVE_AEAD) - size_t olen; -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_SSL_HAVE_AEAD */ - mbedtls_ssl_mode_t ssl_mode; - int ret; - - int auth_done = 0; -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - size_t padlen = 0; - mbedtls_ct_condition_t correct = MBEDTLS_CT_TRUE; -#endif - unsigned char *data; - /* For an explanation of the additional data length see - * the description of ssl_extract_add_data_from_record(). - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char add_data[23 + MBEDTLS_SSL_CID_IN_LEN_MAX]; -#else - unsigned char add_data[13]; -#endif - size_t add_data_len; - -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for debug */ - ((void) ssl); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> decrypt buf")); - if (rec == NULL || - rec->buf == NULL || - rec->buf_len < rec->data_offset || - rec->buf_len - rec->data_offset < rec->data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to decrypt_buf")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - data = rec->buf + rec->data_offset; - ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* - * Match record's CID with incoming CID. - */ - if (rec->cid_len != transform->in_cid_len || - memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { - return MBEDTLS_ERR_SSL_UNEXPECTED_CID; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { - if (rec->data_len < transform->maclen) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Record too short for MAC:" - " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET, - rec->data_len, transform->maclen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - /* The only supported stream cipher is "NULL", - * so there's no encryption to do here.*/ - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_SSL_HAVE_AEAD) - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - unsigned char iv[12]; - unsigned char *dynamic_iv; - size_t dynamic_iv_len; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* - * Extract dynamic part of nonce for AEAD decryption. - * - * Note: In the case of CCM and GCM in TLS 1.2, the dynamic - * part of the IV is prepended to the ciphertext and - * can be chosen freely - in particular, it need not - * agree with the record sequence number. - */ - dynamic_iv_len = sizeof(rec->ctr); - if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { - if (rec->data_len < dynamic_iv_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - dynamic_iv_len)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - dynamic_iv = data; - - data += dynamic_iv_len; - rec->data_offset += dynamic_iv_len; - rec->data_len -= dynamic_iv_len; - } else { - dynamic_iv = rec->ctr; - } - - /* Check that there's space for the authentication tag. */ - if (rec->data_len < transform->taglen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - transform->taglen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - rec->data_len -= transform->taglen; - - /* - * Prepare nonce from dynamic and static parts. - */ - ssl_build_record_nonce(iv, sizeof(iv), - transform->iv_dec, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len); - - /* - * Build additional data for AEAD encryption. - * This depends on the TLS version. - */ - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", - add_data, add_data_len); - - /* Because of the check above, we know that there are - * explicit_iv_len Bytes preceding data, and taglen - * bytes following data + data_len. This justifies - * the debug message and the invocation of - * mbedtls_cipher_auth_decrypt_ext() below. */ - - MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); - MBEDTLS_SSL_DEBUG_BUF(4, "TAG used", data + rec->data_len, - transform->taglen); - - /* - * Decrypt and authenticate - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_aead_decrypt(transform->psa_key_dec, - transform->psa_alg, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, - data, rec->buf_len - (data - rec->buf), - &olen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret); - return ret; - } -#else - if ((ret = mbedtls_cipher_auth_decrypt_ext - (&transform->cipher_ctx_dec, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, /* src */ - data, rec->buf_len - (size_t) (data - rec->buf), &olen, /* dst */ - transform->taglen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret); - - if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - auth_done++; - - /* Double-check that AEAD decryption doesn't change content length. */ - if (olen != rec->data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } else -#endif /* MBEDTLS_SSL_HAVE_AEAD */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC || - ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - size_t minlen = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t part_len; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* - * Check immediate ciphertext sanity - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* The ciphertext is prefixed with the CBC IV. */ - minlen += transform->ivlen; -#endif - - /* Size considerations: - * - * - The CBC cipher text must not be empty and hence - * at least of size transform->ivlen. - * - * Together with the potential IV-prefix, this explains - * the first of the two checks below. - * - * - The record must contain a MAC, either in plain or - * encrypted, depending on whether Encrypt-then-MAC - * is used or not. - * - If it is, the message contains the IV-prefix, - * the CBC ciphertext, and the MAC. - * - If it is not, the padded plaintext, and hence - * the CBC ciphertext, has at least length maclen + 1 - * because there is at least the padding length byte. - * - * As the CBC ciphertext is not empty, both cases give the - * lower bound minlen + maclen + 1 on the record size, which - * we test for in the second check below. - */ - if (rec->data_len < minlen + transform->ivlen || - rec->data_len < minlen + transform->maclen + 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET - "), maclen (%" MBEDTLS_PRINTF_SIZET ") " - "+ 1 ) ( + expl IV )", - rec->data_len, - transform->ivlen, - transform->maclen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - /* - * Authenticate before decrypt if enabled - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#else - unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); - - /* Update data_len in tandem with add_data. - * - * The subtraction is safe because of the previous check - * data_len >= minlen + maclen + 1. - * - * Afterwards, we know that data + data_len is followed by at - * least maclen Bytes, which justifies the call to - * mbedtls_ct_memcmp() below. - * - * Further, we still know that data_len > minlen */ - rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - - /* Calculate expected MAC. */ - MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, - add_data_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, - transform->psa_mac_alg); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, add_data, add_data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, data, rec->data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - /* Compare expected MAC with MAC at the end of the record. */ - status = psa_mac_verify_finish(&operation, data + rec->data_len, - transform->maclen); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } -#else - ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, - add_data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, - data, rec->data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "message mac", data + rec->data_len, - transform->maclen); - MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, - transform->maclen); - - /* Compare expected MAC with MAC at the end of the record. */ - if (mbedtls_ct_memcmp(data + rec->data_len, mac_expect, - transform->maclen) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); - ret = MBEDTLS_ERR_SSL_INVALID_MAC; - goto hmac_failed_etm_enabled; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - auth_done++; - -hmac_failed_etm_enabled: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = PSA_TO_MBEDTLS_ERR(status); - status = psa_mac_abort(&operation); - if (ret == 0 && status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } -#else - mbedtls_platform_zeroize(mac_expect, transform->maclen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret); - } - return ret; - } - } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - - /* - * Check length sanity - */ - - /* We know from above that data_len > minlen >= 0, - * so the following check in particular implies that - * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ - if (rec->data_len % transform->ivlen != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", - rec->data_len, transform->ivlen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Initialize for prepended IV for block cipher in TLS v1.2 - */ - /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ - memcpy(transform->iv_dec, data, transform->ivlen); - - data += transform->ivlen; - rec->data_offset += transform->ivlen; - rec->data_len -= transform->ivlen; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_cipher_decrypt_setup(&cipher_op, - transform->psa_key_dec, transform->psa_alg); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret); - return ret; - } - - status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret); - return ret; - } - - status = psa_cipher_update(&cipher_op, - data, rec->data_len, - data, rec->data_len, &olen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret); - return ret; - } - - status = psa_cipher_finish(&cipher_op, - data + olen, rec->data_len - olen, - &part_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret); - return ret; - } - - olen += part_len; -#else - - if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, - transform->iv_dec, transform->ivlen, - data, rec->data_len, data, &olen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* Double-check that length hasn't changed during decryption. */ - if (rec->data_len != olen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Safe since data_len >= minlen + maclen + 1, so after having - * subtracted at most minlen and maclen up to this point, - * data_len > 0 (because of data_len % ivlen == 0, it's actually - * >= ivlen ). */ - padlen = data[rec->data_len - 1]; - - if (auth_done == 1) { - const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( - rec->data_len, - padlen + 1); - correct = mbedtls_ct_bool_and(ge, correct); - padlen = mbedtls_ct_size_if_else_0(ge, padlen); - } else { -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (rec->data_len < transform->maclen + padlen + 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") < maclen (%" MBEDTLS_PRINTF_SIZET - ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", - rec->data_len, - transform->maclen, - padlen + 1)); - } -#endif - const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( - rec->data_len, - transform->maclen + padlen + 1); - correct = mbedtls_ct_bool_and(ge, correct); - padlen = mbedtls_ct_size_if_else_0(ge, padlen); - } - - padlen++; - - /* Regardless of the validity of the padding, - * we have data_len >= padlen here. */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* The padding check involves a series of up to 256 - * consecutive memory reads at the end of the record - * plaintext buffer. In order to hide the length and - * validity of the padding, always perform exactly - * `min(256,plaintext_len)` reads (but take into account - * only the last `padlen` bytes for the padding check). */ - size_t pad_count = 0; - volatile unsigned char * const check = data; - - /* Index of first padding byte; it has been ensured above - * that the subtraction is safe. */ - size_t const padding_idx = rec->data_len - padlen; - size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256; - size_t const start_idx = rec->data_len - num_checks; - size_t idx; - - for (idx = start_idx; idx < rec->data_len; idx++) { - /* pad_count += (idx >= padding_idx) && - * (check[idx] == padlen - 1); - */ - const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx); - size_t increment = mbedtls_ct_size_if_else_0(a, 1); - const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1); - increment = mbedtls_ct_size_if_else_0(b, increment); - pad_count += increment; - } - correct = mbedtls_ct_bool_and(mbedtls_ct_uint_eq(pad_count, padlen), correct); - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (padlen > 0 && correct == MBEDTLS_CT_FALSE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); - } -#endif - padlen = mbedtls_ct_size_if_else_0(correct, padlen); - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* If the padding was found to be invalid, padlen == 0 - * and the subtraction is safe. If the padding was found valid, - * padlen hasn't been changed and the previous assertion - * data_len >= padlen still holds. */ - rec->data_len -= padlen; - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF(4, "raw buffer after decryption", - data, rec->data_len); -#endif - - /* - * Authenticate if not done yet. - * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (auth_done == 0) { - unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 }; - unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 }; - - /* For CBC+MAC, If the initial value of padlen was such that - * data_len < maclen + padlen + 1, then padlen - * got reset to 1, and the initial check - * data_len >= minlen + maclen + 1 - * guarantees that at this point we still - * have at least data_len >= maclen. - * - * If the initial value of padlen was such that - * data_len >= maclen + padlen + 1, then we have - * subtracted either padlen + 1 (if the padding was correct) - * or 0 (if the padding was incorrect) since then, - * hence data_len >= maclen in any case. - * - * For stream ciphers, we checked above that - * data_len >= maclen. - */ - rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * The next two sizes are the minimum and maximum values of - * data_len over all padlen values. - * - * They're independent of padlen, since we previously did - * data_len -= padlen. - * - * Note that max_len + maclen is never more than the buffer - * length, as we previously did in_msglen -= maclen too. - */ - const size_t max_len = rec->data_len + padlen; - const size_t min_len = (max_len > 256) ? max_len - 256 : 0; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_ct_hmac(transform->psa_mac_dec, - transform->psa_mac_alg, - add_data, add_data_len, - data, rec->data_len, min_len, max_len, - mac_expect); -#else - ret = mbedtls_ct_hmac(&transform->md_ctx_dec, - add_data, add_data_len, - data, rec->data_len, min_len, max_len, - mac_expect); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret); - goto hmac_failed_etm_disabled; - } - - mbedtls_ct_memcpy_offset(mac_peer, data, - rec->data_len, - min_len, max_len, - transform->maclen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); - MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); -#endif - - if (mbedtls_ct_memcmp(mac_peer, mac_expect, - transform->maclen) != 0) { -#if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); -#endif - correct = MBEDTLS_CT_FALSE; - } - auth_done++; - -hmac_failed_etm_disabled: - mbedtls_platform_zeroize(mac_peer, transform->maclen); - mbedtls_platform_zeroize(mac_expect, transform->maclen); - if (ret != 0) { - return ret; - } - } - - /* - * Finally check the correct flag - */ - if (correct == MBEDTLS_CT_FALSE) { - return MBEDTLS_ERR_SSL_INVALID_MAC; - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - /* Make extra sure authentication was performed, exactly once */ - if (auth_done != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* Remove inner padding and infer true content type. */ - ret = ssl_parse_inner_plaintext(data, &rec->data_len, - &rec->type); - - if (ret != 0) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { - ret = ssl_parse_inner_plaintext(data, &rec->data_len, - &rec->type); - if (ret != 0) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= decrypt buf")); - - return 0; -} - -#undef MAC_NONE -#undef MAC_PLAINTEXT -#undef MAC_CIPHERTEXT - -/* - * Fill the input message buffer by appending data to it. - * The amount of data already fetched is in ssl->in_left. - * - * If we return 0, is it guaranteed that (at least) nb_want bytes are - * available (from this read and/or a previous one). Otherwise, an error code - * is returned (possibly EOF or WANT_READ). - * - * With stream transport (TLS) on success ssl->in_left == nb_want, but - * with datagram transport (DTLS) on success ssl->in_left >= nb_want, - * since we always read a whole datagram at once. - * - * For DTLS, it is up to the caller to set ssl->next_record_offset when - * they're done reading a record. - */ -int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> fetch input")); - - if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (nb_want > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("requesting more data than fits")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - uint32_t timeout; - - /* - * The point is, we need to always read a full datagram at once, so we - * sometimes read more then requested, and handle the additional data. - * It could be the rest of the current record (while fetching the - * header) and/or some other records in the same datagram. - */ - - /* - * Move to the next record in the already read datagram if applicable - */ - if (ssl->next_record_offset != 0) { - if (ssl->in_left < ssl->next_record_offset) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->in_left -= ssl->next_record_offset; - - if (ssl->in_left != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("next record in same datagram, offset: %" - MBEDTLS_PRINTF_SIZET, - ssl->next_record_offset)); - memmove(ssl->in_hdr, - ssl->in_hdr + ssl->next_record_offset, - ssl->in_left); - } - - ssl->next_record_offset = 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want)); - - /* - * Done if we already have enough data. - */ - if (nb_want <= ssl->in_left) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); - return 0; - } - - /* - * A record can't be split across datagrams. If we need to read but - * are not at the beginning of a new record, the caller did something - * wrong. - */ - if (ssl->in_left != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * Don't even try to read if time's out already. - * This avoids by-passing the timer when repeatedly receiving messages - * that will end up being dropped. - */ - if (mbedtls_ssl_check_timer(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired")); - ret = MBEDTLS_ERR_SSL_TIMEOUT; - } else { - len = in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf); - - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - timeout = ssl->handshake->retransmit_timeout; - } else { - timeout = ssl->conf->read_timeout; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("f_recv_timeout: %lu ms", (unsigned long) timeout)); - - if (ssl->f_recv_timeout != NULL) { - ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len, - timeout); - } else { - ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len); - } - - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - - if (ret == 0) { - return MBEDTLS_ERR_SSL_CONN_EOF; - } - } - - if (ret == MBEDTLS_ERR_SSL_TIMEOUT) { - MBEDTLS_SSL_DEBUG_MSG(2, ("timeout")); - mbedtls_ssl_set_timer(ssl, 0); - - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - if (ssl_double_retransmit_timeout(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake timeout")); - return MBEDTLS_ERR_SSL_TIMEOUT; - } - - if ((ret = mbedtls_ssl_resend(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); - return ret; - } - - return MBEDTLS_ERR_SSL_WANT_READ; - } -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", - ret); - return ret; - } - - return MBEDTLS_ERR_SSL_WANT_READ; - } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ - } - - if (ret < 0) { - return ret; - } - - ssl->in_left = ret; - } else -#endif - { - MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want)); - - while (ssl->in_left < nb_want) { - len = nb_want - ssl->in_left; - - if (mbedtls_ssl_check_timer(ssl) != 0) { - ret = MBEDTLS_ERR_SSL_TIMEOUT; - } else { - if (ssl->f_recv_timeout != NULL) { - ret = ssl->f_recv_timeout(ssl->p_bio, - ssl->in_hdr + ssl->in_left, len, - ssl->conf->read_timeout); - } else { - ret = ssl->f_recv(ssl->p_bio, - ssl->in_hdr + ssl->in_left, len); - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want)); - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - - if (ret == 0) { - return MBEDTLS_ERR_SSL_CONN_EOF; - } - - if (ret < 0) { - return ret; - } - - if ((size_t) ret > len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET - " were requested", - ret, len)); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->in_left += ret; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); - - return 0; -} - -/* - * Flush any data not yet written - */ -int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output")); - - if (ssl->f_send == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Avoid incrementing counter if data is flushed */ - if (ssl->out_left == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); - return 0; - } - - while (ssl->out_left > 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET - ", out_left: %" MBEDTLS_PRINTF_SIZET, - mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left)); - - buf = ssl->out_hdr - ssl->out_left; - ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left); - - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret); - - if (ret <= 0) { - return ret; - } - - if ((size_t) ret > ssl->out_left) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET - " bytes were sent", - ret, ssl->out_left)); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->out_left -= ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_hdr = ssl->out_buf; - } else -#endif - { - ssl->out_hdr = ssl->out_buf + 8; - } - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); - - return 0; -} - -/* - * Functions to handle the DTLS retransmission state machine - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) -/* - * Append current handshake message to current outgoing flight - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_flight_append(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_flight_item *msg; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_flight_append")); - MBEDTLS_SSL_DEBUG_BUF(4, "message appended to flight", - ssl->out_msg, ssl->out_msglen); - - /* Allocate space for current message */ - if ((msg = mbedtls_calloc(1, sizeof(mbedtls_ssl_flight_item))) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - sizeof(mbedtls_ssl_flight_item))); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - ssl->out_msglen)); - mbedtls_free(msg); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - /* Copy current handshake message with headers */ - memcpy(msg->p, ssl->out_msg, ssl->out_msglen); - msg->len = ssl->out_msglen; - msg->type = ssl->out_msgtype; - msg->next = NULL; - - /* Append to the current flight */ - if (ssl->handshake->flight == NULL) { - ssl->handshake->flight = msg; - } else { - mbedtls_ssl_flight_item *cur = ssl->handshake->flight; - while (cur->next != NULL) { - cur = cur->next; - } - cur->next = msg; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_flight_append")); - return 0; -} - -/* - * Free the current flight of handshake messages - */ -void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight) -{ - mbedtls_ssl_flight_item *cur = flight; - mbedtls_ssl_flight_item *next; - - while (cur != NULL) { - next = cur->next; - - mbedtls_free(cur->p); - mbedtls_free(cur); - - cur = next; - } -} - -/* - * Swap transform_out and out_ctr with the alternative ones - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_swap_epochs(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_transform *tmp_transform; - unsigned char tmp_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; - - if (ssl->transform_out == ssl->handshake->alt_transform_out) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip swap epochs")); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("swap epochs")); - - /* Swap transforms */ - tmp_transform = ssl->transform_out; - ssl->transform_out = ssl->handshake->alt_transform_out; - ssl->handshake->alt_transform_out = tmp_transform; - - /* Swap epoch + sequence_number */ - memcpy(tmp_out_ctr, ssl->cur_out_ctr, sizeof(tmp_out_ctr)); - memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, - sizeof(ssl->cur_out_ctr)); - memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr, - sizeof(ssl->handshake->alt_out_ctr)); - - /* Adjust to the newly activated transform */ - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - - return 0; -} - -/* - * Retransmit the current flight of messages. - */ -int mbedtls_ssl_resend(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_resend")); - - ret = mbedtls_ssl_flight_transmit(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_resend")); - - return ret; -} - -/* - * Transmit or retransmit the current flight of messages. - * - * Need to remember the current message in case flush_output returns - * WANT_WRITE, causing us to exit this function and come back later. - * This function must be called until state is no longer SENDING. - */ -int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_flight_transmit")); - - if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) { - MBEDTLS_SSL_DEBUG_MSG(2, ("initialise flight transmission")); - - ssl->handshake->cur_msg = ssl->handshake->flight; - ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; - ret = ssl_swap_epochs(ssl); - if (ret != 0) { - return ret; - } - - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; - } - - while (ssl->handshake->cur_msg != NULL) { - size_t max_frag_len; - const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg; - - int const is_finished = - (cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && - cur->p[0] == MBEDTLS_SSL_HS_FINISHED); - - int const force_flush = ssl->disable_datagram_packing == 1 ? - SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; - - /* Swap epochs before sending Finished: we can't do it after - * sending ChangeCipherSpec, in case write returns WANT_READ. - * Must be done before copying, may change out_msg pointer */ - if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("swap epochs to send finished message")); - ret = ssl_swap_epochs(ssl); - if (ret != 0) { - return ret; - } - } - - ret = ssl_get_remaining_payload_in_datagram(ssl); - if (ret < 0) { - return ret; - } - max_frag_len = (size_t) ret; - - /* CCS is copied as is, while HS messages may need fragmentation */ - if (cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - if (max_frag_len == 0) { - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - continue; - } - - memcpy(ssl->out_msg, cur->p, cur->len); - ssl->out_msglen = cur->len; - ssl->out_msgtype = cur->type; - - /* Update position inside current message */ - ssl->handshake->cur_msg_p += cur->len; - } else { - const unsigned char * const p = ssl->handshake->cur_msg_p; - const size_t hs_len = cur->len - 12; - const size_t frag_off = (size_t) (p - (cur->p + 12)); - const size_t rem_len = hs_len - frag_off; - size_t cur_hs_frag_len, max_hs_frag_len; - - if ((max_frag_len < 12) || (max_frag_len == 12 && hs_len != 0)) { - if (is_finished) { - ret = ssl_swap_epochs(ssl); - if (ret != 0) { - return ret; - } - } - - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - continue; - } - max_hs_frag_len = max_frag_len - 12; - - cur_hs_frag_len = rem_len > max_hs_frag_len ? - max_hs_frag_len : rem_len; - - if (frag_off == 0 && cur_hs_frag_len != hs_len) { - MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", - (unsigned) cur_hs_frag_len, - (unsigned) max_hs_frag_len)); - } - - /* Messages are stored with handshake headers as if not fragmented, - * copy beginning of headers then fill fragmentation fields. - * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ - memcpy(ssl->out_msg, cur->p, 6); - - ssl->out_msg[6] = MBEDTLS_BYTE_2(frag_off); - ssl->out_msg[7] = MBEDTLS_BYTE_1(frag_off); - ssl->out_msg[8] = MBEDTLS_BYTE_0(frag_off); - - ssl->out_msg[9] = MBEDTLS_BYTE_2(cur_hs_frag_len); - ssl->out_msg[10] = MBEDTLS_BYTE_1(cur_hs_frag_len); - ssl->out_msg[11] = MBEDTLS_BYTE_0(cur_hs_frag_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12); - - /* Copy the handshake message content and set records fields */ - memcpy(ssl->out_msg + 12, p, cur_hs_frag_len); - ssl->out_msglen = cur_hs_frag_len + 12; - ssl->out_msgtype = cur->type; - - /* Update position inside current message */ - ssl->handshake->cur_msg_p += cur_hs_frag_len; - } - - /* If done with the current message move to the next one if any */ - if (ssl->handshake->cur_msg_p >= cur->p + cur->len) { - if (cur->next != NULL) { - ssl->handshake->cur_msg = cur->next; - ssl->handshake->cur_msg_p = cur->next->p + 12; - } else { - ssl->handshake->cur_msg = NULL; - ssl->handshake->cur_msg_p = NULL; - } - } - - /* Actually send the message out */ - if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); - return ret; - } - } - - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - /* Update state and set timer */ - if (mbedtls_ssl_is_handshake_over(ssl) == 1) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_flight_transmit")); - - return 0; -} - -/* - * To be called when the last message of an incoming flight is received. - */ -void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl) -{ - /* We won't need to resend that one any more */ - mbedtls_ssl_flight_free(ssl->handshake->flight); - ssl->handshake->flight = NULL; - ssl->handshake->cur_msg = NULL; - - /* The next incoming flight will start with this msg_seq */ - ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; - - /* We don't want to remember CCS's across flight boundaries. */ - ssl->handshake->buffering.seen_ccs = 0; - - /* Clear future message buffering structure. */ - mbedtls_ssl_buffering_free(ssl); - - /* Cancel timer */ - mbedtls_ssl_set_timer(ssl, 0); - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; - } -} - -/* - * To be called when the last message of an outgoing flight is send. - */ -void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl) -{ - ssl_reset_retransmit_timeout(ssl); - mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - } -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/* - * Handshake layer functions - */ -int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type, - unsigned char **buf, size_t *buf_len) -{ - /* - * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 ) - * ... - * HandshakeType msg_type; - * uint24 length; - * ... - */ - *buf = ssl->out_msg + 4; - *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; - - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = hs_type; - - return 0; -} - -/* - * Write (DTLS: or queue) current handshake (including CCS) message. - * - * - fill in handshake headers - * - update handshake checksum - * - DTLS: save message for resending - * - then pass to the record layer - * - * DTLS: except for HelloRequest, messages are only queued, and will only be - * actually sent when calling flight_transmit() or resend(). - * - * Inputs: - * - ssl->out_msglen: 4 + actual handshake message len - * (4 is the size of handshake headers for TLS) - * - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc) - * - ssl->out_msg + 4: the handshake message body - * - * Outputs, ie state before passing to flight_append() or write_record(): - * - ssl->out_msglen: the length of the record contents - * (including handshake headers but excluding record headers) - * - ssl->out_msg: the record contents (handshake headers + content) - */ -int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, - int update_checksum, - int force_flush) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const size_t hs_len = ssl->out_msglen - 4; - const unsigned char hs_type = ssl->out_msg[0]; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message")); - - /* - * Sanity checks - */ - if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Whenever we send anything different from a - * HelloRequest we should be in a handshake - double check. */ - if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST) && - ssl->handshake == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif - - /* Double-check that we did not exceed the bounds - * of the outgoing record buffer. - * This should never fail as the various message - * writing functions must obey the bounds of the - * outgoing record buffer, but better be safe. - * - * Note: We deliberately do not check for the MTU or MFL here. - */ - if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: " - "size %" MBEDTLS_PRINTF_SIZET - ", maximum %" MBEDTLS_PRINTF_SIZET, - ssl->out_msglen, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * Fill handshake headers - */ - if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { - ssl->out_msg[1] = MBEDTLS_BYTE_2(hs_len); - ssl->out_msg[2] = MBEDTLS_BYTE_1(hs_len); - ssl->out_msg[3] = MBEDTLS_BYTE_0(hs_len); - - /* - * DTLS has additional fields in the Handshake layer, - * between the length field and the actual payload: - * uint16 message_seq; - * uint24 fragment_offset; - * uint24 fragment_length; - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Make room for the additional DTLS fields */ - if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS handshake message too large: " - "size %" MBEDTLS_PRINTF_SIZET ", maximum %" - MBEDTLS_PRINTF_SIZET, - hs_len, - (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - 12))); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len); - ssl->out_msglen += 8; - - /* Write message_seq and update it, except for HelloRequest */ - if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) { - MBEDTLS_PUT_UINT16_BE(ssl->handshake->out_msg_seq, ssl->out_msg, 4); - ++(ssl->handshake->out_msg_seq); - } else { - ssl->out_msg[4] = 0; - ssl->out_msg[5] = 0; - } - - /* Handshake hashes are computed without fragmentation, - * so set frag_offset = 0 and frag_len = hs_len for now */ - memset(ssl->out_msg + 6, 0x00, 3); - memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* Update running hashes of handshake messages seen */ - if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0) { - ret = ssl->handshake->update_checksum(ssl, ssl->out_msg, - ssl->out_msglen); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - } - } - - /* Either send now, or just save to be sent (and resent) later */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST)) { - if ((ret = ssl_flight_append(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_flight_append", ret); - return ret; - } - } else -#endif - { - if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_record", ret); - return ret; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write handshake message")); - - return 0; -} - -int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl, - size_t buf_len, size_t msg_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t msg_with_header_len; - ((void) buf_len); - - /* Add reserved 4 bytes for handshake header */ - msg_with_header_len = msg_len + 4; - ssl->out_msglen = msg_with_header_len; - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_handshake_msg_ext(ssl, 0, 0)); - -cleanup: - return ret; -} - -/* - * Record layer functions - */ - -/* - * Write current record. - * - * Uses: - * - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS) - * - ssl->out_msglen: length of the record content (excl headers) - * - ssl->out_msg: record content - */ -int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) -{ - int ret, done = 0; - size_t len = ssl->out_msglen; - int flush = force_flush; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write record")); - - if (!done) { - unsigned i; - size_t protected_record_size; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len; -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - /* Skip writing the record content type to after the encryption, - * as it may change when using the CID extension. */ - mbedtls_ssl_protocol_version tls_ver = ssl->tls_version; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* TLS 1.3 still uses the TLS 1.2 version identifier - * for backwards compatibility. */ - if (tls_ver == MBEDTLS_SSL_VERSION_TLS1_3) { - tls_ver = MBEDTLS_SSL_VERSION_TLS1_2; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - mbedtls_ssl_write_version(ssl->out_hdr + 1, ssl->conf->transport, - tls_ver); - - memcpy(ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); - MBEDTLS_PUT_UINT16_BE(len, ssl->out_len, 0); - - if (ssl->transform_out != NULL) { - mbedtls_record rec; - - rec.buf = ssl->out_iv; - rec.buf_len = out_buf_len - (size_t) (ssl->out_iv - ssl->out_buf); - rec.data_len = ssl->out_msglen; - rec.data_offset = (size_t) (ssl->out_msg - rec.buf); - - memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr)); - mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver); - rec.type = ssl->out_msgtype; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* The CID is set by mbedtls_ssl_encrypt_buf(). */ - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); - return ret; - } - - if (rec.data_offset != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Update the record content type and CID. */ - ssl->out_msgtype = rec.type; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - memcpy(ssl->out_cid, rec.cid, rec.cid_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_msglen = len = rec.data_len; - MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->out_len, 0); - } - - protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - /* In case of DTLS, double-check that we don't exceed - * the remaining space in the datagram. */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ret = ssl_get_remaining_space_in_datagram(ssl); - if (ret < 0) { - return ret; - } - - if (protected_record_size > (size_t) ret) { - /* Should never happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* Now write the potentially updated record content type. */ - ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; - - MBEDTLS_SSL_DEBUG_MSG(3, ("output record: msgtype = %u, " - "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, - ssl->out_hdr[0], ssl->out_hdr[1], - ssl->out_hdr[2], len)); - - MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", - ssl->out_hdr, protected_record_size); - - ssl->out_left += protected_record_size; - ssl->out_hdr += protected_record_size; - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - - for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) { - if (++ssl->cur_out_ctr[i - 1] != 0) { - break; - } - } - - /* The loop goes to its end if the counter is wrapping */ - if (i == mbedtls_ssl_ep_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("outgoing message counter would wrap")); - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - flush == SSL_DONT_FORCE_FLUSH) { - size_t remaining; - ret = ssl_get_remaining_payload_in_datagram(ssl); - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_remaining_payload_in_datagram", - ret); - return ret; - } - - remaining = (size_t) ret; - if (remaining == 0) { - flush = SSL_FORCE_FLUSH; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Still %u bytes available in current datagram", - (unsigned) remaining)); - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if ((flush == SSL_FORCE_FLUSH) && - (ret = mbedtls_ssl_flush_output(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write record")); - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl) -{ - if (ssl->in_msglen < ssl->in_hslen || - memcmp(ssl->in_msg + 6, "\0\0\0", 3) != 0 || - memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) { - return 1; - } - return 0; -} - -static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl) -{ - return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); -} - -static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl) -{ - return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_hs_header(mbedtls_ssl_context const *ssl) -{ - uint32_t msg_len, frag_off, frag_len; - - msg_len = ssl_get_hs_total_len(ssl); - frag_off = ssl_get_hs_frag_off(ssl); - frag_len = ssl_get_hs_frag_len(ssl); - - if (frag_off > msg_len) { - return -1; - } - - if (frag_len > msg_len - frag_off) { - return -1; - } - - if (frag_len + 12 > ssl->in_msglen) { - return -1; - } - - return 0; -} - -/* - * Mark bits in bitmask (used for DTLS HS reassembly) - */ -static void ssl_bitmask_set(unsigned char *mask, size_t offset, size_t len) -{ - unsigned int start_bits, end_bits; - - start_bits = 8 - (offset % 8); - if (start_bits != 8) { - size_t first_byte_idx = offset / 8; - - /* Special case */ - if (len <= start_bits) { - for (; len != 0; len--) { - mask[first_byte_idx] |= 1 << (start_bits - len); - } - - /* Avoid potential issues with offset or len becoming invalid */ - return; - } - - offset += start_bits; /* Now offset % 8 == 0 */ - len -= start_bits; - - for (; start_bits != 0; start_bits--) { - mask[first_byte_idx] |= 1 << (start_bits - 1); - } - } - - end_bits = len % 8; - if (end_bits != 0) { - size_t last_byte_idx = (offset + len) / 8; - - len -= end_bits; /* Now len % 8 == 0 */ - - for (; end_bits != 0; end_bits--) { - mask[last_byte_idx] |= 1 << (8 - end_bits); - } - } - - memset(mask + offset / 8, 0xFF, len / 8); -} - -/* - * Check that bitmask is full - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_bitmask_check(unsigned char *mask, size_t len) -{ - size_t i; - - for (i = 0; i < len / 8; i++) { - if (mask[i] != 0xFF) { - return -1; - } - } - - for (i = 0; i < len % 8; i++) { - if ((mask[len / 8] & (1 << (7 - i))) == 0) { - return -1; - } - } - - return 0; -} - -/* msg_len does not include the handshake header */ -static size_t ssl_get_reassembly_buffer_size(size_t msg_len, - unsigned add_bitmap) -{ - size_t alloc_len; - - alloc_len = 12; /* Handshake header */ - alloc_len += msg_len; /* Content buffer */ - - if (add_bitmap) { - alloc_len += msg_len / 8 + (msg_len % 8 != 0); /* Bitmap */ - - } - return alloc_len; -} - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) -{ - return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); -} - -int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) -{ - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - - MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" - " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" - MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - - if (ssl_check_hs_header(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - if (ssl->handshake != NULL && - ((mbedtls_ssl_is_handshake_over(ssl) == 0 && - recv_msg_seq != ssl->handshake->in_msg_seq) || - (mbedtls_ssl_is_handshake_over(ssl) == 1 && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) { - if (recv_msg_seq > ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(2, - ( - "received future handshake message of sequence number %u (next %u)", - recv_msg_seq, - ssl->handshake->in_msg_seq)); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } - - /* Retransmit only on last message from previous flight, to avoid - * too many retransmissions. - * Besides, No sane server ever retransmits HelloVerifyRequest */ - if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && - ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { - MBEDTLS_SSL_DEBUG_MSG(2, ("received message from last flight, " - "message_seq = %u, start_of_flight = %u", - recv_msg_seq, - ssl->handshake->in_flight_start_seq)); - - if ((ret = mbedtls_ssl_resend(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); - return ret; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("dropping out-of-sequence message: " - "message_seq = %u, expected = %u", - recv_msg_seq, - ssl->handshake->in_msg_seq)); - } - - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - /* Wait until message completion to increment in_msg_seq */ - - /* Message reassembly is handled alongside buffering of future - * messages; the commonality is that both handshake fragments and - * future messages cannot be forwarded immediately to the - * handshake logic layer. */ - if (ssl_hs_is_proper_fragment(ssl) == 1) { - MBEDTLS_SSL_DEBUG_MSG(2, ("found fragmented DTLS handshake message")); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* With TLS we don't handle fragmentation (for now) */ - if (ssl->in_msglen < ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - return 0; -} - -int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) { - ret = ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - } - - /* Handshake message is complete, increment counter */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL) { - unsigned offset; - mbedtls_ssl_hs_buffer *hs_buf; - - /* Increment handshake sequence number */ - hs->in_msg_seq++; - - /* - * Clear up handshake buffering and reassembly structure. - */ - - /* Free first entry */ - ssl_buffering_free_slot(ssl, 0); - - /* Shift all other entries */ - for (offset = 0, hs_buf = &hs->buffering.hs[0]; - offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; - offset++, hs_buf++) { - *hs_buf = *(hs_buf + 1); - } - - /* Create a fresh last entry */ - memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); - } -#endif - return 0; -} - -/* - * DTLS anti-replay: RFC 6347 4.1.2.6 - * - * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). - * Bit n is set iff record number in_window_top - n has been seen. - * - * Usually, in_window_top is the last record number seen and the lsb of - * in_window is set. The only exception is the initial state (record number 0 - * not seen yet). - */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl) -{ - ssl->in_window_top = 0; - ssl->in_window = 0; -} - -static inline uint64_t ssl_load_six_bytes(unsigned char *buf) -{ - return ((uint64_t) buf[0] << 40) | - ((uint64_t) buf[1] << 32) | - ((uint64_t) buf[2] << 24) | - ((uint64_t) buf[3] << 16) | - ((uint64_t) buf[4] << 8) | - ((uint64_t) buf[5]); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *original_in_ctr; - - // save original in_ctr - original_in_ctr = ssl->in_ctr; - - // use counter from record - ssl->in_ctr = record_in_ctr; - - ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl); - - // restore the counter - ssl->in_ctr = original_in_ctr; - - return ret; -} - -/* - * Return 0 if sequence number is acceptable, -1 otherwise - */ -int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl) -{ - uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); - uint64_t bit; - - if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) { - return 0; - } - - if (rec_seqnum > ssl->in_window_top) { - return 0; - } - - bit = ssl->in_window_top - rec_seqnum; - - if (bit >= 64) { - return -1; - } - - if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) { - return -1; - } - - return 0; -} - -/* - * Update replay window on new validated record - */ -void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl) -{ - uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); - - if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) { - return; - } - - if (rec_seqnum > ssl->in_window_top) { - /* Update window_top and the contents of the window */ - uint64_t shift = rec_seqnum - ssl->in_window_top; - - if (shift >= 64) { - ssl->in_window = 1; - } else { - ssl->in_window <<= shift; - ssl->in_window |= 1; - } - - ssl->in_window_top = rec_seqnum; - } else { - /* Mark that number as seen in the current window */ - uint64_t bit = ssl->in_window_top - rec_seqnum; - - if (bit < 64) { /* Always true, but be extra sure */ - ssl->in_window |= (uint64_t) 1 << bit; - } - } -} -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) -/* - * Check if a datagram looks like a ClientHello with a valid cookie, - * and if it doesn't, generate a HelloVerifyRequest message. - * Both input and output include full DTLS headers. - * - * - if cookie is valid, return 0 - * - if ClientHello looks superficially valid but cookie is not, - * fill obuf and set olen, then - * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED - * - otherwise return a specific error code - */ -MBEDTLS_CHECK_RETURN_CRITICAL -MBEDTLS_STATIC_TESTABLE -int mbedtls_ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_context *ssl, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen) -{ - size_t sid_len, cookie_len, epoch, fragment_offset; - unsigned char *p; - - /* - * Structure of ClientHello with record and handshake headers, - * and expected values. We don't need to check a lot, more checks will be - * done when actually parsing the ClientHello - skipping those checks - * avoids code duplication and does not make cookie forging any easier. - * - * 0-0 ContentType type; copied, must be handshake - * 1-2 ProtocolVersion version; copied - * 3-4 uint16 epoch; copied, must be 0 - * 5-10 uint48 sequence_number; copied - * 11-12 uint16 length; (ignored) - * - * 13-13 HandshakeType msg_type; (ignored) - * 14-16 uint24 length; (ignored) - * 17-18 uint16 message_seq; copied - * 19-21 uint24 fragment_offset; copied, must be 0 - * 22-24 uint24 fragment_length; (ignored) - * - * 25-26 ProtocolVersion client_version; (ignored) - * 27-58 Random random; (ignored) - * 59-xx SessionID session_id; 1 byte len + sid_len content - * 60+ opaque cookie<0..2^8-1>; 1 byte len + content - * ... - * - * Minimum length is 61 bytes. - */ - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: in_len=%u", - (unsigned) in_len)); - MBEDTLS_SSL_DEBUG_BUF(4, "cli_id", cli_id, cli_id_len); - if (in_len < 61) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: record too short")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - epoch = MBEDTLS_GET_UINT16_BE(in, 3); - fragment_offset = MBEDTLS_GET_UINT24_BE(in, 19); - - if (in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || epoch != 0 || - fragment_offset != 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: not a good ClientHello")); - MBEDTLS_SSL_DEBUG_MSG(4, (" type=%u epoch=%u fragment_offset=%u", - in[0], (unsigned) epoch, - (unsigned) fragment_offset)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - sid_len = in[59]; - if (59 + 1 + sid_len + 1 > in_len) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: sid_len=%u > %u", - (unsigned) sid_len, - (unsigned) in_len - 61)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - MBEDTLS_SSL_DEBUG_BUF(4, "sid received from network", - in + 60, sid_len); - - cookie_len = in[60 + sid_len]; - if (59 + 1 + sid_len + 1 + cookie_len > in_len) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: cookie_len=%u > %u", - (unsigned) cookie_len, - (unsigned) (in_len - sid_len - 61))); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "cookie received from network", - in + sid_len + 61, cookie_len); - if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, - in + sid_len + 61, cookie_len, - cli_id, cli_id_len) == 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: valid")); - return 0; - } - - /* - * If we get here, we've got an invalid cookie, let's prepare HVR. - * - * 0-0 ContentType type; copied - * 1-2 ProtocolVersion version; copied - * 3-4 uint16 epoch; copied - * 5-10 uint48 sequence_number; copied - * 11-12 uint16 length; olen - 13 - * - * 13-13 HandshakeType msg_type; hello_verify_request - * 14-16 uint24 length; olen - 25 - * 17-18 uint16 message_seq; copied - * 19-21 uint24 fragment_offset; copied - * 22-24 uint24 fragment_length; olen - 25 - * - * 25-26 ProtocolVersion server_version; 0xfe 0xff - * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie - * - * Minimum length is 28. - */ - if (buf_len < 28) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* Copy most fields and adapt others */ - memcpy(obuf, in, 25); - obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - obuf[25] = 0xfe; - obuf[26] = 0xff; - - /* Generate and write actual cookie */ - p = obuf + 28; - if (ssl->conf->f_cookie_write(ssl->conf->p_cookie, - &p, obuf + buf_len, - cli_id, cli_id_len) != 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - *olen = (size_t) (p - obuf); - - /* Go back and fill length fields */ - obuf[27] = (unsigned char) (*olen - 28); - - obuf[14] = obuf[22] = MBEDTLS_BYTE_2(*olen - 25); - obuf[15] = obuf[23] = MBEDTLS_BYTE_1(*olen - 25); - obuf[16] = obuf[24] = MBEDTLS_BYTE_0(*olen - 25); - - MBEDTLS_PUT_UINT16_BE(*olen - 13, obuf, 11); - - return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED; -} - -/* - * Handle possible client reconnect with the same UDP quadruplet - * (RFC 6347 Section 4.2.8). - * - * Called by ssl_parse_record_header() in case we receive an epoch 0 record - * that looks like a ClientHello. - * - * - if the input looks like a ClientHello without cookies, - * send back HelloVerifyRequest, then return 0 - * - if the input looks like a ClientHello with a valid cookie, - * reset the session of the current context, and - * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT - * - if anything goes wrong, return a specific error code - * - * This function is called (through ssl_check_client_reconnect()) when an - * unexpected record is found in ssl_get_next_record(), which will discard the - * record if we return 0, and bubble up the return value otherwise (this - * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected - * errors, and is the right thing to do in both cases). - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - if (ssl->conf->f_cookie_write == NULL || - ssl->conf->f_cookie_check == NULL) { - /* If we can't use cookies to verify reachability of the peer, - * drop the record. */ - MBEDTLS_SSL_DEBUG_MSG(1, ("no cookie callbacks, " - "can't check reconnect validity")); - return 0; - } - - ret = mbedtls_ssl_check_dtls_clihlo_cookie( - ssl, - ssl->cli_id, ssl->cli_id_len, - ssl->in_buf, ssl->in_left, - ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len); - - MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - int send_ret; - MBEDTLS_SSL_DEBUG_MSG(1, ("sending HelloVerifyRequest")); - MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", - ssl->out_buf, len); - /* Don't check write errors as we can't do anything here. - * If the error is permanent we'll catch it later, - * if it's not, then hopefully it'll work next time. */ - send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len); - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret); - (void) send_ret; - - return 0; - } - - if (ret == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cookie is valid, resetting context")); - if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "reset", ret); - return ret; - } - - return MBEDTLS_ERR_SSL_CLIENT_RECONNECT; - } - - return ret; -} -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_record_type(uint8_t record_type) -{ - if (record_type != MBEDTLS_SSL_MSG_HANDSHAKE && - record_type != MBEDTLS_SSL_MSG_ALERT && - record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - return 0; -} - -/* - * ContentType type; - * ProtocolVersion version; - * uint16 epoch; // DTLS only - * uint48 sequence_number; // DTLS only - * uint16 length; - * - * Return 0 if header looks sane (and, for DTLS, the record is expected) - * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad, - * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected. - * - * With DTLS, mbedtls_ssl_read_record() will: - * 1. proceed with the record if this function returns 0 - * 2. drop only the current record if this function returns UNEXPECTED_RECORD - * 3. return CLIENT_RECONNECT if this function return that value - * 4. drop the whole datagram if this function returns anything else. - * Point 2 is needed when the peer is resending, and we have already received - * the first record from a datagram but are still waiting for the others. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec) -{ - mbedtls_ssl_protocol_version tls_version; - - size_t const rec_hdr_type_offset = 0; - size_t const rec_hdr_type_len = 1; - - size_t const rec_hdr_version_offset = rec_hdr_type_offset + - rec_hdr_type_len; - size_t const rec_hdr_version_len = 2; - - size_t const rec_hdr_ctr_len = 8; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint32_t rec_epoch; - size_t const rec_hdr_ctr_offset = rec_hdr_version_offset + - rec_hdr_version_len; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - size_t const rec_hdr_cid_offset = rec_hdr_ctr_offset + - rec_hdr_ctr_len; - size_t rec_hdr_cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - size_t rec_hdr_len_offset; /* To be determined */ - size_t const rec_hdr_len_len = 2; - - /* - * Check minimum lengths for record header. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len; - } - - if (len < rec_hdr_len_offset + rec_hdr_len_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "datagram of length %u too small to hold DTLS record header of length %u", - (unsigned) len, - (unsigned) (rec_hdr_len_len + rec_hdr_len_len))); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* - * Parse and validate record content type - */ - - rec->type = buf[rec_hdr_type_offset]; - - /* Check record content type */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec->cid_len = 0; - - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->cid_len != 0 && - rec->type == MBEDTLS_SSL_MSG_CID) { - /* Shift pointers to account for record header including CID - * struct { - * ContentType outer_type = tls12_cid; - * ProtocolVersion version; - * uint16 epoch; - * uint48 sequence_number; - * opaque cid[cid_length]; // Additional field compared to - * // default DTLS record format - * uint16 length; - * opaque enc_content[DTLSCiphertext.length]; - * } DTLSCiphertext; - */ - - /* So far, we only support static CID lengths - * fixed in the configuration. */ - rec_hdr_cid_len = ssl->conf->cid_len; - rec_hdr_len_offset += rec_hdr_cid_len; - - if (len < rec_hdr_len_offset + rec_hdr_len_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "datagram of length %u too small to hold DTLS record header including CID, length %u", - (unsigned) len, - (unsigned) (rec_hdr_len_offset + rec_hdr_len_len))); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* configured CID len is guaranteed at most 255, see - * MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */ - rec->cid_len = (uint8_t) rec_hdr_cid_len; - memcpy(rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len); - } else -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - { - if (ssl_check_record_type(rec->type)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type %u", - (unsigned) rec->type)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } - - /* - * Parse and validate record version - */ - rec->ver[0] = buf[rec_hdr_version_offset + 0]; - rec->ver[1] = buf[rec_hdr_version_offset + 1]; - tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version( - buf + rec_hdr_version_offset, - ssl->conf->transport); - - if (tls_version > ssl->conf->max_tls_version) { - MBEDTLS_SSL_DEBUG_MSG(1, ("TLS version mismatch: got %u, expected max %u", - (unsigned) tls_version, - (unsigned) ssl->conf->max_tls_version)); - - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - /* - * Parse/Copy record sequence number. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Copy explicit record sequence number from input buffer. */ - memcpy(&rec->ctr[0], buf + rec_hdr_ctr_offset, - rec_hdr_ctr_len); - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - /* Copy implicit record sequence number from SSL context structure. */ - memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len); - } - - /* - * Parse record length. - */ - - rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = MBEDTLS_GET_UINT16_BE(buf, rec_hdr_len_offset); - MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset); - - MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, " - "version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET, - rec->type, (unsigned) tls_version, rec->data_len)); - - rec->buf = buf; - rec->buf_len = rec->data_offset + rec->data_len; - - if (rec->data_len == 0) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* - * DTLS-related tests. - * Check epoch before checking length constraint because - * the latter varies with the epoch. E.g., if a ChangeCipherSpec - * message gets duplicated before the corresponding Finished message, - * the second ChangeCipherSpec should be discarded because it belongs - * to an old epoch, but not because its length is shorter than - * the minimum record length for packets using the new record transform. - * Note that these two kinds of failures are handled differently, - * as an unexpected record is silently skipped but an invalid - * record leads to the entire datagram being dropped. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - rec_epoch = MBEDTLS_GET_UINT16_BE(rec->ctr, 0); - - /* Check that the datagram is large enough to contain a record - * of the advertised length. */ - if (len < rec->data_offset + rec->data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "Datagram of length %u too small to contain record of advertised length %u.", - (unsigned) len, - (unsigned) (rec->data_offset + rec->data_len))); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* Records from other, non-matching epochs are silently discarded. - * (The case of same-port Client reconnects must be considered in - * the caller). */ - if (rec_epoch != ssl->in_epoch) { - MBEDTLS_SSL_DEBUG_MSG(1, ("record from another epoch: " - "expected %u, received %lu", - ssl->in_epoch, (unsigned long) rec_epoch)); - - /* Records from the next epoch are considered for buffering - * (concretely: early Finished messages). */ - if (rec_epoch == (unsigned) ssl->in_epoch + 1) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Consider record for buffering")); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } - - return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - /* For records from the correct epoch, check whether their - * sequence number has been seen before. */ - else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl, - &rec->ctr[0]) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record")); - return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } -#endif - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - return 0; -} - - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl) -{ - unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0); - - /* - * Check for an epoch 0 ClientHello. We can't use in_msg here to - * access the first byte of record content (handshake type), as we - * have an active transform (possibly iv_len != 0), so use the - * fact that the record header len is 13 instead. - */ - if (rec_epoch == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - mbedtls_ssl_is_handshake_over(ssl) == 1 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_left > 13 && - ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("possible client reconnect " - "from the same port")); - return ssl_handle_possible_reconnect(ssl); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ - -/* - * If applicable, decrypt record content - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, - mbedtls_record *rec) -{ - int ret, done = 0; - - MBEDTLS_SSL_DEBUG_BUF(4, "input record from network", - rec->buf, rec->buf_len); - - /* - * In TLS 1.3, always treat ChangeCipherSpec records - * as unencrypted. The only thing we do with them is - * check the length and content and ignore them. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->transform_in != NULL && - ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - if (rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - done = 1; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (!done && ssl->transform_in != NULL) { - unsigned char const old_msg_type = rec->type; - - if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, - rec)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - /* - * Although the server rejected early data, it might receive early - * data as long as it has not received the client Finished message. - * It is encrypted with early keys and should be ignored as stated - * in section 4.2.10 of RFC 8446: - * - * "Ignore the extension and return a regular 1-RTT response. The - * server then skips past early data by attempting to deprotect - * received records using the handshake traffic key, discarding - * records which fail deprotection (up to the configured - * max_early_data_size). Once a record is deprotected successfully, - * it is treated as the start of the client's second flight and the - * server proceeds as with an ordinary 1-RTT handshake." - */ - if ((old_msg_type == MBEDTLS_SSL_MSG_APPLICATION_DATA) && - (ssl->discard_early_data_record == - MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("EarlyData: deprotect and discard app data records.")); - - ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len); - if (ret != 0) { - return ret; - } - ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && - ssl->conf->ignore_unexpected_cid - == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ignoring unexpected CID")); - ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * The decryption of the record failed, no reason to ignore it, - * return in error with the decryption error code. - */ - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - /* - * If the server were discarding protected records that it fails to - * deprotect because it has rejected early data, as we have just - * deprotected successfully a record, the server has to resume normal - * operation and fail the connection if the deprotection of a record - * fails. - */ - if (ssl->discard_early_data_record == - MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD) { - ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ - - if (old_msg_type != rec->type) { - MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d", - old_msg_type, rec->type)); - } - - MBEDTLS_SSL_DEBUG_BUF(4, "input payload after decrypt", - rec->buf + rec->data_offset, rec->data_len); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* We have already checked the record content type - * in ssl_parse_record_header(), failing or silently - * dropping the record in the case of an unknown type. - * - * Since with the use of CIDs, the record content type - * might change during decryption, re-check the record - * content type, but treat a failure as fatal this time. */ - if (ssl_check_record_type(rec->type)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if (rec->data_len == 0) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 - && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - ssl->nb_zero++; - - /* - * Three or more empty messages may be a DoS attack - * (excessive CPU consumption). - */ - if (ssl->nb_zero > 3) { - MBEDTLS_SSL_DEBUG_MSG(1, ("received four consecutive empty " - "messages, possible DoS attack")); - /* Treat the records as if they were not properly authenticated, - * thereby failing the connection if we see more than allowed - * by the configured bad MAC threshold. */ - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - } else { - ssl->nb_zero = 0; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ; /* in_ctr read from peer, not maintained internally */ - } else -#endif - { - unsigned i; - for (i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - i > mbedtls_ssl_ep_len(ssl); i--) { - if (++ssl->in_ctr[i - 1] != 0) { - break; - } - } - - /* The loop goes to its end iff the counter is wrapping */ - if (i == mbedtls_ssl_ep_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("incoming message counter would wrap")); - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } - - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - /* - * Although the server rejected early data because it needed to send an - * HelloRetryRequest message, it might receive early data as long as it has - * not received the client Finished message. - * The early data is encrypted with early keys and should be ignored as - * stated in section 4.2.10 of RFC 8446 (second case): - * - * "The server then ignores early data by skipping all records with an - * external content type of "application_data" (indicating that they are - * encrypted), up to the configured max_early_data_size. Ignore application - * data message before 2nd ClientHello when early_data was received in 1st - * ClientHello." - */ - if (ssl->discard_early_data_record == MBEDTLS_SSL_EARLY_DATA_DISCARD) { - if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - - ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len); - if (ret != 0) { - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG( - 3, ("EarlyData: Ignore application message before 2nd ClientHello")); - - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) { - ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; - } - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_dtls_replay_update(ssl); - } -#endif - - /* Check actual (decrypted) record content length against - * configured maximum. */ - if (rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - return 0; -} - -/* - * Read a record. - * - * Silently ignore non-fatal alert (and for DTLS, invalid records as well, - * RFC 6347 4.1.2.7) and continue reading until a valid record is found. - * - */ - -/* Helper functions for mbedtls_ssl_read_record(). */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_consume_current_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_next_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl); - -int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, - unsigned update_hs_digest) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> read record")); - - if (ssl->keep_current_message == 0) { - do { - - ret = ssl_consume_current_message(ssl); - if (ret != 0) { - return ret; - } - - if (ssl_record_is_in_progress(ssl) == 0) { - int dtls_have_buffered = 0; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - - /* We only check for buffered messages if the - * current datagram is fully consumed. */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl_next_record_is_in_datagram(ssl) == 0) { - if (ssl_load_buffered_message(ssl) == 0) { - dtls_have_buffered = 1; - } - } - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - if (dtls_have_buffered == 0) { - ret = ssl_get_next_record(ssl); - if (ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) { - continue; - } - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_get_next_record"), ret); - return ret; - } - } - } - - ret = mbedtls_ssl_handle_message_type(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { - /* Buffer future message */ - ret = ssl_buffer_message(ssl); - if (ret != 0) { - return ret; - } - - ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - } while (MBEDTLS_ERR_SSL_NON_FATAL == ret || - MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret); - - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_handle_message_type"), ret); - return ret; - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - update_hs_digest == 1) { - ret = mbedtls_ssl_update_handshake_status(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); - return ret; - } - } - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message")); - ssl->keep_current_message = 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= read record")); - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl) -{ - if (ssl->in_left > ssl->next_record_offset) { - return 1; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer *hs_buf; - int ret = 0; - - if (hs == NULL) { - return -1; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_message")); - - if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || - ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { - /* Check if we have seen a ChangeCipherSpec before. - * If yes, synthesize a CCS record. */ - if (!hs->buffering.seen_ccs) { - MBEDTLS_SSL_DEBUG_MSG(2, ("CCS not seen in the current flight")); - ret = -1; - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Injecting buffered CCS message")); - ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; - ssl->in_msglen = 1; - ssl->in_msg[0] = 1; - - /* As long as they are equal, the exact value doesn't matter. */ - ssl->in_left = 0; - ssl->next_record_offset = 0; - - hs->buffering.seen_ccs = 0; - goto exit; - } - -#if defined(MBEDTLS_DEBUG_C) - /* Debug only */ - { - unsigned offset; - for (offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { - hs_buf = &hs->buffering.hs[offset]; - if (hs_buf->is_valid == 1) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Future message with sequence number %u %s buffered.", - hs->in_msg_seq + offset, - hs_buf->is_complete ? "fully" : "partially")); - } - } - } -#endif /* MBEDTLS_DEBUG_C */ - - /* Check if we have buffered and/or fully reassembled the - * next handshake message. */ - hs_buf = &hs->buffering.hs[0]; - if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) { - /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = MBEDTLS_GET_UINT24_BE(hs_buf->data, 1); - - /* Double-check that we haven't accidentally buffered - * a message that doesn't fit into the input buffer. */ - if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); - MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", - hs_buf->data, msg_len + 12); - - ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->in_hslen = msg_len + 12; - ssl->in_msglen = msg_len + 12; - memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen); - - ret = 0; - goto exit; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered", - hs->in_msg_seq)); - } - - ret = -1; - -exit: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_message")); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_make_space(mbedtls_ssl_context *ssl, - size_t desired) -{ - int offset; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - MBEDTLS_SSL_DEBUG_MSG(2, ("Attempt to free buffered messages to have %u bytes available", - (unsigned) desired)); - - /* Get rid of future records epoch first, if such exist. */ - ssl_free_buffered_record(ssl); - - /* Check if we have enough space available now. */ - if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing future epoch record")); - return 0; - } - - /* We don't have enough space to buffer the next expected handshake - * message. Remove buffers used for future messages to gain space, - * starting with the most distant one. */ - for (offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; - offset >= 0; offset--) { - MBEDTLS_SSL_DEBUG_MSG(2, - ( - "Free buffering slot %d to make space for reassembly of next handshake message", - offset)); - - ssl_buffering_free_slot(ssl, (uint8_t) offset); - - /* Check if we have enough space available now. */ - if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing buffered HS messages")); - return 0; - } - } - - return -1; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_message(mbedtls_ssl_context *ssl) -{ - int ret = 0; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - if (hs == NULL) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_buffer_message")); - - switch (ssl->in_msgtype) { - case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: - MBEDTLS_SSL_DEBUG_MSG(2, ("Remember CCS message")); - - hs->buffering.seen_ccs = 1; - break; - - case MBEDTLS_SSL_MSG_HANDSHAKE: - { - unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - mbedtls_ssl_hs_buffer *hs_buf; - size_t msg_len = ssl->in_hslen - 12; - - /* We should never receive an old handshake - * message - double-check nonetheless. */ - if (recv_msg_seq < ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq; - if (recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS) { - /* Silently ignore -- message too far in the future */ - MBEDTLS_SSL_DEBUG_MSG(2, - ("Ignore future HS message with sequence number %u, " - "buffering window %u - %u", - recv_msg_seq, ssl->handshake->in_msg_seq, - ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - - 1)); - - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering HS message with sequence number %u, offset %u ", - recv_msg_seq, recv_msg_seq_offset)); - - hs_buf = &hs->buffering.hs[recv_msg_seq_offset]; - - /* Check if the buffering for this seq nr has already commenced. */ - if (!hs_buf->is_valid) { - size_t reassembly_buf_sz; - - hs_buf->is_fragmented = - (ssl_hs_is_proper_fragment(ssl) == 1); - - /* We copy the message back into the input buffer - * after reassembly, so check that it's not too large. - * This is an implementation-specific limitation - * and not one from the standard, hence it is not - * checked in ssl_check_hs_header(). */ - if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { - /* Ignore message */ - goto exit; - } - - /* Check if we have enough space to buffer the message. */ - if (hs->buffering.total_bytes_buffered > - MBEDTLS_SSL_DTLS_MAX_BUFFERING) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - reassembly_buf_sz = ssl_get_reassembly_buffer_size(msg_len, - hs_buf->is_fragmented); - - if (reassembly_buf_sz > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - if (recv_msg_seq_offset > 0) { - /* If we can't buffer a future message because - * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG(2, - ("Buffering of future message of size %" - MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" - MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - goto exit; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Buffering of future message of size %" - MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" - MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- attempt to make space by freeing buffered future messages\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - } - - if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Reassembly of next message of size %" - MBEDTLS_PRINTF_SIZET - " (%" MBEDTLS_PRINTF_SIZET - " with bitmap) would exceed" - " the compile-time limit %" - MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- fail\n", - msg_len, - reassembly_buf_sz, - (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - goto exit; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, - ("initialize reassembly, total length = %" - MBEDTLS_PRINTF_SIZET, - msg_len)); - - hs_buf->data = mbedtls_calloc(1, reassembly_buf_sz); - if (hs_buf->data == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - hs_buf->data_len = reassembly_buf_sz; - - /* Prepare final header: copy msg_type, length and message_seq, - * then add standardised fragment_offset and fragment_length */ - memcpy(hs_buf->data, ssl->in_msg, 6); - memset(hs_buf->data + 6, 0, 3); - memcpy(hs_buf->data + 9, hs_buf->data + 1, 3); - - hs_buf->is_valid = 1; - - hs->buffering.total_bytes_buffered += reassembly_buf_sz; - } else { - /* Make sure msg_type and length are consistent */ - if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Fragment header mismatch - ignore")); - /* Ignore */ - goto exit; - } - } - - if (!hs_buf->is_complete) { - size_t frag_len, frag_off; - unsigned char * const msg = hs_buf->data + 12; - - /* - * Check and copy current fragment - */ - - /* Validation of header fields already done in - * mbedtls_ssl_prepare_handshake_record(). */ - frag_off = ssl_get_hs_frag_off(ssl); - frag_len = ssl_get_hs_frag_len(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("adding fragment, offset = %" MBEDTLS_PRINTF_SIZET - ", length = %" MBEDTLS_PRINTF_SIZET, - frag_off, frag_len)); - memcpy(msg + frag_off, ssl->in_msg + 12, frag_len); - - if (hs_buf->is_fragmented) { - unsigned char * const bitmask = msg + msg_len; - ssl_bitmask_set(bitmask, frag_off, frag_len); - hs_buf->is_complete = (ssl_bitmask_check(bitmask, - msg_len) == 0); - } else { - hs_buf->is_complete = 1; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("message %scomplete", - hs_buf->is_complete ? "" : "not yet ")); - } - - break; - } - - default: - /* We don't buffer other types of messages. */ - break; - } - -exit: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_buffer_message")); - return ret; -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_consume_current_message(mbedtls_ssl_context *ssl) -{ - /* - * Consume last content-layer message and potentially - * update in_msglen which keeps track of the contents' - * consumption state. - * - * (1) Handshake messages: - * Remove last handshake message, move content - * and adapt in_msglen. - * - * (2) Alert messages: - * Consume whole record content, in_msglen = 0. - * - * (3) Change cipher spec: - * Consume whole record content, in_msglen = 0. - * - * (4) Application data: - * Don't do anything - the record layer provides - * the application data as a stream transport - * and consumes through mbedtls_ssl_read only. - * - */ - - /* Case (1): Handshake messages */ - if (ssl->in_hslen != 0) { - /* Hard assertion to be sure that no application data - * is in flight, as corrupting ssl->in_msglen during - * ssl->in_offt != NULL is fatal. */ - if (ssl->in_offt != NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * Get next Handshake message in the current record - */ - - /* Notes: - * (1) in_hslen is not necessarily the size of the - * current handshake content: If DTLS handshake - * fragmentation is used, that's the fragment - * size instead. Using the total handshake message - * size here is faulty and should be changed at - * some point. - * (2) While it doesn't seem to cause problems, one - * has to be very careful not to assume that in_hslen - * is always <= in_msglen in a sensible communication. - * Again, it's wrong for DTLS handshake fragmentation. - * The following check is therefore mandatory, and - * should not be treated as a silently corrected assertion. - * Additionally, ssl->in_hslen might be arbitrarily out of - * bounds after handling a DTLS message with an unexpected - * sequence number, see mbedtls_ssl_prepare_handshake_record. - */ - if (ssl->in_hslen < ssl->in_msglen) { - ssl->in_msglen -= ssl->in_hslen; - memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, - ssl->in_msglen); - - MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", - ssl->in_msg, ssl->in_msglen); - } else { - ssl->in_msglen = 0; - } - - ssl->in_hslen = 0; - } - /* Case (4): Application data */ - else if (ssl->in_offt != NULL) { - return 0; - } - /* Everything else (CCS & Alerts) */ - else { - ssl->in_msglen = 0; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl) -{ - if (ssl->in_msglen > 0) { - return 1; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -static void ssl_free_buffered_record(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if (hs == NULL) { - return; - } - - if (hs->buffering.future_record.data != NULL) { - hs->buffering.total_bytes_buffered -= - hs->buffering.future_record.len; - - mbedtls_free(hs->buffering.future_record.data); - hs->buffering.future_record.data = NULL; - } -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_record(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - unsigned char *rec; - size_t rec_len; - unsigned rec_epoch; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } - - if (hs == NULL) { - return 0; - } - - rec = hs->buffering.future_record.data; - rec_len = hs->buffering.future_record.len; - rec_epoch = hs->buffering.future_record.epoch; - - if (rec == NULL) { - return 0; - } - - /* Only consider loading future records if the - * input buffer is empty. */ - if (ssl_next_record_is_in_datagram(ssl) == 1) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_record")); - - if (rec_epoch != ssl->in_epoch) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffered record not from current epoch.")); - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Found buffered record from current epoch - load")); - - /* Double-check that the record is not too large */ - if (rec_len > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(ssl->in_hdr, rec, rec_len); - ssl->in_left = rec_len; - ssl->next_record_offset = 0; - - ssl_free_buffered_record(ssl); - -exit: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_record")); - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, - mbedtls_record const *rec) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - /* Don't buffer future records outside handshakes. */ - if (hs == NULL) { - return 0; - } - - /* Only buffer handshake records (we are only interested - * in Finished messages). */ - if (rec->type != MBEDTLS_SSL_MSG_HANDSHAKE) { - return 0; - } - - /* Don't buffer more than one future epoch record. */ - if (hs->buffering.future_record.data != NULL) { - return 0; - } - - /* Don't buffer record if there's not enough buffering space remaining. */ - if (rec->buf_len > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - return 0; - } - - /* Buffer record */ - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffer record from epoch %u", - ssl->in_epoch + 1U)); - MBEDTLS_SSL_DEBUG_BUF(3, "Buffered record", rec->buf, rec->buf_len); - - /* ssl_parse_record_header() only considers records - * of the next epoch as candidates for buffering. */ - hs->buffering.future_record.epoch = ssl->in_epoch + 1; - hs->buffering.future_record.len = rec->buf_len; - - hs->buffering.future_record.data = - mbedtls_calloc(1, hs->buffering.future_record.len); - if (hs->buffering.future_record.data == NULL) { - /* If we run out of RAM trying to buffer a - * record from the next epoch, just ignore. */ - return 0; - } - - memcpy(hs->buffering.future_record.data, rec->buf, rec->buf_len); - - hs->buffering.total_bytes_buffered += rec->buf_len; - return 0; -} - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_next_record(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_record rec; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - /* We might have buffered a future record; if so, - * and if the epoch matches now, load it. - * On success, this call will set ssl->in_left to - * the length of the buffered record, so that - * the calls to ssl_fetch_input() below will - * essentially be no-ops. */ - ret = ssl_load_buffered_record(ssl); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* Ensure that we have enough space available for the default form - * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS, - * with no space for CIDs counted in). */ - ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl)); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec); - if (ret != 0) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { - ret = ssl_buffer_future_record(ssl, &rec); - if (ret != 0) { - return ret; - } - - /* Fall through to handling of unexpected records */ - ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } - - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) - /* Reset in pointers to default state for TLS/DTLS records, - * assuming no CID and no offset between record content and - * record plaintext. */ - mbedtls_ssl_update_in_pointers(ssl); - - /* Setup internal message pointers from record structure. */ - ssl->in_msgtype = rec.type; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_len = ssl->in_cid + rec.cid_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_msg = ssl->in_len + 2; - ssl->in_msglen = rec.data_len; - - ret = ssl_check_client_reconnect(ssl); - MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_client_reconnect", ret); - if (ret != 0) { - return ret; - } -#endif - - /* Skip unexpected record (but not whole datagram) */ - ssl->next_record_offset = rec.buf_len; - - MBEDTLS_SSL_DEBUG_MSG(1, ("discarding unexpected record " - "(header)")); - } else { - /* Skip invalid record and the rest of the datagram */ - ssl->next_record_offset = 0; - ssl->in_left = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record " - "(header)")); - } - - /* Get next record */ - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } else -#endif - { - return ret; - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Remember offset of next record within datagram. */ - ssl->next_record_offset = rec.buf_len; - if (ssl->next_record_offset < ssl->in_left) { - MBEDTLS_SSL_DEBUG_MSG(3, ("more than one record within datagram")); - } - } else -#endif - { - /* - * Fetch record contents from underlying transport. - */ - ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - ssl->in_left = 0; - } - - /* - * Decrypt record contents. - */ - - if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Silently discard invalid records */ - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - /* Except when waiting for Finished as a bad mac here - * probably means something went wrong in the handshake - * (eg wrong psk used, mitm downgrade attempt, etc.) */ - if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || - ssl->state == MBEDTLS_SSL_SERVER_FINISHED) { -#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); - } -#endif - return ret; - } - - if (ssl->conf->badmac_limit != 0 && - ++ssl->badmac_seen >= ssl->conf->badmac_limit) { - MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - /* As above, invalid records cause - * dismissal of the whole datagram. */ - - ssl->next_record_offset = 0; - ssl->in_left = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record (mac)")); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - - return ret; - } else -#endif - { - /* Error out (and send alert) on invalid records */ -#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); - } -#endif - return ret; - } - } - - - /* Reset in pointers to default state for TLS/DTLS records, - * assuming no CID and no offset between record content and - * record plaintext. */ - mbedtls_ssl_update_in_pointers(ssl); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_len = ssl->in_cid + rec.cid_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_len + 2; - - /* The record content type may change during decryption, - * so re-read it. */ - ssl->in_msgtype = rec.type; - /* Also update the input buffer, because unfortunately - * the server-side ssl_parse_client_hello() reparses the - * record header when receiving a ClientHello initiating - * a renegotiation. */ - ssl->in_hdr[0] = rec.type; - ssl->in_msg = rec.buf + rec.data_offset; - ssl->in_msglen = rec.data_len; - MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0); - - return 0; -} - -int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * Handle particular types of records - */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { - if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) { - return ret; - } - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - if (ssl->in_msglen != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - if (ssl->in_msg[0] != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, content: %02x", - ssl->in_msg[0])); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { - if (ssl->handshake == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("dropping ChangeCipherSpec outside handshake")); - return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("received out-of-order ChangeCipherSpec - remember")); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Ignore ChangeCipherSpec in TLS 1.3 compatibility mode")); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { - if (ssl->in_msglen != 2) { - /* Note: Standard allows for more than one 2 byte alert - to be packed in a single message, but Mbed TLS doesn't - currently support this. */ - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("got an alert message, type: [%u:%u]", - ssl->in_msg[0], ssl->in_msg[1])); - - /* - * Ignore non-fatal alerts, except close_notify and no_renegotiation - */ - if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)", - ssl->in_msg[1])); - return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; - } - - if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) { - MBEDTLS_SSL_DEBUG_MSG(2, ("is a close notify message")); - return MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) - if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) { - MBEDTLS_SSL_DEBUG_MSG(2, ("is a no renegotiation alert")); - /* Will be handled when trying to parse ServerHello */ - return 0; - } -#endif - /* Silently ignore: fetch new message */ - return MBEDTLS_ERR_SSL_NON_FATAL; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Drop unexpected ApplicationData records, - * except at the beginning of renegotiations */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - mbedtls_ssl_is_handshake_over(ssl) == 0 -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->state == MBEDTLS_SSL_SERVER_HELLO) -#endif - ) { - MBEDTLS_SSL_DEBUG_MSG(1, ("dropping unexpected ApplicationData")); - return MBEDTLS_ERR_SSL_NON_FATAL; - } - - if (ssl->handshake != NULL && - mbedtls_ssl_is_handshake_over(ssl) == 1) { - mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - return 0; -} - -int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); -} - -int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->out_left != 0) { - return mbedtls_ssl_flush_output(ssl); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> send alert message")); - MBEDTLS_SSL_DEBUG_MSG(3, ("send alert level=%u message=%u", level, message)); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; - ssl->out_msglen = 2; - ssl->out_msg[0] = level; - ssl->out_msg[1] = message; - - if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_MSG(2, ("<= send alert message")); - - return 0; -} - -int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; - ssl->out_msglen = 1; - ssl->out_msg[0] = 1; - - ssl->state++; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); - - return 0; -} - -int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse change cipher spec")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad change cipher spec message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* CCS records are only accepted if they have length 1 and content '1', - * so we don't need to check this here. */ - - /* - * Switch to our negotiated transform and session parameters for inbound - * data. - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for inbound data")); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - ssl->transform_in = ssl->transform_negotiate; -#endif - ssl->session_in = ssl->session_negotiate; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset(ssl); -#endif - - /* Increment epoch */ - if (++ssl->in_epoch == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); - /* This is highly unlikely to happen for legitimate reasons, so - treat it as an attack and don't send an alert. */ - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); - - mbedtls_ssl_update_in_pointers(ssl); - - ssl->state++; - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); - - return 0; -} - -/* Once ssl->out_hdr as the address of the beginning of the - * next outgoing record is set, deduce the other pointers. - * - * Note: For TLS, we save the implicit record sequence number - * (entering MAC computation) in the 8 bytes before ssl->out_hdr, - * and the caller has to make sure there's space for this. - */ - -static size_t ssl_transform_get_explicit_iv_len( - mbedtls_ssl_transform const *transform) -{ - return transform->ivlen - transform->fixed_ivlen; -} - -void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_ctr = ssl->out_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - ssl->out_len = ssl->out_cid; - if (transform != NULL) { - ssl->out_len += transform->out_cid_len; - } -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_iv = ssl->out_len + 2; - } else -#endif - { - ssl->out_len = ssl->out_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->out_cid = ssl->out_len; -#endif - ssl->out_iv = ssl->out_hdr + 5; - } - - ssl->out_msg = ssl->out_iv; - /* Adjust out_msg to make space for explicit IV, if used. */ - if (transform != NULL) { - ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); - } -} - -/* Once ssl->in_hdr as the address of the beginning of the - * next incoming record is set, deduce the other pointers. - * - * Note: For TLS, we save the implicit record sequence number - * (entering MAC computation) in the 8 bytes before ssl->in_hdr, - * and the caller has to make sure there's space for this. - */ - -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) -{ - /* This function sets the pointers to match the case - * of unprotected TLS/DTLS records, with both ssl->in_iv - * and ssl->in_msg pointing to the beginning of the record - * content. - * - * When decrypting a protected record, ssl->in_msg - * will be shifted to point to the beginning of the - * record plaintext. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* This sets the header pointers to match records - * without CID. When we receive a record containing - * a CID, the fields are shifted accordingly in - * ssl_parse_record_header(). */ - ssl->in_ctr = ssl->in_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - ssl->in_len = ssl->in_cid; /* Default: no CID */ -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_len + 2; - } else -#endif - { - ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - ssl->in_len = ssl->in_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_cid = ssl->in_len; -#endif - ssl->in_iv = ssl->in_hdr + 5; - } - - /* This will be adjusted at record decryption time. */ - ssl->in_msg = ssl->in_iv; -} - -/* - * Setup an SSL context - */ - -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) -{ - /* Set the incoming and outgoing record pointers. */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_hdr = ssl->out_buf; - ssl->in_hdr = ssl->in_buf; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - ssl->out_ctr = ssl->out_buf; - ssl->out_hdr = ssl->out_buf + 8; - ssl->in_hdr = ssl->in_buf + 8; - } - - /* Derive other internal pointers. */ - mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); - mbedtls_ssl_update_in_pointers(ssl); -} - -/* - * SSL get accessors - */ -size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl) -{ - return ssl->in_offt == NULL ? 0 : ssl->in_msglen; -} - -int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl) -{ - /* - * Case A: We're currently holding back - * a message for further processing. - */ - - if (ssl->keep_current_message == 1) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: record held back for processing")); - return 1; - } - - /* - * Case B: Further records are pending in the current datagram. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->in_left > ssl->next_record_offset) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more records within current datagram")); - return 1; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * Case C: A handshake message is being processed. - */ - - if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("ssl_check_pending: more handshake messages within current record")); - return 1; - } - - /* - * Case D: An application data message is being processed - */ - if (ssl->in_offt != NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: application data record is being processed")); - return 1; - } - - /* - * In all other cases, the rest of the message can be dropped. - * As in ssl_get_next_record, this needs to be adapted if - * we implement support for multiple alerts in single records. - */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: nothing pending")); - return 0; -} - - -int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) -{ - size_t transform_expansion = 0; - const mbedtls_ssl_transform *transform = ssl->transform_out; - unsigned block_size; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl); - - if (transform == NULL) { - return (int) out_hdr_len; - } - - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (transform->psa_alg == PSA_ALG_GCM || - transform->psa_alg == PSA_ALG_CCM || - transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || - transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || - transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) { - transform_expansion = transform->minlen; - } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) { - (void) psa_get_key_attributes(transform->psa_key_enc, &attr); - key_type = psa_get_key_type(&attr); - - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type); - - /* Expansion due to the addition of the MAC. */ - transform_expansion += transform->maclen; - - /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ - transform_expansion += block_size; - - /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - transform_expansion += block_size; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - } else { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#else - switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: - case MBEDTLS_MODE_CHACHAPOLY: - case MBEDTLS_MODE_STREAM: - transform_expansion = transform->minlen; - break; - - case MBEDTLS_MODE_CBC: - - block_size = mbedtls_cipher_get_block_size( - &transform->cipher_ctx_enc); - - /* Expansion due to the addition of the MAC. */ - transform_expansion += transform->maclen; - - /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ - transform_expansion += block_size; - - /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - transform_expansion += block_size; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - break; - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (transform->out_cid_len != 0) { - transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - return (int) (out_hdr_len + transform_expansion); -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/* - * Check record counters and renegotiate if they're above the limit. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl) -{ - size_t ep_len = mbedtls_ssl_ep_len(ssl); - int in_ctr_cmp; - int out_ctr_cmp; - - if (mbedtls_ssl_is_handshake_over(ssl) == 0 || - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || - ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) { - return 0; - } - - in_ctr_cmp = memcmp(ssl->in_ctr + ep_len, - &ssl->conf->renego_period[ep_len], - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len); - out_ctr_cmp = memcmp(&ssl->cur_out_ctr[ep_len], - &ssl->conf->renego_period[ep_len], - sizeof(ssl->cur_out_ctr) - ep_len); - - if (in_ctr_cmp <= 0 && out_ctr_cmp <= 0) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("record counter limit reached: renegotiate")); - return mbedtls_ssl_renegotiate(ssl); -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_CLI_C) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_is_new_session_ticket(mbedtls_ssl_context *ssl) -{ - - if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) || - (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)) { - return 0; - } - - return 1; -} -#endif /* MBEDTLS_SSL_CLI_C */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) -{ - - MBEDTLS_SSL_DEBUG_MSG(3, ("received post-handshake message")); - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (ssl_tls13_is_new_session_ticket(ssl)) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received")); - ssl->keep_current_message = 1; - - mbedtls_ssl_handshake_set_state(ssl, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - return MBEDTLS_ERR_SSL_WANT_READ; -#else - MBEDTLS_SSL_DEBUG_MSG(3, ("Ignore NewSessionTicket, not supported.")); - return 0; -#endif - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - /* Fail in all other cases. */ - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* This function is called from mbedtls_ssl_read() when a handshake message is - * received after the initial handshake. In this context, handshake messages - * may only be sent for the purpose of initiating renegotiations. - * - * This function is introduced as a separate helper since the handling - * of post-handshake handshake messages changes significantly in TLS 1.3, - * and having a helper function allows to distinguish between TLS <= 1.2 and - * TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read(). - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * - For client-side, expect SERVER_HELLO_REQUEST. - * - For server-side, expect CLIENT_HELLO. - * - Fail (TLS) or silently drop record (DTLS) in other cases. - */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl))) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not HelloRequest)")); - - /* With DTLS, drop the packet (probably from last handshake) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } -#endif - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not ClientHello)")); - - /* With DTLS, drop the packet (probably from last handshake) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } -#endif - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - /* Determine whether renegotiation attempt should be accepted */ - if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || - (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION))) { - /* - * Accept renegotiation request - */ - - /* DTLS clients need to know renego is server-initiated */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; - } -#endif - ret = mbedtls_ssl_start_renegotiation(ssl); - if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", - ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - /* - * Refuse renegotiation - */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("refusing renegotiation, sending alert")); - - if ((ret = mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION)) != 0) { - return ret; - } - } - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) -{ - /* Check protocol version and dispatch accordingly. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - return ssl_tls13_handle_hs_message_post_handshake(ssl); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) { - return ssl_tls12_handle_hs_message_post_handshake(ssl); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* Should never happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -/* - * brief Read at most 'len' application data bytes from the input - * buffer. - * - * param ssl SSL context: - * - First byte of application data not read yet in the input - * buffer located at address `in_offt`. - * - The number of bytes of data not read yet is `in_msglen`. - * param buf buffer that will hold the data - * param len maximum number of bytes to read - * - * note The function updates the fields `in_offt` and `in_msglen` - * according to the number of bytes read. - * - * return The number of bytes read. - */ -static int ssl_read_application_data( - mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - size_t n = (len < ssl->in_msglen) ? len : ssl->in_msglen; - - if (len != 0) { - memcpy(buf, ssl->in_offt, n); - ssl->in_msglen -= n; - } - - /* Zeroising the plaintext buffer to erase unused application data - from the memory. */ - mbedtls_platform_zeroize(ssl->in_offt, n); - - if (ssl->in_msglen == 0) { - /* all bytes consumed */ - ssl->in_offt = NULL; - ssl->keep_current_message = 0; - } else { - /* more data available */ - ssl->in_offt += n; - } - - return (int) n; -} - -/* - * Receive application data decrypted from the SSL layer - */ -int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> read")); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - if (ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { - if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - return ret; - } - } - } -#endif - - /* - * Check if renegotiation is necessary and/or handshake is - * in process. If yes, perform/continue, and fall through - * if an unexpected packet is received while the client - * is waiting for the ServerHello. - * - * (There is no equivalent to the last condition on - * the server-side as it is not treated as within - * a handshake while waiting for the ClientHello - * after a renegotiation request.) - */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ret = ssl_check_ctr_renegotiate(ssl); - if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); - return ret; - } -#endif - - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake(ssl); - if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } - - /* Loop as long as no application data record is available */ - while (ssl->in_offt == NULL) { - /* Start timer if not already running */ - if (ssl->f_get_timer != NULL && - ssl->f_get_timer(ssl->p_timer) == -1) { - mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout); - } - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - if (ret == MBEDTLS_ERR_SSL_CONN_EOF) { - return 0; - } - - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msglen == 0 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - /* - * OpenSSL sends empty messages to randomize the IV - */ - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - if (ret == MBEDTLS_ERR_SSL_CONN_EOF) { - return 0; - } - - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { - ret = ssl_handle_hs_message_post_handshake(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_handle_hs_message_post_handshake", - ret); - return ret; - } - - /* At this point, we don't know whether the renegotiation triggered - * by the post-handshake message has been completed or not. The cases - * to consider are the following: - * 1) The renegotiation is complete. In this case, no new record - * has been read yet. - * 2) The renegotiation is incomplete because the client received - * an application data record while awaiting the ServerHello. - * 3) The renegotiation is incomplete because the client received - * a non-handshake, non-application data message while awaiting - * the ServerHello. - * - * In each of these cases, looping will be the proper action: - * - For 1), the next iteration will read a new record and check - * if it's application data. - * - For 2), the loop condition isn't satisfied as application data - * is present, hence continue is the same as break - * - For 3), the loop condition is satisfied and read_record - * will re-deliver the message that was held back by the client - * when expecting the ServerHello. - */ - - continue; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if (ssl->conf->renego_max_records >= 0) { - if (++ssl->renego_records_seen > ssl->conf->renego_max_records) { - MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation requested, " - "but not honored by client")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - } - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { - MBEDTLS_SSL_DEBUG_MSG(2, ("ignoring non-fatal non-closure alert")); - return MBEDTLS_ERR_SSL_WANT_READ; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad application data message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - ssl->in_offt = ssl->in_msg; - - /* We're going to return something now, cancel timer, - * except if handshake (renegotiation) is in progress */ - if (mbedtls_ssl_is_handshake_over(ssl) == 1) { - mbedtls_ssl_set_timer(ssl, 0); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - /* If we requested renego but received AppData, resend HelloRequest. - * Do it now, after setting in_offt, to avoid taking this branch - * again if ssl_write_hello_request() returns WANT_WRITE */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", - ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - } - - ret = ssl_read_application_data(ssl, buf, len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= read")); - - return ret; -} - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, - unsigned char *buf, size_t len) -{ - if (ssl == NULL || (ssl->conf == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * The server may receive early data only while waiting for the End of - * Early Data handshake message. - */ - if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) || - (ssl->in_offt == NULL)) { - return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA; - } - - return ssl_read_application_data(ssl, buf, len); -} -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA */ - -/* - * Send application data to be encrypted by the SSL layer, taking care of max - * fragment length and buffer size. - * - * According to RFC 5246 Section 6.2.1: - * - * Zero-length fragments of Application data MAY be sent as they are - * potentially useful as a traffic analysis countermeasure. - * - * Therefore, it is possible that the input message length is 0 and the - * corresponding return code is 0 on success. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_real(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - int ret = mbedtls_ssl_get_max_out_record_payload(ssl); - const size_t max_len = (size_t) ret; - - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_max_out_record_payload", ret); - return ret; - } - - if (len > max_len) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("fragment larger than the (negotiated) " - "maximum fragment length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - len, max_len)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } else -#endif - len = max_len; - } - - if (ssl->out_left != 0) { - /* - * The user has previously tried to send the data and - * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially - * written. In this case, we expect the high-level write function - * (e.g. mbedtls_ssl_write()) to be called with the same parameters - */ - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); - return ret; - } - } else { - /* - * The user is trying to send a message the first time, so we need to - * copy the data into the internal buffers and setup the data structure - * to keep track of partial writes - */ - ssl->out_msglen = len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - if (len > 0) { - memcpy(ssl->out_msg, buf, len); - } - - if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); - return ret; - } - } - - return (int) len; -} - -/* - * Write application data (public-facing wrapper) - */ -int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write")); - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); - return ret; - } -#endif - - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } - - ret = ssl_write_real(ssl, buf, len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write")); - - return ret; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const struct mbedtls_ssl_config *conf; - uint32_t remaining; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write early_data")); - - if (ssl == NULL || (conf = ssl->conf) == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) || - (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - /* - * If we are at the beginning of the handshake, the early data state being - * equal to MBEDTLS_SSL_EARLY_DATA_STATE_IDLE or - * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT advance the handshake just - * enough to be able to send early data if possible. That way, we can - * guarantee that when starting the handshake with this function we will - * send at least one record of early data. Note that when the state is - * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT and not yet - * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data - * as the early data outbound transform has not been set as we may have to - * first send a dummy CCS in clear. - */ - if ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) || - (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) { - while ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) || - (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) { - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake_step", ret); - return ret; - } - - ret = mbedtls_ssl_flush_output(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); - return ret; - } - } - remaining = ssl->session_negotiate->max_early_data_size; - } else { - /* - * If we are past the point where we can send early data or we have - * already reached the maximum early data size, return immediatly. - * Otherwise, progress the handshake as much as possible to not delay - * it too much. If we reach a point where we can still send early data, - * then we will send some. - */ - if ((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) && - (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED)) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - remaining = ssl->session_negotiate->max_early_data_size - - ssl->total_early_data_size; - - if (remaining == 0) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - ret = mbedtls_ssl_handshake(ssl); - if ((ret != 0) && (ret != MBEDTLS_ERR_SSL_WANT_READ)) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } - - if (((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) && - (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED)) - || (remaining == 0)) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - if (len > remaining) { - len = remaining; - } - - ret = ssl_write_real(ssl, buf, len); - if (ret >= 0) { - ssl->total_early_data_size += ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write early_data, ret=%d", ret)); - - return ret; -} -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - -/* - * Notify the peer that the connection is being closed - */ -int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write close notify")); - - if (mbedtls_ssl_is_handshake_over(ssl) == 1) { - if ((ret = mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_send_alert_message", ret); - return ret; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write close notify")); - - return 0; -} - -void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) -{ - if (transform == NULL) { - return; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(transform->psa_key_enc); - psa_destroy_key(transform->psa_key_dec); -#else - mbedtls_cipher_free(&transform->cipher_ctx_enc); - mbedtls_cipher_free(&transform->cipher_ctx_dec); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(transform->psa_mac_enc); - psa_destroy_key(transform->psa_mac_dec); -#else - mbedtls_md_free(&transform->md_ctx_enc); - mbedtls_md_free(&transform->md_ctx_dec); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif - - mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); -} - -void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform) -{ - ssl->transform_in = transform; - memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); -} - -void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform) -{ - ssl->transform_out = transform; - memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl) -{ - unsigned offset; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - if (hs == NULL) { - return; - } - - ssl_free_buffered_record(ssl); - - for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { - ssl_buffering_free_slot(ssl, offset); - } -} - -static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, - uint8_t slot) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; - - if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) { - return; - } - - if (hs_buf->is_valid == 1) { - hs->buffering.total_bytes_buffered -= hs_buf->data_len; - mbedtls_zeroize_and_free(hs_buf->data, hs_buf->data_len); - memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); - } -} - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/* - * Convert version numbers to/from wire format - * and, for DTLS, to/from TLS equivalent. - * - * For TLS this is the identity. - * For DTLS, map as follows, then use 1's complement (v -> ~v): - * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) - * DTLS 1.0 is stored as TLS 1.1 internally - */ -void mbedtls_ssl_write_version(unsigned char version[2], int transport, - mbedtls_ssl_protocol_version tls_version) -{ - uint16_t tls_version_formatted; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - tls_version_formatted = - ~(tls_version - (tls_version == 0x0302 ? 0x0202 : 0x0201)); - } else -#else - ((void) transport); -#endif - { - tls_version_formatted = (uint16_t) tls_version; - } - MBEDTLS_PUT_UINT16_BE(tls_version_formatted, version, 0); -} - -uint16_t mbedtls_ssl_read_version(const unsigned char version[2], - int transport) -{ - uint16_t tls_version = MBEDTLS_GET_UINT16_BE(version, 0); -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - tls_version = - ~(tls_version - (tls_version == 0xfeff ? 0x0202 : 0x0201)); - } -#else - ((void) transport); -#endif - return tls_version; -} - -/* - * Send pending fatal alert. - * 0, No alert message. - * !0, if mbedtls_ssl_send_alert_message() returned in error, the error code it - * returned, ssl->alert_reason otherwise. - */ -int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl) -{ - int ret; - - /* No pending alert, return success*/ - if (ssl->send_alert == 0) { - return 0; - } - - ret = mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - ssl->alert_type); - - /* If mbedtls_ssl_send_alert_message() returned with MBEDTLS_ERR_SSL_WANT_WRITE, - * do not clear the alert to be able to send it later. - */ - if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - ssl->send_alert = 0; - } - - if (ret != 0) { - return ret; - } - - return ssl->alert_reason; -} - -/* - * Set pending fatal alert flag. - */ -void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl, - unsigned char alert_type, - int alert_reason) -{ - ssl->send_alert = 1; - ssl->alert_type = alert_type; - ssl->alert_reason = alert_reason; -} - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c deleted file mode 100644 index 615b37fd6..000000000 --- a/library/ssl_ticket.c +++ /dev/null @@ -1,555 +0,0 @@ -/* - * TLS server tickets callbacks implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TICKET_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -/* - * Initialize context - */ -void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx) -{ - memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context)); - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init(&ctx->mutex); -#endif -} - -#define MAX_KEY_BYTES MBEDTLS_SSL_TICKET_MAX_KEY_BYTES - -#define TICKET_KEY_NAME_BYTES MBEDTLS_SSL_TICKET_KEY_NAME_BYTES -#define TICKET_IV_BYTES 12 -#define TICKET_CRYPT_LEN_BYTES 2 -#define TICKET_AUTH_TAG_BYTES 16 - -#define TICKET_MIN_LEN (TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES + \ - TICKET_AUTH_TAG_BYTES) -#define TICKET_ADD_DATA_LEN (TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES) - -/* - * Generate/update a key - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, - unsigned char index) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[MAX_KEY_BYTES] = { 0 }; - mbedtls_ssl_ticket_key *key = ctx->keys + index; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -#endif - -#if defined(MBEDTLS_HAVE_TIME) - key->generation_time = mbedtls_time(NULL); -#endif - /* The lifetime of a key is the configured lifetime of the tickets when - * the key is created. - */ - key->lifetime = ctx->ticket_lifetime; - - if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { - return ret; - } - - if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) { - return ret; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, key->alg); - psa_set_key_type(&attributes, key->key_type); - psa_set_key_bits(&attributes, key->key_bits); - - ret = PSA_TO_MBEDTLS_ERR( - psa_import_key(&attributes, buf, - PSA_BITS_TO_BYTES(key->key_bits), - &key->key)); -#else - /* With GCM and CCM, same context can encrypt & decrypt */ - ret = mbedtls_cipher_setkey(&key->ctx, buf, - mbedtls_cipher_get_key_bitlen(&key->ctx), - MBEDTLS_ENCRYPT); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_platform_zeroize(buf, sizeof(buf)); - - return ret; -} - -/* - * Rotate/generate keys if necessary - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) -{ -#if !defined(MBEDTLS_HAVE_TIME) - ((void) ctx); -#else - mbedtls_ssl_ticket_key * const key = ctx->keys + ctx->active; - if (key->lifetime != 0) { - mbedtls_time_t current_time = mbedtls_time(NULL); - mbedtls_time_t key_time = key->generation_time; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - - if (current_time >= key_time && - (uint64_t) (current_time - key_time) < key->lifetime) { - return 0; - } - - ctx->active = 1 - ctx->active; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - return ssl_ticket_gen_key(ctx, ctx->active); - } else -#endif /* MBEDTLS_HAVE_TIME */ - return 0; -} - -/* - * Rotate active session ticket encryption key - */ -int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, - const unsigned char *name, size_t nlength, - const unsigned char *k, size_t klength, - uint32_t lifetime) -{ - const unsigned char idx = 1 - ctx->active; - mbedtls_ssl_ticket_key * const key = ctx->keys + idx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - const size_t bitlen = key->key_bits; -#else - const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx); -#endif - - if (nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t) bitlen) { - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - return ret; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, key->alg); - psa_set_key_type(&attributes, key->key_type); - psa_set_key_bits(&attributes, key->key_bits); - - if ((status = psa_import_key(&attributes, k, - PSA_BITS_TO_BYTES(key->key_bits), - &key->key)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - return ret; - } -#else - ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - ctx->active = idx; - ctx->ticket_lifetime = lifetime; - memcpy(key->name, name, TICKET_KEY_NAME_BYTES); -#if defined(MBEDTLS_HAVE_TIME) - key->generation_time = mbedtls_time(NULL); -#endif - key->lifetime = lifetime; - - return 0; -} - -/* - * Setup context for actual use - */ -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t key_bits; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t alg; - psa_key_type_t key_type; -#else - const mbedtls_cipher_info_t *cipher_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_ssl_cipher_to_psa(cipher, TICKET_AUTH_TAG_BYTES, - &alg, &key_type, &key_bits) != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (PSA_ALG_IS_AEAD(alg) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#else - cipher_info = mbedtls_cipher_info_from_type(cipher); - - if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM && - mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CCM && - mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CHACHAPOLY) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - key_bits = mbedtls_cipher_info_get_key_bitlen(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (key_bits > 8 * MAX_KEY_BYTES) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ctx->f_rng = f_rng; - ctx->p_rng = p_rng; - - ctx->ticket_lifetime = lifetime; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ctx->keys[0].alg = alg; - ctx->keys[0].key_type = key_type; - ctx->keys[0].key_bits = key_bits; - - ctx->keys[1].alg = alg; - ctx->keys[1].key_type = key_type; - ctx->keys[1].key_bits = key_bits; -#else - if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) { - return ret; - } - - if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 || - (ret = ssl_ticket_gen_key(ctx, 1)) != 0) { - return ret; - } - - return 0; -} - -/* - * Create session ticket, with the following structure: - * - * struct { - * opaque key_name[4]; - * opaque iv[12]; - * opaque encrypted_state<0..2^16-1>; - * opaque tag[16]; - * } ticket; - * - * The key_name, iv, and length of encrypted_state are the additional - * authenticated data. - */ - -int mbedtls_ssl_ticket_write(void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *ticket_lifetime) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_ticket_context *ctx = p_ticket; - mbedtls_ssl_ticket_key *key; - unsigned char *key_name = start; - unsigned char *iv = start + TICKET_KEY_NAME_BYTES; - unsigned char *state_len_bytes = iv + TICKET_IV_BYTES; - unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES; - size_t clear_len, ciph_len; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - - *tlen = 0; - - if (ctx == NULL || ctx->f_rng == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, - * in addition to session itself, that will be checked when writing it. */ - MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN); - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return ret; - } -#endif - - if ((ret = ssl_ticket_update_keys(ctx)) != 0) { - goto cleanup; - } - - key = &ctx->keys[ctx->active]; - - *ticket_lifetime = key->lifetime; - - memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - - if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) { - goto cleanup; - } - - /* Dump session state */ - if ((ret = mbedtls_ssl_session_save(session, - state, (size_t) (end - state), - &clear_len)) != 0 || - (unsigned long) clear_len > 65535) { - goto cleanup; - } - MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0); - - /* Encrypt and authenticate */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = psa_aead_encrypt(key->key, key->alg, iv, TICKET_IV_BYTES, - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, end - state, - &ciph_len)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } -#else - if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, (size_t) (end - state), &ciph_len, - TICKET_AUTH_TAG_BYTES)) != 0) { - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) { - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - *tlen = TICKET_MIN_LEN + ciph_len - TICKET_AUTH_TAG_BYTES; - -cleanup: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - return MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -/* - * Select key based on name - */ -static mbedtls_ssl_ticket_key *ssl_ticket_select_key( - mbedtls_ssl_ticket_context *ctx, - const unsigned char name[4]) -{ - unsigned char i; - - for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) { - if (memcmp(name, ctx->keys[i].name, 4) == 0) { - return &ctx->keys[i]; - } - } - - return NULL; -} - -/* - * Load session ticket (see mbedtls_ssl_ticket_write for structure) - */ -int mbedtls_ssl_ticket_parse(void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_ticket_context *ctx = p_ticket; - mbedtls_ssl_ticket_key *key; - unsigned char *key_name = buf; - unsigned char *iv = buf + TICKET_KEY_NAME_BYTES; - unsigned char *enc_len_p = iv + TICKET_IV_BYTES; - unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; - size_t enc_len, clear_len; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - - if (ctx == NULL || ctx->f_rng == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (len < TICKET_MIN_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return ret; - } -#endif - - if ((ret = ssl_ticket_update_keys(ctx)) != 0) { - goto cleanup; - } - - enc_len = MBEDTLS_GET_UINT16_BE(enc_len_p, 0); - - if (len != TICKET_MIN_LEN + enc_len) { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto cleanup; - } - - /* Select key */ - if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) { - /* We can't know for sure but this is a likely option unless we're - * under attack - this is only informative anyway */ - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - goto cleanup; - } - - /* Decrypt and authenticate */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = psa_aead_decrypt(key->key, key->alg, iv, TICKET_IV_BYTES, - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } -#else - if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len, - TICKET_AUTH_TAG_BYTES)) != 0) { - if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { - ret = MBEDTLS_ERR_SSL_INVALID_MAC; - } - - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (clear_len != enc_len) { - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - /* Actually load session */ - if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) { - goto cleanup; - } - -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t ticket_creation_time, ticket_age; - mbedtls_ms_time_t ticket_lifetime = - (mbedtls_ms_time_t) key->lifetime * 1000; - - ret = mbedtls_ssl_session_get_ticket_creation_time(session, - &ticket_creation_time); - if (ret != 0) { - goto cleanup; - } - - ticket_age = mbedtls_ms_time() - ticket_creation_time; - if (ticket_age < 0 || ticket_age > ticket_lifetime) { - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - goto cleanup; - } -#endif - -cleanup: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - return MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -/* - * Free context - */ -void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) -{ - if (ctx == NULL) { - return; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(ctx->keys[0].key); - psa_destroy_key(ctx->keys[1].key); -#else - mbedtls_cipher_free(&ctx->keys[0].ctx); - mbedtls_cipher_free(&ctx->keys[1].ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free(&ctx->mutex); -#endif - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context)); -} - -#endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c deleted file mode 100644 index ae4fd89f6..000000000 --- a/library/ssl_tls.c +++ /dev/null @@ -1,9915 +0,0 @@ -/* - * TLS shared functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * http://www.ietf.org/rfc/rfc2246.txt - * http://www.ietf.org/rfc/rfc4346.txt - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "ssl_client.h" -#include "ssl_debug_helpers.h" - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/version.h" -#include "mbedtls/constant_time.h" - -#include - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/psa_util.h" -#include "md_psa.h" -#include "psa_util_internal.h" -#include "psa/crypto.h" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/* Define local translating functions to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; - -void mbedtls_ssl_set_chk_buf_ptr_fail_args( - const uint8_t *cur, const uint8_t *end, size_t need) -{ - chk_buf_ptr_fail_args.cur = cur; - chk_buf_ptr_fail_args.end = end; - chk_buf_ptr_fail_args.need = need; -} - -void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void) -{ - memset(&chk_buf_ptr_fail_args, 0, sizeof(chk_buf_ptr_fail_args)); -} - -int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args) -{ - return (chk_buf_ptr_fail_args.cur != args->cur) || - (chk_buf_ptr_fail_args.end != args->end) || - (chk_buf_ptr_fail_args.need != args->need); -} -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -/* Top-level Connection ID API */ - -int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, - size_t len, - int ignore_other_cid) -{ - if (len > MBEDTLS_SSL_CID_IN_LEN_MAX) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && - ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->ignore_unexpected_cid = ignore_other_cid; - conf->cid_len = len; - return 0; -} - -int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len) -{ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->negotiate_cid = enable; - if (enable == MBEDTLS_SSL_CID_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Disable use of CID extension.")); - return 0; - } - MBEDTLS_SSL_DEBUG_MSG(3, ("Enable use of CID extension.")); - MBEDTLS_SSL_DEBUG_BUF(3, "Own CID", own_cid, own_cid_len); - - if (own_cid_len != ssl->conf->cid_len) { - MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config", - (unsigned) own_cid_len, - (unsigned) ssl->conf->cid_len)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(ssl->own_cid, own_cid, own_cid_len); - /* Truncation is not an issue here because - * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ - ssl->own_cid_len = (uint8_t) own_cid_len; - - return 0; -} - -int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], - size_t *own_cid_len) -{ - *enabled = MBEDTLS_SSL_CID_DISABLED; - - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is - * zero as this is indistinguishable from not requesting to use - * the CID extension. */ - if (ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - return 0; - } - - if (own_cid_len != NULL) { - *own_cid_len = ssl->own_cid_len; - if (own_cid != NULL) { - memcpy(own_cid, ssl->own_cid, ssl->own_cid_len); - } - } - - *enabled = MBEDTLS_SSL_CID_ENABLED; - - return 0; -} - -int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], - size_t *peer_cid_len) -{ - *enabled = MBEDTLS_SSL_CID_DISABLED; - - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - mbedtls_ssl_is_handshake_over(ssl) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions - * were used, but client and server requested the empty CID. - * This is indistinguishable from not using the CID extension - * in the first place. */ - if (ssl->transform_in->in_cid_len == 0 && - ssl->transform_in->out_cid_len == 0) { - return 0; - } - - if (peer_cid_len != NULL) { - *peer_cid_len = ssl->transform_in->out_cid_len; - if (peer_cid != NULL) { - memcpy(peer_cid, ssl->transform_in->out_cid, - ssl->transform_in->out_cid_len); - } - } - - *enabled = MBEDTLS_SSL_CID_ENABLED; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/* - * Convert max_fragment_length codes to length. - * RFC 6066 says: - * enum{ - * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) - * } MaxFragmentLength; - * and we add 0 -> extension unused - */ -static unsigned int ssl_mfl_code_to_length(int mfl) -{ - switch (mfl) { - case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; - case MBEDTLS_SSL_MAX_FRAG_LEN_512: - return 512; - case MBEDTLS_SSL_MAX_FRAG_LEN_1024: - return 1024; - case MBEDTLS_SSL_MAX_FRAG_LEN_2048: - return 2048; - case MBEDTLS_SSL_MAX_FRAG_LEN_4096: - return 4096; - default: - return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; - } -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src) -{ - mbedtls_ssl_session_free(dst); - memcpy(dst, src, sizeof(mbedtls_ssl_session)); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - dst->ticket = NULL; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - dst->hostname = NULL; -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN) && \ - defined(MBEDTLS_SSL_EARLY_DATA) - dst->ticket_alpn = NULL; -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (src->peer_cert != NULL) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (dst->peer_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(dst->peer_cert); - - if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p, - src->peer_cert->raw.len)) != 0) { - mbedtls_free(dst->peer_cert); - dst->peer_cert = NULL; - return ret; - } - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (src->peer_cert_digest != NULL) { - dst->peer_cert_digest = - mbedtls_calloc(1, src->peer_cert_digest_len); - if (dst->peer_cert_digest == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(dst->peer_cert_digest, src->peer_cert_digest, - src->peer_cert_digest_len); - dst->peer_cert_digest_type = src->peer_cert_digest_type; - dst->peer_cert_digest_len = src->peer_cert_digest_len; - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN) && \ - defined(MBEDTLS_SSL_EARLY_DATA) - { - int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn); - if (ret != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_ALPN && MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if (src->ticket != NULL) { - dst->ticket = mbedtls_calloc(1, src->ticket_len); - if (dst->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(dst->ticket, src->ticket, src->ticket_len); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (src->endpoint == MBEDTLS_SSL_IS_CLIENT) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ssl_session_set_hostname(dst, src->hostname); - if (ret != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - return 0; -} - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old) -{ - unsigned char *resized_buffer = mbedtls_calloc(1, len_new); - if (resized_buffer == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - /* We want to copy len_new bytes when downsizing the buffer, and - * len_old bytes when upsizing, so we choose the smaller of two sizes, - * to fit one buffer into another. Size checks, ensuring that no data is - * lost, are done outside of this function. */ - memcpy(resized_buffer, *buffer, - (len_new < *len_old) ? len_new : *len_old); - mbedtls_zeroize_and_free(*buffer, *len_old); - - *buffer = resized_buffer; - *len_old = len_new; - - return 0; -} - -static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, - size_t in_buf_new_len, - size_t out_buf_new_len) -{ - int modified = 0; - size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; - size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - if (ssl->in_buf != NULL) { - written_in = ssl->in_msg - ssl->in_buf; - iv_offset_in = ssl->in_iv - ssl->in_buf; - len_offset_in = ssl->in_len - ssl->in_buf; - if (downsizing ? - ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : - ssl->in_buf_len < in_buf_new_len) { - if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory")); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, - in_buf_new_len)); - modified = 1; - } - } - } - - if (ssl->out_buf != NULL) { - written_out = ssl->out_msg - ssl->out_buf; - iv_offset_out = ssl->out_iv - ssl->out_buf; - len_offset_out = ssl->out_len - ssl->out_buf; - if (downsizing ? - ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : - ssl->out_buf_len < out_buf_new_len) { - if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory")); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, - out_buf_new_len)); - modified = 1; - } - } - } - if (modified) { - /* Update pointers here to avoid doing it twice. */ - mbedtls_ssl_reset_in_out_pointers(ssl); - /* Fields below might not be properly updated with record - * splitting or with CID, so they are manually updated here. */ - ssl->out_msg = ssl->out_buf + written_out; - ssl->out_len = ssl->out_buf + len_offset_out; - ssl->out_iv = ssl->out_buf + iv_offset_out; - - ssl->in_msg = ssl->in_buf + written_in; - ssl->in_len = ssl->in_buf + len_offset_in; - ssl->in_iv = ssl->in_buf + iv_offset_in; - } -} -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -typedef int (*tls_prf_fn)(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id); - -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/* Type for the TLS PRF */ -typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, - const unsigned char *, size_t, - unsigned char *, size_t); - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - mbedtls_ssl_protocol_version tls_version, - unsigned endpoint, - const mbedtls_ssl_context *ssl); - -#if defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha256(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); -static int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *); -static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int); - -#endif /* PSA_WANT_ALG_SHA_256*/ - -#if defined(PSA_WANT_ALG_SHA_384) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha384(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); -static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); -#endif /* PSA_WANT_ALG_SHA_384*/ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -static int ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t); - -#if defined(PSA_WANT_ALG_SHA_256) -static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); -#endif /* PSA_WANT_ALG_SHA_256*/ - -#if defined(PSA_WANT_ALG_SHA_384) -static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); -#endif /* PSA_WANT_ALG_SHA_384*/ - -int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - mbedtls_ssl_tls_prf_cb *tls_prf = NULL; - - switch (prf) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_TLS_PRF_SHA384: - tls_prf = tls_prf_sha384; - break; -#endif /* PSA_WANT_ALG_SHA_384*/ -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_TLS_PRF_SHA256: - tls_prf = tls_prf_sha256; - break; -#endif /* PSA_WANT_ALG_SHA_256*/ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - default: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - return tls_prf(secret, slen, label, random, rlen, dstbuf, dlen); -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_clear_peer_cert(mbedtls_ssl_session *session) -{ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (session->peer_cert != NULL) { - mbedtls_x509_crt_free(session->peer_cert); - mbedtls_free(session->peer_cert); - session->peer_cert = NULL; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (session->peer_cert_digest != NULL) { - /* Zeroization is not necessary. */ - mbedtls_free(session->peer_cert_digest); - session->peer_cert_digest = NULL; - session->peer_cert_digest_type = MBEDTLS_MD_NONE; - session->peer_cert_digest_len = 0; - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type) -{ - switch (extension_type) { - case MBEDTLS_TLS_EXT_SERVERNAME: - return MBEDTLS_SSL_EXT_ID_SERVERNAME; - - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - return MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH; - - case MBEDTLS_TLS_EXT_STATUS_REQUEST: - return MBEDTLS_SSL_EXT_ID_STATUS_REQUEST; - - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - return MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS; - - case MBEDTLS_TLS_EXT_SIG_ALG: - return MBEDTLS_SSL_EXT_ID_SIG_ALG; - - case MBEDTLS_TLS_EXT_USE_SRTP: - return MBEDTLS_SSL_EXT_ID_USE_SRTP; - - case MBEDTLS_TLS_EXT_HEARTBEAT: - return MBEDTLS_SSL_EXT_ID_HEARTBEAT; - - case MBEDTLS_TLS_EXT_ALPN: - return MBEDTLS_SSL_EXT_ID_ALPN; - - case MBEDTLS_TLS_EXT_SCT: - return MBEDTLS_SSL_EXT_ID_SCT; - - case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: - return MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE; - - case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: - return MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE; - - case MBEDTLS_TLS_EXT_PADDING: - return MBEDTLS_SSL_EXT_ID_PADDING; - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - return MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY; - - case MBEDTLS_TLS_EXT_EARLY_DATA: - return MBEDTLS_SSL_EXT_ID_EARLY_DATA; - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - return MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS; - - case MBEDTLS_TLS_EXT_COOKIE: - return MBEDTLS_SSL_EXT_ID_COOKIE; - - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - return MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES; - - case MBEDTLS_TLS_EXT_CERT_AUTH: - return MBEDTLS_SSL_EXT_ID_CERT_AUTH; - - case MBEDTLS_TLS_EXT_OID_FILTERS: - return MBEDTLS_SSL_EXT_ID_OID_FILTERS; - - case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: - return MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH; - - case MBEDTLS_TLS_EXT_SIG_ALG_CERT: - return MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT; - - case MBEDTLS_TLS_EXT_KEY_SHARE: - return MBEDTLS_SSL_EXT_ID_KEY_SHARE; - - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - return MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC; - - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - return MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS; - - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - return MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC; - - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - return MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET; - - case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: - return MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT; - - case MBEDTLS_TLS_EXT_SESSION_TICKET: - return MBEDTLS_SSL_EXT_ID_SESSION_TICKET; - - } - - return MBEDTLS_SSL_EXT_ID_UNRECOGNIZED; -} - -uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type) -{ - return 1 << mbedtls_ssl_get_extension_id(extension_type); -} - -#if defined(MBEDTLS_DEBUG_C) -static const char *extension_name_table[] = { - [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unrecognized", - [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name", - [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length", - [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request", - [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups", - [MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms", - [MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp", - [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat", - [MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation", - [MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp", - [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type", - [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type", - [MBEDTLS_SSL_EXT_ID_PADDING] = "padding", - [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key", - [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data", - [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions", - [MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie", - [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes", - [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities", - [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters", - [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth", - [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert", - [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share", - [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac", - [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats", - [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac", - [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret", - [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket", - [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit" -}; - -static const unsigned int extension_type_table[] = { - [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, - [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, - [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, - [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST, - [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, - [MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG, - [MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP, - [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT, - [MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN, - [MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT, - [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE, - [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE, - [MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING, - [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY, - [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA, - [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, - [MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE, - [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, - [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH, - [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS, - [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH, - [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT, - [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE, - [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC, - [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, - [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, - [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, - [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET, - [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT -}; - -const char *mbedtls_ssl_get_extension_name(unsigned int extension_type) -{ - return extension_name_table[ - mbedtls_ssl_get_extension_id(extension_type)]; -} - -static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) -{ - switch (hs_msg_type) { - case MBEDTLS_SSL_HS_CLIENT_HELLO: - return "ClientHello"; - case MBEDTLS_SSL_HS_SERVER_HELLO: - return "ServerHello"; - case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: - return "HelloRetryRequest"; - case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: - return "NewSessionTicket"; - case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: - return "EncryptedExtensions"; - case MBEDTLS_SSL_HS_CERTIFICATE: - return "Certificate"; - case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: - return "CertificateRequest"; - } - return "Unknown"; -} - -void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, unsigned int extension_type, - const char *extra_msg0, const char *extra_msg1) -{ - const char *extra_msg; - if (extra_msg0 && extra_msg1) { - mbedtls_debug_print_msg( - ssl, level, file, line, - "%s: %s(%u) extension %s %s.", - ssl_tls13_get_hs_msg_name(hs_msg_type), - mbedtls_ssl_get_extension_name(extension_type), - extension_type, - extra_msg0, extra_msg1); - return; - } - - extra_msg = extra_msg0 ? extra_msg0 : extra_msg1; - if (extra_msg) { - mbedtls_debug_print_msg( - ssl, level, file, line, - "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type), - mbedtls_ssl_get_extension_name(extension_type), extension_type, - extra_msg); - return; - } - - mbedtls_debug_print_msg( - ssl, level, file, line, - "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type), - mbedtls_ssl_get_extension_name(extension_type), extension_type); -} - -void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, uint32_t extensions_mask, - const char *extra) -{ - - for (unsigned i = 0; - i < sizeof(extension_name_table) / sizeof(extension_name_table[0]); - i++) { - mbedtls_ssl_print_extension( - ssl, level, file, line, hs_msg_type, extension_type_table[i], - extensions_mask & (1 << i) ? "exists" : "does not exist", extra); - } -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -static const char *ticket_flag_name_table[] = -{ - [0] = "ALLOW_PSK_RESUMPTION", - [2] = "ALLOW_PSK_EPHEMERAL_RESUMPTION", - [3] = "ALLOW_EARLY_DATA", -}; - -void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - unsigned int flags) -{ - size_t i; - - mbedtls_debug_print_msg(ssl, level, file, line, - "print ticket_flags (0x%02x)", flags); - - flags = flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK; - - for (i = 0; i < ARRAY_LENGTH(ticket_flag_name_table); i++) { - if ((flags & (1 << i))) { - mbedtls_debug_print_msg(ssl, level, file, line, "- %s is set.", - ticket_flag_name_table[i]); - } - } -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#endif /* MBEDTLS_DEBUG_C */ - -void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info) -{ - ((void) ciphersuite_info); - -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - ssl->handshake->update_checksum = ssl_update_checksum_sha384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) { - ssl->handshake->update_checksum = ssl_update_checksum_sha256; - } else -#endif - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return; - } -} - -int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len) -{ - unsigned char hs_hdr[4]; - - /* Build HS header for checksum update. */ - hs_hdr[0] = MBEDTLS_BYTE_0(hs_type); - hs_hdr[1] = MBEDTLS_BYTE_2(total_hs_len); - hs_hdr[2] = MBEDTLS_BYTE_1(total_hs_len); - hs_hdr[3] = MBEDTLS_BYTE_0(total_hs_len); - - return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); -} - -int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char const *msg, - size_t msg_len) -{ - int ret; - ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len); - if (ret != 0) { - return ret; - } - return ssl->handshake->update_checksum(ssl, msg, msg_len); -} - -int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) -{ -#if defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif -#else /* SHA-256 or SHA-384 */ - ((void) ssl); -#endif /* SHA-256 or SHA-384 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } - status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#else - mbedtls_md_free(&ssl->handshake->fin_sha256); - mbedtls_md_init(&ssl->handshake->fin_sha256); - ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - 0); - if (ret != 0) { - return ret; - } - ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); - if (ret != 0) { - return ret; - } -#endif -#endif -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } - status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#else - mbedtls_md_free(&ssl->handshake->fin_sha384); - mbedtls_md_init(&ssl->handshake->fin_sha384); - ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, - mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); - if (ret != 0) { - return ret; - } - ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); - if (ret != 0) { - return ret; - } -#endif -#endif - return 0; -} - -static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ -#if defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif -#else /* SHA-256 or SHA-384 */ - ((void) ssl); - (void) buf; - (void) len; -#endif /* SHA-256 or SHA-384 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#else - ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); - if (ret != 0) { - return ret; - } -#endif -#endif -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#else - ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); - if (ret != 0) { - return ret; - } -#endif -#endif - return 0; -} - -#if defined(PSA_WANT_ALG_SHA_256) -static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha256_psa, buf, len)); -#else - return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); -#endif -} -#endif - -#if defined(PSA_WANT_ALG_SHA_384) -static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha384_psa, buf, len)); -#else - return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); -#endif -} -#endif - -static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) -{ - memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params)); - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - handshake->fin_sha256_psa = psa_hash_operation_init(); -#else - mbedtls_md_init(&handshake->fin_sha256); -#endif -#endif -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - handshake->fin_sha384_psa = psa_hash_operation_init(); -#else - mbedtls_md_init(&handshake->fin_sha384); -#endif -#endif - - handshake->update_checksum = ssl_update_checksum_start; - -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_init(&handshake->dhm_ctx); -#endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - mbedtls_ecdh_init(&handshake->ecdh_ctx); -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - handshake->psa_pake_ctx = psa_pake_operation_init(); - handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_ecjpake_init(&handshake->ecjpake_ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SSL_CLI_C) - handshake->ecjpake_cache = NULL; - handshake->ecjpake_cache_len = 0; -#endif -#endif - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx); -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_init(&handshake->peer_pubkey); -#endif -} - -void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) -{ - memset(transform, 0, sizeof(mbedtls_ssl_transform)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; - transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_cipher_init(&transform->cipher_ctx_enc); - mbedtls_cipher_init(&transform->cipher_ctx_dec); -#endif - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_md_init(&transform->md_ctx_enc); - mbedtls_md_init(&transform->md_ctx_dec); -#endif -#endif -} - -void mbedtls_ssl_session_init(mbedtls_ssl_session *session) -{ - memset(session, 0, sizeof(mbedtls_ssl_session)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handshake_init(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Clear old handshake information if present */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->transform_negotiate) { - mbedtls_ssl_transform_free(ssl->transform_negotiate); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if (ssl->session_negotiate) { - mbedtls_ssl_session_free(ssl->session_negotiate); - } - if (ssl->handshake) { - mbedtls_ssl_handshake_free(ssl); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Either the pointers are now NULL or cleared properly and can be freed. - * Now allocate missing structures. - */ - if (ssl->transform_negotiate == NULL) { - ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - if (ssl->session_negotiate == NULL) { - ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); - } - - if (ssl->handshake == NULL) { - ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params)); - } -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* If the buffers are too small - reallocate */ - - handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, - MBEDTLS_SSL_OUT_BUFFER_LEN); -#endif - - /* All pointers should exist and can be directly freed without issue */ - if (ssl->handshake == NULL || -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - ssl->transform_negotiate == NULL || -#endif - ssl->session_negotiate == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed")); - - mbedtls_free(ssl->handshake); - ssl->handshake = NULL; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_free(ssl->transform_negotiate); - ssl->transform_negotiate = NULL; -#endif - - mbedtls_free(ssl->session_negotiate); - ssl->session_negotiate = NULL; - - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#if defined(MBEDTLS_SSL_CLI_C) - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IDLE; -#endif -#if defined(MBEDTLS_SSL_SRV_C) - ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; -#endif - ssl->total_early_data_size = 0; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - /* Initialize structures */ - mbedtls_ssl_session_init(ssl->session_negotiate); - ssl_handshake_params_init(ssl->handshake); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_transform_init(ssl->transform_negotiate); -#endif - - /* Setup handshake checksums */ - ret = mbedtls_ssl_reset_checksum(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl->handshake->new_session_tickets_count = - ssl->conf->new_session_tickets_count; -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->handshake->alt_transform_out = ssl->transform_out; - - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - } - - mbedtls_ssl_set_timer(ssl, 0); - } -#endif - -/* - * curve_list is translated to IANA TLS group identifiers here because - * mbedtls_ssl_conf_curves returns void and so can't return - * any error codes. - */ -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - /* Heap allocate and translate curve_list from internal to IANA group ids */ - if (ssl->conf->curve_list != NULL) { - size_t length; - const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; - - for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) { - } - - /* Leave room for zero termination */ - uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t)); - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - for (size_t i = 0; i < length; i++) { - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - curve_list[i]); - if (tls_id == 0) { - mbedtls_free(group_list); - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - group_list[i] = tls_id; - } - - group_list[length] = 0; - - ssl->handshake->group_list = group_list; - ssl->handshake->group_list_heap_allocated = 1; - } else { - ssl->handshake->group_list = ssl->conf->group_list; - ssl->handshake->group_list_heap_allocated = 0; - } -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* Heap allocate and translate sig_hashes from internal hash identifiers to - signature algorithms IANA identifiers. */ - if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && - ssl->conf->sig_hashes != NULL) { - const int *md; - const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = 0; - uint16_t *p; - - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN - <= (SIZE_MAX - (2 * sizeof(uint16_t))), - "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big"); - - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - sig_algs_len += sizeof(uint16_t); -#endif - -#if defined(MBEDTLS_RSA_C) - sig_algs_len += sizeof(uint16_t); -#endif - if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - } - - if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len + - sizeof(uint16_t)); - if (ssl->handshake->sig_algs == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - p = (uint16_t *) ssl->handshake->sig_algs; - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md); - if (hash == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); - p++; -#endif -#if defined(MBEDTLS_RSA_C) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA); - p++; -#endif - } - *p = MBEDTLS_TLS_SIG_NONE; - ssl->handshake->sig_algs_heap_allocated = 1; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { - ssl->handshake->sig_algs_heap_allocated = 0; - } -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - return 0; -} - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) -/* Dummy cookie callbacks for defaults */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_write_dummy(void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len) -{ - ((void) ctx); - ((void) p); - ((void) end); - ((void) cli_id); - ((void) cli_id_len); - - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_check_dummy(void *ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len) -{ - ((void) ctx); - ((void) cookie); - ((void) cookie_len); - ((void) cli_id); - ((void) cli_id_len); - - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - -/* - * Initialize an SSL context - */ -void mbedtls_ssl_init(mbedtls_ssl_context *ssl) -{ - memset(ssl, 0, sizeof(mbedtls_ssl_context)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_version_check(const mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_config *conf = ssl->conf; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (mbedtls_ssl_conf_is_tls13_only(conf)) { - if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS 1.3 is not yet supported.")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls13 only.")); - return 0; - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (mbedtls_ssl_conf_is_tls12_only(conf)) { - MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls12 only.")); - return 0; - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (mbedtls_ssl_conf_is_hybrid_tls12_tls13(conf)) { - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is TLS 1.3 or TLS 1.2.")); - return 0; - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(1, ("The SSL configuration is invalid.")); - return MBEDTLS_ERR_SSL_BAD_CONFIG; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_check(const mbedtls_ssl_context *ssl) -{ - int ret; - ret = ssl_conf_version_check(ssl); - if (ret != 0) { - return ret; - } - - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - - /* Space for further checks */ - - return 0; -} - -/* - * Setup an SSL context - */ - -int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; - - ssl->conf = conf; - - if ((ret = ssl_conf_check(ssl)) != 0) { - return ret; - } - ssl->tls_version = ssl->conf->max_tls_version; - - /* - * Prepare base structures - */ - - /* Set to NULL in case of an error condition */ - ssl->out_buf = NULL; - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - ssl->in_buf_len = in_buf_len; -#endif - ssl->in_buf = mbedtls_calloc(1, in_buf_len); - if (ssl->in_buf == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len)); - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto error; - } - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - ssl->out_buf_len = out_buf_len; -#endif - ssl->out_buf = mbedtls_calloc(1, out_buf_len); - if (ssl->out_buf == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len)); - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto error; - } - - mbedtls_ssl_reset_in_out_pointers(ssl); - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); -#endif - - if ((ret = ssl_handshake_init(ssl)) != 0) { - goto error; - } - - return 0; - -error: - mbedtls_free(ssl->in_buf); - mbedtls_free(ssl->out_buf); - - ssl->conf = NULL; - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - ssl->in_buf_len = 0; - ssl->out_buf_len = 0; -#endif - ssl->in_buf = NULL; - ssl->out_buf = NULL; - - ssl->in_hdr = NULL; - ssl->in_ctr = NULL; - ssl->in_len = NULL; - ssl->in_iv = NULL; - ssl->in_msg = NULL; - - ssl->out_hdr = NULL; - ssl->out_ctr = NULL; - ssl->out_len = NULL; - ssl->out_iv = NULL; - ssl->out_msg = NULL; - - return ret; -} - -/* - * Reset an initialized and used SSL context for re-use while retaining - * all application-set variables, function pointers and data. - * - * If partial is non-zero, keep data in the input buffer and client ID. - * (Use when a DTLS client reconnects from the same port.) - */ -void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, - int partial) -{ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; - size_t out_buf_len = ssl->out_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - -#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C) - partial = 0; -#endif - - /* Cancel any possibly running timer */ - mbedtls_ssl_set_timer(ssl, 0); - - mbedtls_ssl_reset_in_out_pointers(ssl); - - /* Reset incoming message parsing */ - ssl->in_offt = NULL; - ssl->nb_zero = 0; - ssl->in_msgtype = 0; - ssl->in_msglen = 0; - ssl->in_hslen = 0; - ssl->keep_current_message = 0; - ssl->transform_in = NULL; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - ssl->next_record_offset = 0; - ssl->in_epoch = 0; -#endif - - /* Keep current datagram if partial == 1 */ - if (partial == 0) { - ssl->in_left = 0; - memset(ssl->in_buf, 0, in_buf_len); - } - - ssl->send_alert = 0; - - /* Reset outgoing message writing */ - ssl->out_msgtype = 0; - ssl->out_msglen = 0; - ssl->out_left = 0; - memset(ssl->out_buf, 0, out_buf_len); - memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); - ssl->transform_out = NULL; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset(ssl); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->transform) { - mbedtls_ssl_transform_free(ssl->transform); - mbedtls_free(ssl->transform); - ssl->transform = NULL; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_transform_free(ssl->transform_application); - mbedtls_free(ssl->transform_application); - ssl->transform_application = NULL; - - if (ssl->handshake != NULL) { -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_transform_free(ssl->handshake->transform_earlydata); - mbedtls_free(ssl->handshake->transform_earlydata); - ssl->handshake->transform_earlydata = NULL; -#endif - - mbedtls_ssl_transform_free(ssl->handshake->transform_handshake); - mbedtls_free(ssl->handshake->transform_handshake); - ssl->handshake->transform_handshake = NULL; - } - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -} - -int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; - ssl->tls_version = ssl->conf->max_tls_version; - - mbedtls_ssl_session_reset_msg_layer(ssl, partial); - - /* Reset renegotiation state */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; - ssl->renego_records_seen = 0; - - ssl->verify_data_len = 0; - memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); - memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); -#endif - ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; - - ssl->session_in = NULL; - ssl->session_out = NULL; - if (ssl->session) { - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - ssl->session = NULL; - } - -#if defined(MBEDTLS_SSL_ALPN) - ssl->alpn_chosen = NULL; -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - int free_cli_id = 1; -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - free_cli_id = (partial == 0); -#endif - if (free_cli_id) { - mbedtls_free(ssl->cli_id); - ssl->cli_id = NULL; - ssl->cli_id_len = 0; - } -#endif - - if ((ret = ssl_handshake_init(ssl)) != 0) { - return ret; - } - - return 0; -} - -/* - * Reset an initialized and used SSL context for re-use while retaining - * all application-set variables, function pointers and data. - */ -int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_session_reset_int(ssl, 0); -} - -/* - * SSL set accessors - */ -void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint) -{ - conf->endpoint = endpoint; -} - -void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport) -{ - conf->transport = transport; -} - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode) -{ - conf->anti_replay = mode; -} -#endif - -void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit) -{ - conf->badmac_limit = limit; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, - unsigned allow_packing) -{ - ssl->disable_datagram_packing = !allow_packing; -} - -void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, - uint32_t min, uint32_t max) -{ - conf->hs_timeout_min = min; - conf->hs_timeout_max = max; -} -#endif - -void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode) -{ - conf->authmode = authmode; -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - conf->f_vrfy = f_vrfy; - conf->p_vrfy = p_vrfy; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - conf->f_rng = f_rng; - conf->p_rng = p_rng; -} - -void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg) -{ - conf->f_dbg = f_dbg; - conf->p_dbg = p_dbg; -} - -void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout) -{ - ssl->p_bio = p_bio; - ssl->f_send = f_send; - ssl->f_recv = f_recv; - ssl->f_recv_timeout = f_recv_timeout; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu) -{ - ssl->mtu = mtu; -} -#endif - -void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout) -{ - conf->read_timeout = timeout; -} - -void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer) -{ - ssl->p_timer = p_timer; - ssl->f_set_timer = f_set_timer; - ssl->f_get_timer = f_get_timer; - - /* Make sure we start with no timer running */ - mbedtls_ssl_set_timer(ssl, 0); -} - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, - void *p_cache, - mbedtls_ssl_cache_get_t *f_get_cache, - mbedtls_ssl_cache_set_t *f_set_cache) -{ - conf->p_cache = p_cache; - conf->f_get_cache = f_get_cache; - conf->f_set_cache = f_set_cache; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || - session == NULL || - ssl->session_negotiate == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->handshake->resume == 1) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); - - if (mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3) != 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("%d is not a valid TLS 1.3 ciphersuite.", - session->ciphersuite)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#else - /* - * If session tickets are not enabled, it is not possible to resume a - * TLS 1.3 session, thus do not make any change to the SSL context in - * the first place. - */ - return 0; -#endif - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate, - session)) != 0) { - return ret; - } - - ssl->handshake->resume = 1; - - return 0; -} -#endif /* MBEDTLS_SSL_CLI_C */ - -void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, - const int *ciphersuites) -{ - conf->ciphersuite_list = ciphersuites; -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, - const int kex_modes) -{ - conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, - int early_data_enabled) -{ - conf->early_data_enabled = early_data_enabled; -} - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_max_early_data_size( - mbedtls_ssl_config *conf, uint32_t max_early_data_size) -{ - conf->max_early_data_size = max_early_data_size; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile) -{ - conf->cert_profile = profile; -} - -static void ssl_key_cert_free(mbedtls_ssl_key_cert *key_cert) -{ - mbedtls_ssl_key_cert *cur = key_cert, *next; - - while (cur != NULL) { - next = cur->next; - mbedtls_free(cur); - cur = next; - } -} - -/* Append a new keycert entry to a (possibly empty) list */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_append_key_cert(mbedtls_ssl_key_cert **head, - mbedtls_x509_crt *cert, - mbedtls_pk_context *key) -{ - mbedtls_ssl_key_cert *new_cert; - - if (cert == NULL) { - /* Free list if cert is null */ - ssl_key_cert_free(*head); - *head = NULL; - return 0; - } - - new_cert = mbedtls_calloc(1, sizeof(mbedtls_ssl_key_cert)); - if (new_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - new_cert->cert = cert; - new_cert->key = key; - new_cert->next = NULL; - - /* Update head if the list was null, else add to the end */ - if (*head == NULL) { - *head = new_cert; - } else { - mbedtls_ssl_key_cert *cur = *head; - while (cur->next != NULL) { - cur = cur->next; - } - cur->next = new_cert; - } - - return 0; -} - -int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key) -{ - return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key); -} - -void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl) -{ - conf->ca_chain = ca_chain; - conf->ca_crl = ca_crl; - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() - * cannot be used together. */ - conf->f_ca_cb = NULL; - conf->p_ca_cb = NULL; -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb) -{ - conf->f_ca_cb = f_ca_cb; - conf->p_ca_cb = p_ca_cb; - - /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() - * cannot be used together. */ - conf->ca_chain = NULL; - conf->ca_crl = NULL; -} -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, - size_t *name_len) -{ - *name_len = ssl->handshake->sni_name_len; - return ssl->handshake->sni_name; -} - -int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key) -{ - return ssl_append_key_cert(&ssl->handshake->sni_key_cert, - own_cert, pk_key); -} - -void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl) -{ - ssl->handshake->sni_ca_chain = ca_chain; - ssl->handshake->sni_ca_crl = ca_crl; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -void mbedtls_ssl_set_hs_dn_hints(mbedtls_ssl_context *ssl, - const mbedtls_x509_crt *crt) -{ - ssl->handshake->dn_hints = crt; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, - int authmode) -{ - ssl->handshake->sni_authmode = authmode; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - ssl->f_vrfy = f_vrfy; - ssl->p_vrfy = p_vrfy; -} -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; -static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; - -static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( - mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t pwd) -{ - psa_status_t status; - psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - const uint8_t *user = NULL; - size_t user_len = 0; - const uint8_t *peer = NULL; - size_t peer_len = 0; - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); - psa_pake_cs_set_primitive(&cipher_suite, - PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, - PSA_ECC_FAMILY_SECP_R1, - 256)); - psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); - - status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite); - if (status != PSA_SUCCESS) { - return status; - } - - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - user = jpake_server_id; - user_len = sizeof(jpake_server_id); - peer = jpake_client_id; - peer_len = sizeof(jpake_client_id); - } else { - user = jpake_client_id; - user_len = sizeof(jpake_client_id); - peer = jpake_server_id; - peer_len = sizeof(jpake_server_id); - } - - status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); - if (status != PSA_SUCCESS) { - return status; - } - - status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len); - if (status != PSA_SUCCESS) { - return status; - } - - status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd); - if (status != PSA_SUCCESS) { - return status; - } - - ssl->handshake->psa_pake_ctx_is_ok = 1; - - return PSA_SUCCESS; -} - -int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; - - if (ssl->handshake == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Empty password is not valid */ - if ((pw == NULL) || (pw_len == 0)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - status = psa_import_key(&attributes, pw, pw_len, - &ssl->handshake->psa_pake_password); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl, - ssl->handshake->psa_pake_password); - if (status != PSA_SUCCESS) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - return 0; -} - -int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t pwd) -{ - psa_status_t status; - - if (ssl->handshake == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (mbedtls_svc_key_id_is_null(pwd)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl, pwd); - if (status != PSA_SUCCESS) { - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - return 0; -} -#else /* MBEDTLS_USE_PSA_CRYPTO */ -int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len) -{ - mbedtls_ecjpake_role role; - - if (ssl->handshake == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Empty password is not valid */ - if ((pw == NULL) || (pw_len == 0)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - role = MBEDTLS_ECJPAKE_SERVER; - } else { - role = MBEDTLS_ECJPAKE_CLIENT; - } - - return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx, - role, - MBEDTLS_MD_SHA256, - MBEDTLS_ECP_DP_SECP256R1, - pw, pw_len); -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) -{ - if (conf->psk_identity == NULL || - conf->psk_identity_len == 0) { - return 0; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - return 1; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (conf->psk != NULL && conf->psk_len != 0) { - return 1; - } - - return 0; -} - -static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) -{ - /* Remove reference to existing PSK, if any. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - /* The maintenance of the PSK key slot is the - * user's responsibility. */ - conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (conf->psk != NULL) { - mbedtls_zeroize_and_free(conf->psk, conf->psk_len); - conf->psk = NULL; - conf->psk_len = 0; - } - - /* Remove reference to PSK identity, if any. */ - if (conf->psk_identity != NULL) { - mbedtls_free(conf->psk_identity); - conf->psk_identity = NULL; - conf->psk_identity_len = 0; - } -} - -/* This function assumes that PSK identity in the SSL config is unset. - * It checks that the provided identity is well-formed and attempts - * to make a copy of it in the SSL config. - * On failure, the PSK identity in the config remains unset. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf, - unsigned char const *psk_identity, - size_t psk_identity_len) -{ - /* Identity len will be encoded on two bytes */ - if (psk_identity == NULL || - psk_identity_len == 0 || - (psk_identity_len >> 16) != 0 || - psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->psk_identity = mbedtls_calloc(1, psk_identity_len); - if (conf->psk_identity == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - conf->psk_identity_len = psk_identity_len; - memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); - - return 0; -} - -int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* We currently only support one PSK, raw or opaque. */ - if (mbedtls_ssl_conf_has_static_psk(conf)) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - /* Check and set raw PSK */ - if (psk == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (psk_len == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (psk_len > MBEDTLS_PSK_MAX_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - conf->psk_len = psk_len; - memcpy(conf->psk, psk, conf->psk_len); - - /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); - if (ret != 0) { - ssl_conf_remove_psk(conf); - } - - return ret; -} - -static void ssl_remove_psk(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - /* The maintenance of the external PSK key slot is the - * user's responsibility. */ - if (ssl->handshake->psk_opaque_is_internal) { - psa_destroy_key(ssl->handshake->psk_opaque); - ssl->handshake->psk_opaque_is_internal = 0; - } - ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -#else - if (ssl->handshake->psk != NULL) { - mbedtls_zeroize_and_free(ssl->handshake->psk, - ssl->handshake->psk_len); - ssl->handshake->psk_len = 0; - ssl->handshake->psk = NULL; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} - -int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg = PSA_ALG_NONE; - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (psk == NULL || ssl->handshake == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (psk_len > MBEDTLS_PSK_MAX_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_remove_psk(ssl); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - alg = PSA_ALG_HKDF_EXTRACT(PSA_ALG_ANY_HASH); - psa_set_key_usage_flags(&key_attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, psk, psk_len, &key); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - /* Allow calling psa_destroy_key() on psk remove */ - ssl->handshake->psk_opaque_is_internal = 1; - return mbedtls_ssl_set_hs_psk_opaque(ssl, key); -#else - if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - ssl->handshake->psk_len = psk_len; - memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len); - - return 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, - mbedtls_svc_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* We currently only support one PSK, raw or opaque. */ - if (mbedtls_ssl_conf_has_static_psk(conf)) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - /* Check and set opaque PSK */ - if (mbedtls_svc_key_id_is_null(psk)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - conf->psk_opaque = psk; - - /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity(conf, psk_identity, - psk_identity_len); - if (ret != 0) { - ssl_conf_remove_psk(conf); - } - - return ret; -} - -int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t psk) -{ - if ((mbedtls_svc_key_id_is_null(psk)) || - (ssl->handshake == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_remove_psk(ssl); - ssl->handshake->psk_opaque = psk; - return 0; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk) -{ - conf->f_psk = f_psk; - conf->p_psk = p_psk; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( - psa_algorithm_t alg) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (alg == PSA_ALG_CBC_NO_PADDING) { - return MBEDTLS_SSL_MODE_CBC; - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - if (PSA_ALG_IS_AEAD(alg)) { - return MBEDTLS_SSL_MODE_AEAD; - } - return MBEDTLS_SSL_MODE_STREAM; -} - -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( - mbedtls_cipher_mode_t mode) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (mode == MBEDTLS_MODE_CBC) { - return MBEDTLS_SSL_MODE_CBC; - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) - if (mode == MBEDTLS_MODE_GCM || - mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY) { - return MBEDTLS_SSL_MODE_AEAD; - } -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ - - return MBEDTLS_SSL_MODE_STREAM; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode( - mbedtls_ssl_mode_t base_mode, - int encrypt_then_mac) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - if (encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && - base_mode == MBEDTLS_SSL_MODE_CBC) { - return MBEDTLS_SSL_MODE_CBC_ETM; - } -#else - (void) encrypt_then_mac; -#endif - return base_mode; -} - -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( - const mbedtls_ssl_transform *transform) -{ - mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode( -#if defined(MBEDTLS_USE_PSA_CRYPTO) - transform->psa_alg -#else - mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc) -#endif - ); - - int encrypt_then_mac = 0; -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - encrypt_then_mac = transform->encrypt_then_mac; -#endif - return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac); -} - -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - const mbedtls_ssl_ciphersuite_t *suite) -{ - mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; - psa_algorithm_t alg; - psa_key_type_t type; - size_t size; - status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher, - 0, &alg, &type, &size); - if (status == PSA_SUCCESS) { - base_mode = mbedtls_ssl_get_base_mode(alg); - } -#else - const mbedtls_cipher_info_t *cipher = - mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) suite->cipher); - if (cipher != NULL) { - base_mode = - mbedtls_ssl_get_base_mode( - mbedtls_cipher_info_get_mode(cipher)); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac = 0; -#endif - return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac); -} - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - -const mbedtls_error_pair_t psa_to_ssl_errors[] = -{ - { PSA_SUCCESS, 0 }, - { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED }, - { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE }, - { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC }, - { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA }, - { PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR }, - { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL } -}; - -psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type, - size_t taglen, - psa_algorithm_t *alg, - psa_key_type_t *key_type, - size_t *key_size) -{ -#if !defined(PSA_WANT_ALG_CCM) - (void) taglen; -#endif - switch (mbedtls_cipher_type) { -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_AES_128_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_AES_128_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_AES_128_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_AES_192_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_AES_192_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_AES_256_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_AES_256_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_AES_256_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_ARIA_128_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_ARIA_128_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_ARIA_128_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_ARIA_192_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_ARIA_192_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_ARIA_256_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_ARIA_256_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_ARIA_256_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_CAMELLIA_128_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_CAMELLIA_128_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_CAMELLIA_128_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_CAMELLIA_192_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_CAMELLIA_192_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_CAMELLIA_256_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_CAMELLIA_256_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_CAMELLIA_256_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) - case MBEDTLS_CIPHER_CHACHA20_POLY1305: - *alg = PSA_ALG_CHACHA20_POLY1305; - *key_type = PSA_KEY_TYPE_CHACHA20; - *key_size = 256; - break; -#endif - case MBEDTLS_CIPHER_NULL: - *alg = MBEDTLS_SSL_NULL_CIPHER; - *key_type = 0; - *key_size = 0; - break; - default: - return PSA_ERROR_NOT_SUPPORTED; - } - - return PSA_SUCCESS; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - - if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || - (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - return ret; - } - - return 0; -} - -int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - - if ((ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_P, - &conf->dhm_P)) != 0 || - (ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_G, - &conf->dhm_G)) != 0) { - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/* - * Set the minimum length for Diffie-Hellman parameters - */ -void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, - unsigned int bitlen) -{ - conf->dhm_min_bitlen = bitlen; -} -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Set allowed/preferred hashes for handshake signatures - */ -void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes) -{ - conf->sig_hashes = hashes; -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ - -/* Configure allowed signature algorithms for handshake */ -void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, - const uint16_t *sig_algs) -{ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = NULL; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - conf->sig_algs = sig_algs; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* - * Set the allowed elliptic curves - * - * mbedtls_ssl_setup() takes the provided list - * and translates it to a list of IANA TLS group identifiers, - * stored in ssl->handshake->group_list. - * - */ -void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curve_list) -{ - conf->curve_list = curve_list; - conf->group_list = NULL; -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - -/* - * Set the allowed groups - */ -void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, - const uint16_t *group_list) -{ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif - conf->group_list = group_list; -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) -{ - /* Initialize to suppress unnecessary compiler warning */ - size_t hostname_len = 0; - - /* Check if new hostname is valid before - * making any change to current one */ - if (hostname != NULL) { - hostname_len = strlen(hostname); - - if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - /* Now it's clear that we will overwrite the old hostname, - * so we can free it safely */ - - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } - - /* Passing NULL as hostname shall clear the old one */ - - if (hostname == NULL) { - ssl->hostname = NULL; - } else { - ssl->hostname = mbedtls_calloc(1, hostname_len + 1); - if (ssl->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->hostname, hostname, hostname_len); - - ssl->hostname[hostname_len] = '\0'; - } - - return 0; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, - const unsigned char *, size_t), - void *p_sni) -{ - conf->f_sni = f_sni; - conf->p_sni = p_sni; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) -{ - size_t cur_len, tot_len; - const char **p; - - /* - * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings - * MUST NOT be truncated." - * We check lengths now rather than later. - */ - tot_len = 0; - for (p = protos; *p != NULL; p++) { - cur_len = strlen(*p); - tot_len += cur_len; - - if ((cur_len == 0) || - (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) || - (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - conf->alpn_list = protos; - - return 0; -} - -const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl) -{ - return ssl->alpn_chosen; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, - int support_mki_value) -{ - conf->dtls_srtp_mki_support = support_mki_value; -} - -int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len) -{ - if (mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len); - ssl->dtls_srtp_info.mki_len = mki_len; - return 0; -} - -int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles) -{ - const mbedtls_ssl_srtp_profile *p; - size_t list_size = 0; - - /* check the profiles list: all entry must be valid, - * its size cannot be more than the total number of supported profiles, currently 4 */ - for (p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && - list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; - p++) { - if (mbedtls_ssl_check_srtp_profile_value(*p) != MBEDTLS_TLS_SRTP_UNSET) { - list_size++; - } else { - /* unsupported value, stop parsing and set the size to an error value */ - list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; - } - } - - if (list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH) { - conf->dtls_srtp_profile_list = NULL; - conf->dtls_srtp_profile_list_len = 0; - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->dtls_srtp_profile_list = profiles; - conf->dtls_srtp_profile_list_len = list_size; - - return 0; -} - -void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info) -{ - dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; - /* do not copy the mki value if there is no chosen profile */ - if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { - dtls_srtp_info->mki_len = 0; - } else { - dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; - memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} - -void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, - char cert_req_ca_list) -{ - conf->cert_req_ca_list = cert_req_ca_list; -} -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm) -{ - conf->encrypt_then_mac = etm; -} -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems) -{ - conf->extended_ms = ems; -} -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code) -{ - if (mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || - ssl_mfl_code_to_length(mfl_code) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->mfl_code = mfl_code; - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy) -{ - conf->allow_legacy_renegotiation = allow_legacy; -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation) -{ - conf->disable_renegotiation = renegotiation; -} - -void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records) -{ - conf->renego_max_records = max_records; -} - -void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, - const unsigned char period[8]) -{ - memcpy(conf->renego_period, period, 8); -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) -void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) -{ - conf->session_tickets = use_tickets; -} -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf, - uint16_t num_tickets) -{ - conf->new_session_tickets_count = num_tickets; -} -#endif - -void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket) -{ - conf->f_ticket_write = f_ticket_write; - conf->f_ticket_parse = f_ticket_parse; - conf->p_ticket = p_ticket; -} -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys) -{ - ssl->f_export_keys = f_export_keys; - ssl->p_export_keys = p_export_keys; -} - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -void mbedtls_ssl_conf_async_private_cb( - mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *async_config_data) -{ - conf->f_async_sign_start = f_async_sign; - conf->f_async_decrypt_start = f_async_decrypt; - conf->f_async_resume = f_async_resume; - conf->f_async_cancel = f_async_cancel; - conf->p_async_config_data = async_config_data; -} - -void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf) -{ - return conf->p_async_config_data; -} - -void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl) -{ - if (ssl->handshake == NULL) { - return NULL; - } else { - return ssl->handshake->user_async_ctx; - } -} - -void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, - void *ctx) -{ - if (ssl->handshake != NULL) { - ssl->handshake->user_async_ctx = ctx; - } -} -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -/* - * SSL get accessors - */ -uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl) -{ - if (ssl->session != NULL) { - return ssl->session->verify_result; - } - - if (ssl->session_negotiate != NULL) { - return ssl->session_negotiate->verify_result; - } - - return 0xFFFFFFFF; -} - -int mbedtls_ssl_get_ciphersuite_id_from_ssl(const mbedtls_ssl_context *ssl) -{ - if (ssl == NULL || ssl->session == NULL) { - return 0; - } - - return ssl->session->ciphersuite; -} - -const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl) -{ - if (ssl == NULL || ssl->session == NULL) { - return NULL; - } - - return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); -} - -const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - switch (ssl->tls_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - return "DTLSv1.2"; - default: - return "unknown (DTLS)"; - } - } -#endif - - switch (ssl->tls_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - return "TLSv1.2"; - case MBEDTLS_SSL_VERSION_TLS1_3: - return "TLSv1.3"; - default: - return "unknown"; - } -} - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - -size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) -{ - const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t record_size_limit = max_len; - - if (ssl->session != NULL && - ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session->record_size_limit < max_len) { - record_size_limit = ssl->session->record_size_limit; - } - - // TODO: this is currently untested - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL && - ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session_negotiate->record_size_limit < max_len) { - record_size_limit = ssl->session_negotiate->record_size_limit; - } - - return record_size_limit; -} -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) -{ - size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; - size_t read_mfl; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) { - return ssl_mfl_code_to_length(ssl->conf->mfl_code); - } -#endif - - /* Check if a smaller max length was negotiated */ - if (ssl->session_out != NULL) { - read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code); - if (read_mfl < max_len) { - max_len = read_mfl; - } - } - - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL) { - read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); - if (read_mfl < max_len) { - max_len = read_mfl; - } - } - - return max_len; -} - -size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) -{ - size_t max_len; - - /* - * Assume mfl_code is correct since it was checked when set - */ - max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); - - /* Check if a smaller max length was negotiated */ - if (ssl->session_out != NULL && - ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) { - max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code); - } - - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL && - ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) { - max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); - } - - return max_len; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl) -{ - /* Return unlimited mtu for client hello messages to avoid fragmentation. */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - (ssl->state == MBEDTLS_SSL_CLIENT_HELLO || - ssl->state == MBEDTLS_SSL_SERVER_HELLO)) { - return 0; - } - - if (ssl->handshake == NULL || ssl->handshake->mtu == 0) { - return ssl->mtu; - } - - if (ssl->mtu == 0) { - return ssl->handshake->mtu; - } - - return ssl->mtu < ssl->handshake->mtu ? - ssl->mtu : ssl->handshake->mtu; -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) -{ - size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - -#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ - !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ - !defined(MBEDTLS_SSL_PROTO_DTLS) - (void) ssl; -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - - if (max_len > mfl) { - max_len = mfl; - } -#endif - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl); - - if (max_len > record_size_limit) { - max_len = record_size_limit; - } -#endif - - if (ssl->transform_out != NULL && - ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* - * In TLS 1.3 case, when records are protected, `max_len` as computed - * above is the maximum length of the TLSInnerPlaintext structure that - * along the plaintext payload contains the inner content type (one byte) - * and some zero padding. Given the algorithm used for padding - * in mbedtls_ssl_encrypt_buf(), compute the maximum length for - * the plaintext payload. Round down to a multiple of - * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY and - * subtract 1. - */ - max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (mbedtls_ssl_get_current_mtu(ssl) != 0) { - const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); - const int ret = mbedtls_ssl_get_record_expansion(ssl); - const size_t overhead = (size_t) ret; - - if (ret < 0) { - return ret; - } - - if (mtu <= overhead) { - MBEDTLS_SSL_DEBUG_MSG(1, ("MTU too low for record expansion")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - if (max_len > mtu - overhead) { - max_len = mtu - overhead; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ - !defined(MBEDTLS_SSL_PROTO_DTLS) && \ - !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - ((void) ssl); -#endif - - return (int) max_len; -} - -int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl) -{ - size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; - -#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - (void) ssl; -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_input_max_frag_len(ssl); - - if (max_len > mfl) { - max_len = mfl; - } -#endif - - return (int) max_len; -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl) -{ - if (ssl == NULL || ssl->session == NULL) { - return NULL; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - return ssl->session->peer_cert; -#else - return NULL; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *dst) -{ - int ret; - - if (ssl == NULL || - dst == NULL || - ssl->session == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer - * idempotent: Each session can only be exported once. - * - * (This is in preparation for TLS 1.3 support where we will - * need the ability to export multiple sessions (aka tickets), - * which will be achieved by calling mbedtls_ssl_get_session() - * multiple times until it fails.) - * - * Check whether we have already exported the current session, - * and fail if so. - */ - if (ssl->session->exported == 1) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - ret = mbedtls_ssl_session_copy(dst, ssl->session); - if (ret != 0) { - return ret; - } - - /* Remember that we've exported the session. */ - ssl->session->exported = 1; - return 0; -} -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -/* Serialization of TLS 1.2 sessions - * - * For more detail, see the description of ssl_session_save(). - */ -static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len) -{ - unsigned char *p = buf; - size_t used = 0; - -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - used += 8; - - if (used <= buf_len) { - start = (uint64_t) session->start; - - MBEDTLS_PUT_UINT64_BE(start, p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - used += 1 /* id_len */ - + sizeof(session->id) - + sizeof(session->master) - + 4; /* verify_result */ - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->id_len); - memcpy(p, session->id, 32); - p += 32; - - memcpy(p, session->master, 48); - p += 48; - - MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); - p += 4; - } - - /* - * Peer's end-entity certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (session->peer_cert == NULL) { - cert_len = 0; - } else { - cert_len = session->peer_cert->raw.len; - } - - used += 3 + cert_len; - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_2(cert_len); - *p++ = MBEDTLS_BYTE_1(cert_len); - *p++ = MBEDTLS_BYTE_0(cert_len); - - if (session->peer_cert != NULL) { - memcpy(p, session->peer_cert->raw.p, cert_len); - p += cert_len; - } - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (session->peer_cert_digest != NULL) { - used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; - if (used <= buf_len) { - *p++ = (unsigned char) session->peer_cert_digest_type; - *p++ = (unsigned char) session->peer_cert_digest_len; - memcpy(p, session->peer_cert_digest, - session->peer_cert_digest_len); - p += session->peer_cert_digest_len; - } - } else { - used += 2; - if (used <= buf_len) { - *p++ = (unsigned char) MBEDTLS_MD_NONE; - *p++ = 0; - } - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket if any, plus associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { - used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_2(session->ticket_len); - *p++ = MBEDTLS_BYTE_1(session->ticket_len); - *p++ = MBEDTLS_BYTE_0(session->ticket_len); - - if (session->ticket != NULL) { - memcpy(p, session->ticket, session->ticket_len); - p += session->ticket_len; - } - - MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); - p += 4; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - used += 8; - - if (used <= buf_len) { - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); - p += 8; - } - } -#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - used += 1; - - if (used <= buf_len) { - *p++ = session->mfl_code; - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - used += 1; - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); - } -#endif - - return used; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - if (8 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - start = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - - session->start = (time_t) start; -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - if (1 + 32 + 48 + 4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->id_len = *p++; - memcpy(session->id, p, 32); - p += 32; - - memcpy(session->master, p, 48); - p += 48; - - session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - /* Immediately clear invalid pointer values that have been read, in case - * we exit early before we replaced them with valid ones. */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - session->peer_cert = NULL; -#else - session->peer_cert_digest = NULL; -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - session->ticket = NULL; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Peer certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Deserialize CRT from the end of the ticket. */ - if (3 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - if (cert_len != 0) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (cert_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - - if (session->peer_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(session->peer_cert); - - if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, - p, cert_len)) != 0) { - mbedtls_x509_crt_free(session->peer_cert); - mbedtls_free(session->peer_cert); - session->peer_cert = NULL; - return ret; - } - - p += cert_len; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Deserialize CRT digest from the end of the ticket. */ - if (2 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; - session->peer_cert_digest_len = (size_t) *p++; - - if (session->peer_cert_digest_len != 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type(session->peer_cert_digest_type); - if (md_info == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (session->peer_cert_digest_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert_digest = - mbedtls_calloc(1, session->peer_cert_digest_len); - if (session->peer_cert_digest == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->peer_cert_digest, p, - session->peer_cert_digest_len); - p += session->peer_cert_digest_len; - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket and associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (3 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - if (session->ticket_len != 0) { - if (session->ticket_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket = mbedtls_calloc(1, session->ticket_len); - if (session->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->ticket, p, session->ticket_len); - p += session->ticket_len; - } - - if (4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (8 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if (1 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->mfl_code = *p++; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (1 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->encrypt_then_mac = *p++; -#endif - - /* Done, should have consumed entire buffer */ - if (p != end) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return 0; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* Serialization of TLS 1.3 sessions: - * - * For more detail, see the description of ssl_session_save(). - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - size_t hostname_len = (session->hostname == NULL) ? - 0 : strlen(session->hostname) + 1; -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - const size_t alpn_len = (session->ticket_alpn == NULL) ? - 0 : strlen(session->ticket_alpn) + 1; -#endif - size_t needed = 4 /* ticket_age_add */ - + 1 /* ticket_flags */ - + 1; /* resumption_key length */ - - *olen = 0; - - if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - needed += session->resumption_key_len; /* resumption_key */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - needed += 4; /* max_early_data_size */ -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - needed += 2; /* record_size_limit */ -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_HAVE_TIME) - needed += 8; /* ticket_creation_time or ticket_reception_time */ -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - needed += 2 /* alpn_len */ - + alpn_len; /* alpn */ -#endif - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - needed += 2 /* hostname_len */ - + hostname_len; /* hostname */ -#endif - - needed += 4 /* ticket_lifetime */ - + 2; /* ticket_len */ - - /* Check size_t overflow */ - if (session->ticket_len > SIZE_MAX - needed) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - needed += session->ticket_len; /* ticket */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - - *olen = needed; - if (needed > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 0); - p[4] = session->ticket_flags; - - /* save resumption_key */ - p[5] = session->resumption_key_len; - p += 6; - memcpy(p, session->resumption_key, session->resumption_key_len); - p += session->resumption_key_len; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); - p += 4; -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); - p += 2; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_HAVE_TIME) - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); - p += 8; -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - MBEDTLS_PUT_UINT16_BE(alpn_len, p, 0); - p += 2; - - if (alpn_len > 0) { - /* save chosen alpn */ - memcpy(p, session->ticket_alpn, alpn_len); - p += alpn_len; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); - p += 2; - if (hostname_len > 0) { - /* save host name */ - memcpy(p, session->hostname, hostname_len); - p += hostname_len; - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_HAVE_TIME) - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); - p += 8; -#endif - MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); - p += 4; - - MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); - p += 2; - - if (session->ticket != NULL && session->ticket_len > 0) { - memcpy(p, session->ticket, session->ticket_len); - p += session->ticket_len; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char *end = buf + len; - - if (end - p < 6) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 0); - session->ticket_flags = p[4]; - - /* load resumption_key */ - session->resumption_key_len = p[5]; - p += 6; - - if (end - p < session->resumption_key_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (sizeof(session->resumption_key) < session->resumption_key_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - memcpy(session->resumption_key, p, session->resumption_key_len); - p += session->resumption_key_len; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_HAVE_TIME) - if (end - p < 8) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - size_t alpn_len; - - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - alpn_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) alpn_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (alpn_len > 0) { - int ret = mbedtls_ssl_session_set_ticket_alpn(session, (char *) p); - if (ret != 0) { - return ret; - } - p += alpn_len; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - size_t hostname_len; - /* load host name */ - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - hostname_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) hostname_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (hostname_len > 0) { - session->hostname = mbedtls_calloc(1, hostname_len); - if (session->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->hostname, p, hostname_len); - p += hostname_len; - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_HAVE_TIME) - if (end - p < 8) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) session->ticket_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (session->ticket_len > 0) { - session->ticket = mbedtls_calloc(1, session->ticket_len); - if (session->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->ticket, p, session->ticket_len); - p += session->ticket_len; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - return 0; - -} -#else /* MBEDTLS_SSL_SESSION_TICKETS */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - ((void) session); - ((void) buf); - ((void) buf_len); - *olen = 0; - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} - -static int ssl_tls13_session_load(const mbedtls_ssl_session *session, - const unsigned char *buf, - size_t buf_len) -{ - ((void) session); - ((void) buf); - ((void) buf_len); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* !MBEDTLS_SSL_SESSION_TICKETS */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* - * Define ticket header determining Mbed TLS version - * and structure of the ticket. - */ - -/* - * Define bitflag determining compile-time settings influencing - * structure of serialized SSL sessions. - */ - -#if defined(MBEDTLS_HAVE_TIME) -#define SSL_SERIALIZED_SESSION_CONFIG_TIME 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_TIME 0 -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#define SSL_SERIALIZED_SESSION_CONFIG_CRT 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0 -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0 -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 0 -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -#define SSL_SERIALIZED_SESSION_CONFIG_MFL 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_MFL 0 -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define SSL_SERIALIZED_SESSION_CONFIG_ETM 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_ETM 0 -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 0 -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -#define SSL_SERIALIZED_SESSION_CONFIG_SNI 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_SNI 0 -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA 0 -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE 0 -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_EARLY_DATA) -#define SSL_SERIALIZED_SESSION_CONFIG_ALPN 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_ALPN 0 -#endif /* MBEDTLS_SSL_ALPN */ - -#define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0 -#define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1 -#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2 -#define SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT 3 -#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 4 -#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 5 -#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 6 -#define SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT 7 -#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT 8 -#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT 9 -#define SSL_SERIALIZED_SESSION_CONFIG_ALPN_BIT 10 - -#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \ - ((uint16_t) ( \ - (SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << \ - SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \ - SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_SNI << SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA << \ - SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE << \ - SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_ALPN << \ - SSL_SERIALIZED_SESSION_CONFIG_ALPN_BIT))) - -static const unsigned char ssl_serialized_session_header[] = { - MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, - MBEDTLS_VERSION_PATCH, - MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), - MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), -}; - -/* - * Serialize a session in the following format: - * (in the presentation language of TLS, RFC 8446 section 3) - * - * TLS 1.2 session: - * - * struct { - * #if defined(MBEDTLS_SSL_SESSION_TICKETS) - * opaque ticket<0..2^24-1>; // length 0 means no ticket - * uint32 ticket_lifetime; - * #endif - * } ClientOnlyData; - * - * struct { - * #if defined(MBEDTLS_HAVE_TIME) - * uint64 start_time; - * #endif - * uint8 session_id_len; // at most 32 - * opaque session_id[32]; - * opaque master[48]; // fixed length in the standard - * uint32 verify_result; - * #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert - * #else - * uint8 peer_cert_digest_type; - * opaque peer_cert_digest<0..2^8-1> - * #endif - * select (endpoint) { - * case client: ClientOnlyData; - * case server: uint64 ticket_creation_time; - * }; - * #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - * uint8 mfl_code; // up to 255 according to standard - * #endif - * #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - * uint8 encrypt_then_mac; // 0 or 1 - * #endif - * } serialized_session_tls12; - * - * - * TLS 1.3 Session: - * - * struct { - * #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - * opaque hostname<0..2^16-1>; - * #endif - * #if defined(MBEDTLS_HAVE_TIME) - * uint64 ticket_reception_time; - * #endif - * uint32 ticket_lifetime; - * opaque ticket<1..2^16-1>; - * } ClientOnlyData; - * - * struct { - * uint32 ticket_age_add; - * uint8 ticket_flags; - * opaque resumption_key<0..255>; - * #if defined(MBEDTLS_SSL_EARLY_DATA) - * uint32 max_early_data_size; - * #endif - * #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - * uint16 record_size_limit; - * #endif - * select ( endpoint ) { - * case client: ClientOnlyData; - * case server: - * #if defined(MBEDTLS_HAVE_TIME) - * uint64 ticket_creation_time; - * #endif - * #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - * opaque ticket_alpn<0..256>; - * #endif - * }; - * } serialized_session_tls13; - * - * - * SSL session: - * - * struct { - * - * opaque mbedtls_version[3]; // library version: major, minor, patch - * opaque session_format[2]; // library-version specific 16-bit field - * // determining the format of the remaining - * // serialized data. - * - * Note: When updating the format, remember to keep - * these version+format bytes. - * - * // In this version, `session_format` determines - * // the setting of those compile-time - * // configuration options which influence - * // the structure of mbedtls_ssl_session. - * - * uint8_t minor_ver; // Protocol minor version. Possible values: - * // - TLS 1.2 (0x0303) - * // - TLS 1.3 (0x0304) - * uint8_t endpoint; - * uint16_t ciphersuite; - * - * select (serialized_session.tls_version) { - * - * case MBEDTLS_SSL_VERSION_TLS1_2: - * serialized_session_tls12 data; - * case MBEDTLS_SSL_VERSION_TLS1_3: - * serialized_session_tls13 data; - * - * }; - * - * } serialized_session; - * - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_session_save(const mbedtls_ssl_session *session, - unsigned char omit_header, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; - size_t used = 0; - size_t remaining_len; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - size_t out_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif - if (session == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (!omit_header) { - /* - * Add Mbed TLS version identifier - */ - used += sizeof(ssl_serialized_session_header); - - if (used <= buf_len) { - memcpy(p, ssl_serialized_session_header, - sizeof(ssl_serialized_session_header)); - p += sizeof(ssl_serialized_session_header); - } - } - - /* - * TLS version identifier, endpoint, ciphersuite - */ - used += 1 /* TLS version */ - + 1 /* endpoint */ - + 2; /* ciphersuite */ - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->tls_version); - *p++ = session->endpoint; - MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); - p += 2; - } - - /* Forward to version-specific serialization routine. */ - remaining_len = (buf_len >= used) ? buf_len - used : 0; - switch (session->tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - used += ssl_tls12_session_save(session, p, remaining_len); - break; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - ret = ssl_tls13_session_save(session, p, remaining_len, &out_len); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - return ret; - } - used += out_len; - break; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - default: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - *olen = used; - if (used > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - return 0; -} - -/* - * Public wrapper for ssl_session_save() - */ -int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - return ssl_session_save(session, 0, buf, buf_len, olen); -} - -/* - * Deserialize session, see mbedtls_ssl_session_save() for format. - * - * This internal version is wrapped by a public function that cleans up in - * case of error, and has an extra option omit_header. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_session_load(mbedtls_ssl_session *session, - unsigned char omit_header, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - size_t remaining_len; - - - if (session == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (!omit_header) { - /* - * Check Mbed TLS version identifier - */ - - if ((size_t) (end - p) < sizeof(ssl_serialized_session_header)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (memcmp(p, ssl_serialized_session_header, - sizeof(ssl_serialized_session_header)) != 0) { - return MBEDTLS_ERR_SSL_VERSION_MISMATCH; - } - p += sizeof(ssl_serialized_session_header); - } - - /* - * TLS version identifier, endpoint, ciphersuite - */ - if (4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); - session->endpoint = *p++; - session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Dispatch according to TLS version. */ - remaining_len = (size_t) (end - p); - switch (session->tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - return ssl_tls12_session_load(session, p, remaining_len); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - return ssl_tls13_session_load(session, p, remaining_len); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - default: - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -} - -/* - * Deserialize session: public wrapper for error cleaning - */ -int mbedtls_ssl_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ - int ret = ssl_session_load(session, 0, buf, len); - - if (ret != 0) { - mbedtls_ssl_session_free(session); - } - - return ret; -} - -/* - * Perform a single step of the SSL handshake - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_handshake_step(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * We may have not been able to send to the peer all the handshake data - * that were written into the output buffer by the previous handshake step, - * if the write to the network callback returned with the - * #MBEDTLS_ERR_SSL_WANT_WRITE error code. - * We proceed to the next handshake step only when all data from the - * previous one have been sent to the peer, thus we make sure that this is - * the case here by calling `mbedtls_ssl_flush_output()`. The function may - * return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case - * we have to wait before to go ahead. - * In the case of TLS 1.3, handshake step handlers do not send data to the - * peer. Data are only sent here and through - * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an - * alert occurred. - */ - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { - if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - return ret; -} - -int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || - ssl->conf == NULL || - ssl->handshake == NULL || - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ret = ssl_prepare_handshake_step(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_handle_pending_alert(ssl); - if (ret != 0) { - goto cleanup; - } - - /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or - * MBEDTLS_SSL_IS_SERVER, this is the return code we give */ - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %s", - mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state))); - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - ret = 0; - break; - - case MBEDTLS_SSL_CLIENT_HELLO: - ret = mbedtls_ssl_write_client_hello(ssl); - break; - - default: -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - ret = mbedtls_ssl_tls13_handshake_client_step(ssl); - } else { - ret = mbedtls_ssl_handshake_client_step(ssl); - } -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) - ret = mbedtls_ssl_handshake_client_step(ssl); -#else - ret = mbedtls_ssl_tls13_handshake_client_step(ssl); -#endif - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - ret = mbedtls_ssl_tls13_handshake_server_step(ssl); - } else { - ret = mbedtls_ssl_handshake_server_step(ssl); - } -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) - ret = mbedtls_ssl_handshake_server_step(ssl); -#else - ret = mbedtls_ssl_tls13_handshake_server_step(ssl); -#endif - } -#endif /* MBEDTLS_SSL_SRV_C */ - - if (ret != 0) { - /* handshake_step return error. And it is same - * with alert_reason. - */ - if (ssl->send_alert) { - ret = mbedtls_ssl_handle_pending_alert(ssl); - goto cleanup; - } - } - -cleanup: - return ret; -} - -/* - * Perform the SSL handshake - */ -int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - /* Sanity checks */ - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("You must use " - "mbedtls_ssl_set_timer_cb() for DTLS")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake")); - - /* Main handshake loop */ - while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake_step(ssl); - - if (ret != 0) { - break; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake")); - - return ret; -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -#if defined(MBEDTLS_SSL_SRV_C) -/* - * Write HelloRequest to request renegotiation on server - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello request")); - - ssl->out_msglen = 4; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello request")); - - return 0; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/* - * Actually renegotiate current connection, triggered by either: - * - any side: calling mbedtls_ssl_renegotiate(), - * - client: receiving a HelloRequest during mbedtls_ssl_read(), - * - server: receiving any handshake message on server during mbedtls_ssl_read() after - * the initial handshake is completed. - * If the handshake doesn't complete due to waiting for I/O, it will continue - * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. - */ -int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> renegotiate")); - - if ((ret = ssl_handshake_init(ssl)) != 0) { - return ret; - } - - /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and - * the ServerHello will have message_seq = 1" */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->handshake->out_msg_seq = 1; - } else { - ssl->handshake->in_msg_seq = 1; - } - } -#endif - - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; - - if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= renegotiate")); - - return 0; -} - -/* - * Renegotiate current connection on client, - * or request renegotiation on server - */ -int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_SRV_C) - /* On server, just send the request */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; - - /* Did we already try/start sending HelloRequest? */ - if (ssl->out_left != 0) { - return mbedtls_ssl_flush_output(ssl); - } - - return ssl_write_hello_request(ssl); - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - /* - * On client, either start the renegotiation process or, - * if already in progress, continue the handshake - */ - if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", ret); - return ret; - } - } else { - if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - return ret; -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if (handshake == NULL) { - return; - } - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->group_list_heap_allocated) { - mbedtls_free((void *) handshake->group_list); - } - handshake->group_list = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->sig_algs_heap_allocated) { - mbedtls_free((void *) handshake->sig_algs); - } - handshake->sig_algs = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->handshake->certificate_request_context) { - mbedtls_free((void *) handshake->certificate_request_context); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&handshake->fin_sha256_psa); -#else - mbedtls_md_free(&handshake->fin_sha256); -#endif -#endif -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&handshake->fin_sha384_psa); -#else - mbedtls_md_free(&handshake->fin_sha384); -#endif -#endif - -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_free(&handshake->dhm_ctx); -#endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - mbedtls_ecdh_free(&handshake->ecdh_ctx); -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_pake_abort(&handshake->psa_pake_ctx); - /* - * Opaque keys are not stored in the handshake's data and it's the user - * responsibility to destroy them. Clear ones, instead, are created by - * the TLS library and should be destroyed at the same level - */ - if (!mbedtls_svc_key_id_is_null(handshake->psa_pake_password)) { - psa_destroy_key(handshake->psa_pake_password); - } - handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_ecjpake_free(&handshake->ecjpake_ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SSL_CLI_C) - mbedtls_free(handshake->ecjpake_cache); - handshake->ecjpake_cache = NULL; - handshake->ecjpake_cache_len = 0; -#endif -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - /* explicit void pointer cast for buggy MS compiler */ - mbedtls_free((void *) handshake->curves_tls_id); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - /* The maintenance of the external PSK key slot is the - * user's responsibility. */ - if (ssl->handshake->psk_opaque_is_internal) { - psa_destroy_key(ssl->handshake->psk_opaque); - ssl->handshake->psk_opaque_is_internal = 0; - } - ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -#else - if (handshake->psk != NULL) { - mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /* - * Free only the linked list wrapper, not the keys themselves - * since the belong to the SNI callback - */ - ssl_key_cert_free(handshake->sni_key_cert); -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx); - if (handshake->ecrs_peer_cert != NULL) { - mbedtls_x509_crt_free(handshake->ecrs_peer_cert); - mbedtls_free(handshake->ecrs_peer_cert); - } -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_free(&handshake->peer_pubkey); -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -#if defined(MBEDTLS_SSL_CLI_C) && \ - (defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) - mbedtls_free(handshake->cookie); -#endif /* MBEDTLS_SSL_CLI_C && - ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - mbedtls_ssl_flight_free(handshake->flight); - mbedtls_ssl_buffering_free(ssl); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) - if (handshake->xxdh_psa_privkey_is_external == 0) { - psa_destroy_key(handshake->xxdh_psa_privkey); - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_transform_free(handshake->transform_handshake); - mbedtls_free(handshake->transform_handshake); -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_transform_free(handshake->transform_earlydata); - mbedtls_free(handshake->transform_earlydata); -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* If the buffers are too big - reallocate. Because of the way Mbed TLS - * processes datagrams and the fact that a datagram is allowed to have - * several records in it, it is possible that the I/O buffers are not - * empty at this stage */ - handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl), - mbedtls_ssl_get_output_buflen(ssl)); -#endif - - /* mbedtls_platform_zeroize MUST be last one in this function */ - mbedtls_platform_zeroize(handshake, - sizeof(mbedtls_ssl_handshake_params)); -} - -void mbedtls_ssl_session_free(mbedtls_ssl_session *session) -{ - if (session == NULL) { - return; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_clear_peer_cert(session); -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - mbedtls_free(session->hostname); -#endif - mbedtls_free(session->ticket); -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && \ - defined(MBEDTLS_SSL_SRV_C) - mbedtls_free(session->ticket_alpn); -#endif - - mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); -} - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 1u -#else -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u -#else -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 0u -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_ALPN) -#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 1u -#else -#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 0u -#endif /* MBEDTLS_SSL_ALPN */ - -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT 0 -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT 1 -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT 2 -#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT 3 - -#define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG \ - ((uint32_t) ( \ - (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << \ - SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT) | \ - (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << \ - SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT) | \ - (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << \ - SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT) | \ - (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ - 0u)) - -static const unsigned char ssl_serialized_context_header[] = { - MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, - MBEDTLS_VERSION_PATCH, - MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), - MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), - MBEDTLS_BYTE_2(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), - MBEDTLS_BYTE_1(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), - MBEDTLS_BYTE_0(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), -}; - -/* - * Serialize a full SSL context - * - * The format of the serialized data is: - * (in the presentation language of TLS, RFC 8446 section 3) - * - * // header - * opaque mbedtls_version[3]; // major, minor, patch - * opaque context_format[5]; // version-specific field determining - * // the format of the remaining - * // serialized data. - * Note: When updating the format, remember to keep these - * version+format bytes. (We may make their size part of the API.) - * - * // session sub-structure - * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save() - * // transform sub-structure - * uint8 random[64]; // ServerHello.random+ClientHello.random - * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value - * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use - * // fields from ssl_context - * uint32 badmac_seen; // DTLS: number of records with failing MAC - * uint64 in_window_top; // DTLS: last validated record seq_num - * uint64 in_window; // DTLS: bitmask for replay protection - * uint8 disable_datagram_packing; // DTLS: only one record per datagram - * uint64 cur_out_ctr; // Record layer: outgoing sequence number - * uint16 mtu; // DTLS: path mtu (max outgoing fragment size) - * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol - * - * Note that many fields of the ssl_context or sub-structures are not - * serialized, as they fall in one of the following categories: - * - * 1. forced value (eg in_left must be 0) - * 2. pointer to dynamically-allocated memory (eg session, transform) - * 3. value can be re-derived from other data (eg session keys from MS) - * 4. value was temporary (eg content of input buffer) - * 5. value will be provided by the user again (eg I/O callbacks and context) - */ -int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; - size_t used = 0; - size_t session_len; - int ret = 0; - - /* - * Enforce usage restrictions, see "return BAD_INPUT_DATA" in - * this function's documentation. - * - * These are due to assumptions/limitations in the implementation. Some of - * them are likely to stay (no handshake in progress) some might go away - * (only DTLS) but are currently used to simplify the implementation. - */ - /* The initial handshake must be over */ - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (ssl->handshake != NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake isn't completed")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Double-check that sub-structures are indeed ready */ - if (ssl->transform == NULL || ssl->session == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Serialised structures aren't ready")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* There must be no pending incoming or outgoing data */ - if (mbedtls_ssl_check_pending(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending incoming data")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (ssl->out_left != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Protocol must be DTLS, not TLS */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Only DTLS is supported")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Version must be 1.2 */ - if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* We must be using an AEAD ciphersuite */ - if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Only AEAD ciphersuites supported")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Renegotiation must not be enabled */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Renegotiation must not be enabled")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif - - /* - * Version and format identifier - */ - used += sizeof(ssl_serialized_context_header); - - if (used <= buf_len) { - memcpy(p, ssl_serialized_context_header, - sizeof(ssl_serialized_context_header)); - p += sizeof(ssl_serialized_context_header); - } - - /* - * Session (length + data) - */ - ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - return ret; - } - - used += 4 + session_len; - if (used <= buf_len) { - MBEDTLS_PUT_UINT32_BE(session_len, p, 0); - p += 4; - - ret = ssl_session_save(ssl->session, 1, - p, session_len, &session_len); - if (ret != 0) { - return ret; - } - - p += session_len; - } - - /* - * Transform - */ - used += sizeof(ssl->transform->randbytes); - if (used <= buf_len) { - memcpy(p, ssl->transform->randbytes, - sizeof(ssl->transform->randbytes)); - p += sizeof(ssl->transform->randbytes); - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len; - if (used <= buf_len) { - *p++ = ssl->transform->in_cid_len; - memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len); - p += ssl->transform->in_cid_len; - - *p++ = ssl->transform->out_cid_len; - memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len); - p += ssl->transform->out_cid_len; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Saved fields from top-level ssl_context structure - */ - used += 4; - if (used <= buf_len) { - MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0); - p += 4; - } - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - used += 16; - if (used <= buf_len) { - MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0); - p += 8; - - MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0); - p += 8; - } -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - used += 1; - if (used <= buf_len) { - *p++ = ssl->disable_datagram_packing; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - if (used <= buf_len) { - memcpy(p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); - p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - used += 2; - if (used <= buf_len) { - MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0); - p += 2; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_ALPN) - { - const uint8_t alpn_len = ssl->alpn_chosen - ? (uint8_t) strlen(ssl->alpn_chosen) - : 0; - - used += 1 + alpn_len; - if (used <= buf_len) { - *p++ = alpn_len; - - if (ssl->alpn_chosen != NULL) { - memcpy(p, ssl->alpn_chosen, alpn_len); - p += alpn_len; - } - } - } -#endif /* MBEDTLS_SSL_ALPN */ - - /* - * Done - */ - *olen = used; - - if (used > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used); - - return mbedtls_ssl_session_reset_int(ssl, 0); -} - -/* - * Deserialize context, see mbedtls_ssl_context_save() for format. - * - * This internal version is wrapped by a public function that cleans up in - * case of error. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_context_load(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - size_t session_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - tls_prf_fn prf_func = NULL; -#endif - - /* - * The context should have been freshly setup or reset. - * Give the user an error in case of obvious misuse. - * (Checking session is useful because it won't be NULL if we're - * renegotiating, or if the user mistakenly loaded a session first.) - */ - if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST || - ssl->session != NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * We can't check that the config matches the initial one, but we can at - * least check it matches the requirements for serializing. - */ - if ( -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || -#endif - ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || - ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 - ) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "context to load", buf, len); - - /* - * Check version identifier - */ - if ((size_t) (end - p) < sizeof(ssl_serialized_context_header)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (memcmp(p, ssl_serialized_context_header, - sizeof(ssl_serialized_context_header)) != 0) { - return MBEDTLS_ERR_SSL_VERSION_MISMATCH; - } - p += sizeof(ssl_serialized_context_header); - - /* - * Session - */ - if ((size_t) (end - p) < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session_len = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - /* This has been allocated by ssl_handshake_init(), called by - * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */ - ssl->session = ssl->session_negotiate; - ssl->session_in = ssl->session; - ssl->session_out = ssl->session; - ssl->session_negotiate = NULL; - - if ((size_t) (end - p) < session_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ret = ssl_session_load(ssl->session, 1, p, session_len); - if (ret != 0) { - mbedtls_ssl_session_free(ssl->session); - return ret; - } - - p += session_len; - - /* - * Transform - */ - - /* This has been allocated by ssl_handshake_init(), called by - * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - ssl->transform = ssl->transform_negotiate; - ssl->transform_in = ssl->transform; - ssl->transform_out = ssl->transform; - ssl->transform_negotiate = NULL; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite); - if (prf_func == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Read random bytes and populate structure */ - if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ret = ssl_tls12_populate_transform(ssl->transform, - ssl->session->ciphersuite, - ssl->session->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - ssl->session->encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - prf_func, - p, /* currently pointing to randbytes */ - MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */ - ssl->conf->endpoint, - ssl); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - p += sizeof(ssl->transform->randbytes); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Read connection IDs and store them */ - if ((size_t) (end - p) < 1) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->transform->in_cid_len = *p++; - - if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len); - p += ssl->transform->in_cid_len; - - ssl->transform->out_cid_len = *p++; - - if ((size_t) (end - p) < ssl->transform->out_cid_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len); - p += ssl->transform->out_cid_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Saved fields from top-level ssl_context structure - */ - if ((size_t) (end - p) < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if ((size_t) (end - p) < 16) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->in_window_top = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - - ssl->in_window = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if ((size_t) (end - p) < 1) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->disable_datagram_packing = *p++; -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if ((size_t) (end - p) < sizeof(ssl->cur_out_ctr)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - memcpy(ssl->cur_out_ctr, p, sizeof(ssl->cur_out_ctr)); - p += sizeof(ssl->cur_out_ctr); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if ((size_t) (end - p) < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_ALPN) - { - uint8_t alpn_len; - const char **cur; - - if ((size_t) (end - p) < 1) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - alpn_len = *p++; - - if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { - /* alpn_chosen should point to an item in the configured list */ - for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { - if (strlen(*cur) == alpn_len && - memcmp(p, *cur, alpn_len) == 0) { - ssl->alpn_chosen = *cur; - break; - } - } - } - - /* can only happen on conf mismatch */ - if (alpn_len != 0 && ssl->alpn_chosen == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - p += alpn_len; - } -#endif /* MBEDTLS_SSL_ALPN */ - - /* - * Forced fields from top-level ssl_context structure - * - * Most of them already set to the correct value by mbedtls_ssl_init() and - * mbedtls_ssl_reset(), so we only need to set the remaining ones. - */ - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - - /* Adjust pointers for header fields of outgoing records to - * the given transform, accounting for explicit IV and CID. */ - mbedtls_ssl_update_out_pointers(ssl, ssl->transform); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - ssl->in_epoch = 1; -#endif - - /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated, - * which we don't want - otherwise we'd end up freeing the wrong transform - * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform() - * inappropriately. */ - if (ssl->handshake != NULL) { - mbedtls_ssl_handshake_free(ssl); - mbedtls_free(ssl->handshake); - ssl->handshake = NULL; - } - - /* - * Done - should have consumed entire buffer - */ - if (p != end) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return 0; -} - -/* - * Deserialize context: public wrapper for error cleaning - */ -int mbedtls_ssl_context_load(mbedtls_ssl_context *context, - const unsigned char *buf, - size_t len) -{ - int ret = ssl_context_load(context, buf, len); - - if (ret != 0) { - mbedtls_ssl_free(context); - } - - return ret; -} -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/* - * Free an SSL context - */ -void mbedtls_ssl_free(mbedtls_ssl_context *ssl) -{ - if (ssl == NULL) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> free")); - - if (ssl->out_buf != NULL) { -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len; -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - - mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len); - ssl->out_buf = NULL; - } - - if (ssl->in_buf != NULL) { -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - - mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len); - ssl->in_buf = NULL; - } - - if (ssl->transform) { - mbedtls_ssl_transform_free(ssl->transform); - mbedtls_free(ssl->transform); - } - - if (ssl->handshake) { - mbedtls_ssl_handshake_free(ssl); - mbedtls_free(ssl->handshake); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_transform_free(ssl->transform_negotiate); - mbedtls_free(ssl->transform_negotiate); -#endif - - mbedtls_ssl_session_free(ssl->session_negotiate); - mbedtls_free(ssl->session_negotiate); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_transform_free(ssl->transform_application); - mbedtls_free(ssl->transform_application); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (ssl->session) { - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - mbedtls_free(ssl->cli_id); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= free")); - - /* Actually clear after last debug message */ - mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context)); -} - -/* - * Initialize mbedtls_ssl_config - */ -void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) -{ - memset(conf, 0, sizeof(mbedtls_ssl_config)); -} - -/* The selection should be the same as mbedtls_x509_crt_profile_default in - * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: - * curves with a lower resource usage come first. - * See the documentation of mbedtls_ssl_conf_curves() for what we promise - * about this list. - */ -static const uint16_t ssl_preset_default_groups[] = { -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - MBEDTLS_SSL_IANA_TLS_GROUP_X25519, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - MBEDTLS_SSL_IANA_TLS_GROUP_X448, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_521) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, -#endif -#if defined(PSA_WANT_ALG_FFDH) - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, -#endif - MBEDTLS_SSL_IANA_TLS_GROUP_NONE -}; - -static const int ssl_preset_suiteb_ciphersuites[] = { - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - 0 -}; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* NOTICE: - * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following - * rules SHOULD be upheld. - * - No duplicate entries. - * - But if there is a good reason, do not change the order of the algorithms. - * - ssl_tls12_preset* is for TLS 1.2 use only. - * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. - */ -static const uint16_t ssl_preset_default_sig_algs[] = { - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_512) && \ - defined(PSA_WANT_ECC_SECP_R1_521) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512) -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_512) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_384) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif - -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_512) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_512 */ - -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */ - -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */ - - MBEDTLS_TLS_SIG_NONE -}; - -/* NOTICE: see above */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_default_sig_algs[] = { - -#if defined(PSA_WANT_ALG_SHA_512) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512), -#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512), -#endif -#endif /* PSA_WANT_ALG_SHA_512 */ - -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), -#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384), -#endif -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), -#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256), -#endif -#endif /* PSA_WANT_ALG_SHA_256 */ - - MBEDTLS_TLS_SIG_NONE -}; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -/* NOTICE: see above */ -static const uint16_t ssl_preset_suiteb_sig_algs[] = { - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) -#endif - - MBEDTLS_TLS_SIG_NONE -}; - -/* NOTICE: see above */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), -#endif -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), -#endif -#endif /* PSA_WANT_ALG_SHA_384 */ - - MBEDTLS_TLS_SIG_NONE -}; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -static const uint16_t ssl_preset_suiteb_groups[] = { -#if defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, -#endif - MBEDTLS_SSL_IANA_TLS_GROUP_NONE -}; - -#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` - * to make sure there are no duplicated signature algorithm entries. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs) -{ - size_t i, j; - int ret = 0; - - for (i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) { - for (j = 0; j < i; j++) { - if (sig_algs[i] != sig_algs[j]) { - continue; - } - mbedtls_printf(" entry(%04x,%" MBEDTLS_PRINTF_SIZET - ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", - sig_algs[i], j, i); - ret = -1; - } - } - return ret; -} - -#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Load default in mbedtls_ssl_config - */ -int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, - int endpoint, int transport, int preset) -{ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif - -#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) { - mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - - if (ssl_check_no_sig_alg_duplication(ssl_preset_default_sig_algs)) { - mbedtls_printf("ssl_preset_default_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_suiteb_sig_algs)) { - mbedtls_printf("ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - - if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_default_sig_algs)) { - mbedtls_printf("ssl_tls12_preset_default_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - /* Use the functions here so that they are covered in tests, - * but otherwise access member directly for efficiency */ - mbedtls_ssl_conf_endpoint(conf, endpoint); - mbedtls_ssl_conf_transport(conf, transport); - - /* - * Things that are common to all presets - */ -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; -#endif - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - conf->f_cookie_write = ssl_cookie_write_dummy; - conf->f_cookie_check = ssl_cookie_check_dummy; -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; - conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; - conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset(conf->renego_period, 0x00, 2); - memset(conf->renego_period + 2, 0xFF, 6); -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - const unsigned char dhm_p[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_g[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - - if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, - dhm_p, sizeof(dhm_p), - dhm_g, sizeof(dhm_g))) != 0) { - return ret; - } - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); -#endif -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_new_session_tickets( - conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS); -#endif - /* - * Allow all TLS 1.3 key exchange modes by default. - */ - conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; -#else - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#endif - } else { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; -#else - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#endif - } - - /* - * Preset-specific defaults - */ - switch (preset) { - /* - * NSA Suite B - */ - case MBEDTLS_SSL_PRESET_SUITEB: - - conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (mbedtls_ssl_conf_is_tls12_only(conf)) { - conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - conf->sig_algs = ssl_preset_suiteb_sig_algs; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif - conf->group_list = ssl_preset_suiteb_groups; - break; - - /* - * Default - */ - default: - - conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - conf->cert_profile = &mbedtls_x509_crt_profile_default; -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (mbedtls_ssl_conf_is_tls12_only(conf)) { - conf->sig_algs = ssl_tls12_preset_default_sig_algs; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - conf->sig_algs = ssl_preset_default_sig_algs; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif - conf->group_list = ssl_preset_default_groups; - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - conf->dhm_min_bitlen = 1024; -#endif - } - - return 0; -} - -/* - * Free mbedtls_ssl_config - */ -void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) -{ - if (conf == NULL) { - return; - } - -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (conf->psk != NULL) { - mbedtls_zeroize_and_free(conf->psk, conf->psk_len); - conf->psk = NULL; - conf->psk_len = 0; - } - - if (conf->psk_identity != NULL) { - mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); - conf->psk_identity = NULL; - conf->psk_identity_len = 0; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_key_cert_free(conf->key_cert); -#endif - - mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); -} - -#if defined(MBEDTLS_PK_C) && \ - (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)) -/* - * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX - */ -unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) -{ -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) { - return MBEDTLS_SSL_SIG_RSA; - } -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) - if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { - return MBEDTLS_SSL_SIG_ECDSA; - } -#endif - return MBEDTLS_SSL_SIG_ANON; -} - -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type) -{ - switch (type) { - case MBEDTLS_PK_RSA: - return MBEDTLS_SSL_SIG_RSA; - case MBEDTLS_PK_ECDSA: - case MBEDTLS_PK_ECKEY: - return MBEDTLS_SSL_SIG_ECDSA; - default: - return MBEDTLS_SSL_SIG_ANON; - } -} - -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) -{ - switch (sig) { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - return MBEDTLS_PK_RSA; -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) - case MBEDTLS_SSL_SIG_ECDSA: - return MBEDTLS_PK_ECDSA; -#endif - default: - return MBEDTLS_PK_NONE; - } -} -#endif /* MBEDTLS_PK_C && - ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */ - -/* - * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX - */ -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash) -{ - switch (hash) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_SSL_HASH_MD5: - return MBEDTLS_MD_MD5; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_SSL_HASH_SHA1: - return MBEDTLS_MD_SHA1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_SSL_HASH_SHA224: - return MBEDTLS_MD_SHA224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_HASH_SHA256: - return MBEDTLS_MD_SHA256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_HASH_SHA384: - return MBEDTLS_MD_SHA384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_SSL_HASH_SHA512: - return MBEDTLS_MD_SHA512; -#endif - default: - return MBEDTLS_MD_NONE; - } -} - -/* - * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX - */ -unsigned char mbedtls_ssl_hash_from_md_alg(int md) -{ - switch (md) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return MBEDTLS_SSL_HASH_MD5; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return MBEDTLS_SSL_HASH_SHA1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return MBEDTLS_SSL_HASH_SHA224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return MBEDTLS_SSL_HASH_SHA256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return MBEDTLS_SSL_HASH_SHA384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return MBEDTLS_SSL_HASH_SHA512; -#endif - default: - return MBEDTLS_SSL_HASH_NONE; - } -} - -/* - * Check if a curve proposed by the peer is in our list. - * Return 0 if we're willing to use it, -1 otherwise. - */ -int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id) -{ - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); - - if (group_list == NULL) { - return -1; - } - - for (; *group_list != 0; group_list++) { - if (*group_list == tls_id) { - return 0; - } - } - - return -1; -} - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -/* - * Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id. - */ -int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id) -{ - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - - if (tls_id == 0) { - return -1; - } - - return mbedtls_ssl_check_curve_tls_id(ssl, tls_id); -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -static const struct { - uint16_t tls_id; - mbedtls_ecp_group_id ecp_group_id; - psa_ecc_family_t psa_family; - uint16_t bits; -} tls_id_match_table[] = -{ -#if defined(PSA_WANT_ECC_SECP_R1_521) - { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_224) - { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_192) - { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_192) - { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 }, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 }, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 }, -#endif - { 0, MBEDTLS_ECP_DP_NONE, 0, 0 }, -}; - -int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, - psa_key_type_t *type, - size_t *bits) -{ - for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { - if (tls_id_match_table[i].tls_id == tls_id) { - if (type != NULL) { - *type = PSA_KEY_TYPE_ECC_KEY_PAIR(tls_id_match_table[i].psa_family); - } - if (bits != NULL) { - *bits = tls_id_match_table[i].bits; - } - return PSA_SUCCESS; - } - } - - return PSA_ERROR_NOT_SUPPORTED; -} - -mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id) -{ - for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { - if (tls_id_match_table[i].tls_id == tls_id) { - return tls_id_match_table[i].ecp_group_id; - } - } - - return MBEDTLS_ECP_DP_NONE; -} - -uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) -{ - for (int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE; - i++) { - if (tls_id_match_table[i].ecp_group_id == grp_id) { - return tls_id_match_table[i].tls_id; - } - } - - return 0; -} - -#if defined(MBEDTLS_DEBUG_C) -static const struct { - uint16_t tls_id; - const char *name; -} tls_id_curve_name_table[] = -{ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, - { 0, NULL }, -}; - -const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) -{ - for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { - if (tls_id_curve_name_table[i].tls_id == tls_id) { - return tls_id_curve_name_table[i].name; - } - } - - return NULL; -} -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t md, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *hash_operation_to_clone; - psa_hash_operation_t hash_operation = psa_hash_operation_init(); - - *olen = 0; - - switch (md) { -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - hash_operation_to_clone = &ssl->handshake->fin_sha384_psa; - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - hash_operation_to_clone = &ssl->handshake->fin_sha256_psa; - break; -#endif - - default: - goto exit; - } - - status = psa_hash_clone(hash_operation_to_clone, &hash_operation); - if (status != PSA_SUCCESS) { - goto exit; - } - - status = psa_hash_finish(&hash_operation, dst, dst_len, olen); - if (status != PSA_SUCCESS) { - goto exit; - } - -exit: -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ssl; -#endif - return PSA_TO_MBEDTLS_ERR(status); -} -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(PSA_WANT_ALG_SHA_384) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - int ret; - mbedtls_md_context_t sha384; - - if (dst_len < 48) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - mbedtls_md_init(&sha384); - ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_md_finish(&sha384, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); - goto exit; - } - - *olen = 48; - -exit: - - mbedtls_md_free(&sha384); - return ret; -} -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - int ret; - mbedtls_md_context_t sha256; - - if (dst_len < 32) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - mbedtls_md_init(&sha256); - ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); - goto exit; - } - - *olen = 32; - -exit: - - mbedtls_md_free(&sha256); - return ret; -} -#endif /* PSA_WANT_ALG_SHA_256 */ - -int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t md, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - switch (md) { - -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen); -#endif /* PSA_WANT_ALG_SHA_384*/ - -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return ssl_get_handshake_transcript_sha256(ssl, dst, dst_len, olen); -#endif /* PSA_WANT_ALG_SHA_256*/ - - default: -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ssl; - (void) dst; - (void) dst_len; - (void) olen; -#endif - break; - } - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* mbedtls_ssl_parse_sig_alg_ext() - * - * The `extension_data` field of signature algorithm contains a `SignatureSchemeList` - * value (TLS 1.3 RFC8446): - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; - * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; - * - * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm` - * value (TLS 1.2 RFC5246): - * enum { - * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), - * sha512(6), (255) - * } HashAlgorithm; - * - * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } - * SignatureAlgorithm; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2..2^16-2>; - * - * The TLS 1.3 signature algorithm extension was defined to be a compatible - * generalization of the TLS 1.2 signature algorithm extension. - * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by - * `SignatureScheme` field of TLS 1.3 - * - */ -int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t supported_sig_algs_len = 0; - const unsigned char *supported_sig_algs_end; - uint16_t sig_alg; - uint32_t common_idx = 0; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - supported_sig_algs_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - memset(ssl->handshake->received_sig_algs, 0, - sizeof(ssl->handshake->received_sig_algs)); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, supported_sig_algs_len); - supported_sig_algs_end = p + supported_sig_algs_len; - while (p < supported_sig_algs_end) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, supported_sig_algs_end, 2); - sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(4, ("received signature algorithm: 0x%x %s", - sig_alg, - mbedtls_ssl_sig_alg_to_str(sig_alg))); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - (!(mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg) && - mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)))) { - continue; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - MBEDTLS_SSL_DEBUG_MSG(4, ("valid signature algorithm: %s", - mbedtls_ssl_sig_alg_to_str(sig_alg))); - - if (common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE) { - ssl->handshake->received_sig_algs[common_idx] = sig_alg; - common_idx += 1; - } - } - /* Check that we consumed all the message. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Signature algorithms extension length misaligned")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (common_idx == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("no signature algorithm in common")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE; - return 0; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - -static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *raw_psk, size_t raw_psk_length, - const unsigned char *seed, size_t seed_length, - const unsigned char *label, size_t label_length, - const unsigned char *other_secret, - size_t other_secret_length, - size_t capacity) -{ - psa_status_t status; - - status = psa_key_derivation_setup(derivation, alg); - if (status != PSA_SUCCESS) { - return status; - } - - if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { - status = psa_key_derivation_input_bytes(derivation, - PSA_KEY_DERIVATION_INPUT_SEED, - seed, seed_length); - if (status != PSA_SUCCESS) { - return status; - } - - if (other_secret != NULL) { - status = psa_key_derivation_input_bytes(derivation, - PSA_KEY_DERIVATION_INPUT_OTHER_SECRET, - other_secret, other_secret_length); - if (status != PSA_SUCCESS) { - return status; - } - } - - if (mbedtls_svc_key_id_is_null(key)) { - status = psa_key_derivation_input_bytes( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - raw_psk, raw_psk_length); - } else { - status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key); - } - if (status != PSA_SUCCESS) { - return status; - } - - status = psa_key_derivation_input_bytes(derivation, - PSA_KEY_DERIVATION_INPUT_LABEL, - label, label_length); - if (status != PSA_SUCCESS) { - return status; - } - } else { - return PSA_ERROR_NOT_SUPPORTED; - } - - status = psa_key_derivation_set_capacity(derivation, capacity); - if (status != PSA_SUCCESS) { - return status; - } - - return PSA_SUCCESS; -} - -#if defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_generic(mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - psa_status_t status; - psa_algorithm_t alg; - mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if (md_type == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); - } else { - alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); - } - - /* Normally a "secret" should be long enough to be impossible to - * find by brute force, and in particular should not be empty. But - * this PRF is also used to derive an IV, in particular in EAP-TLS, - * and for this use case it makes sense to have a 0-length "secret". - * Since the key API doesn't allow importing a key of length 0, - * keep master_key=0, which setup_psa_key_derivation() understands - * to mean a 0-length "secret" input. */ - if (slen != 0) { - psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, secret, slen, &master_key); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } - - status = setup_psa_key_derivation(&derivation, - master_key, alg, - NULL, 0, - random, rlen, - (unsigned char const *) label, - (size_t) strlen(label), - NULL, 0, - dlen); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - psa_destroy_key(master_key); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_output_bytes(&derivation, dstbuf, dlen); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - psa_destroy_key(master_key); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_abort(&derivation); - if (status != PSA_SUCCESS) { - psa_destroy_key(master_key); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - if (!mbedtls_svc_key_id_is_null(master_key)) { - status = psa_destroy_key(master_key); - } - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - return 0; -} -#endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_MD_C) && \ - (defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384)) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_generic(mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - size_t nb; - size_t i, j, k, md_len; - unsigned char *tmp; - size_t tmp_len = 0; - unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init(&md_ctx); - - if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - md_len = mbedtls_md_get_size(md_info); - - tmp_len = md_len + strlen(label) + rlen; - tmp = mbedtls_calloc(1, tmp_len); - if (tmp == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - nb = strlen(label); - memcpy(tmp + md_len, label, nb); - memcpy(tmp + md_len + nb, random, rlen); - nb += rlen; - - /* - * Compute P_(secret, label + random)[0..dlen] - */ - if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { - goto exit; - } - - ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_finish(&md_ctx, tmp); - if (ret != 0) { - goto exit; - } - - for (i = 0; i < dlen; i += md_len) { - ret = mbedtls_md_hmac_reset(&md_ctx); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_finish(&md_ctx, h_i); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_md_hmac_reset(&md_ctx); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_finish(&md_ctx, tmp); - if (ret != 0) { - goto exit; - } - - k = (i + md_len > dlen) ? dlen % md_len : md_len; - - for (j = 0; j < k; j++) { - dstbuf[i + j] = h_i[j]; - } - } - -exit: - mbedtls_md_free(&md_ctx); - - if (tmp != NULL) { - mbedtls_platform_zeroize(tmp, tmp_len); - } - - mbedtls_platform_zeroize(h_i, sizeof(h_i)); - - mbedtls_free(tmp); - - return ret; -} -#endif /* MBEDTLS_MD_C && ( PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 ) */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha256(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen, - label, random, rlen, dstbuf, dlen); -} -#endif /* PSA_WANT_ALG_SHA_256*/ - -#if defined(PSA_WANT_ALG_SHA_384) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha384(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, - label, random, rlen, dstbuf, dlen); -} -#endif /* PSA_WANT_ALG_SHA_384*/ - -/* - * Set appropriate PRF function and other SSL / TLS1.2 functions - * - * Inputs: - * - hash associated with the ciphersuite (only used by TLS 1.2) - * - * Outputs: - * - the tls_prf, calc_verify and calc_finished members of handshake structure - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake, - mbedtls_md_type_t hash) -{ -#if defined(PSA_WANT_ALG_SHA_384) - if (hash == MBEDTLS_MD_SHA384) { - handshake->tls_prf = tls_prf_sha384; - handshake->calc_verify = ssl_calc_verify_tls_sha384; - handshake->calc_finished = ssl_calc_finished_tls_sha384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - { - (void) hash; - handshake->tls_prf = tls_prf_sha256; - handshake->calc_verify = ssl_calc_verify_tls_sha256; - handshake->calc_finished = ssl_calc_finished_tls_sha256; - } -#else - { - (void) handshake; - (void) hash; - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif - - return 0; -} - -/* - * Compute master secret if needed - * - * Parameters: - * [in/out] handshake - * [in] resume, premaster, extended_ms, calc_verify, tls_prf - * (PSA-PSK) ciphersuite_info, psk_opaque - * [out] premaster (cleared) - * [out] master - * [in] ssl: optionally used for debugging, EMS and PSA-PSK - * debug: conf->f_dbg, conf->p_dbg - * EMS: passed to calc_verify (debug + session_negotiate) - * PSA-PSA: conf - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, - unsigned char *master, - const mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* cf. RFC 5246, Section 8.1: - * "The master secret is always exactly 48 bytes in length." */ - size_t const master_secret_len = 48; - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - unsigned char session_hash[48]; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - - /* The label for the KDF used for key expansion. - * This is either "master secret" or "extended master secret" - * depending on whether the Extended Master Secret extension - * is used. */ - char const *lbl = "master secret"; - - /* The seed for the KDF used for key expansion. - * - If the Extended Master Secret extension is not used, - * this is ClientHello.Random + ServerHello.Random - * (see Sect. 8.1 in RFC 5246). - * - If the Extended Master Secret extension is used, - * this is the transcript of the handshake so far. - * (see Sect. 4 in RFC 7627). */ - unsigned char const *seed = handshake->randbytes; - size_t seed_len = 64; - -#if !defined(MBEDTLS_DEBUG_C) && \ - !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !(defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) - ssl = NULL; /* make sure we don't use it except for those cases */ - (void) ssl; -#endif - - if (handshake->resume != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("no premaster (session resumed)")); - return 0; - } - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { - lbl = "extended master secret"; - seed = session_hash; - ret = handshake->calc_verify(ssl, session_hash, &seed_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calc_verify", ret); - } - - MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret", - session_hash, seed_len); - } -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) { - /* Perform PSK-to-MS expansion in a single step. */ - psa_status_t status; - psa_algorithm_t alg; - mbedtls_svc_key_id_t psk; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - - MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); - - psk = mbedtls_ssl_get_opaque_psk(ssl); - - if (hash_alg == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } - - size_t other_secret_len = 0; - unsigned char *other_secret = NULL; - - switch (handshake->ciphersuite_info->key_exchange) { - /* Provide other secret. - * Other secret is stored in premaster, where first 2 bytes hold the - * length of the other key. - */ - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0); - other_secret = handshake->premaster + 2; - break; - default: - break; - } - - status = setup_psa_key_derivation(&derivation, psk, alg, - ssl->conf->psk, ssl->conf->psk_len, - seed, seed_len, - (unsigned char const *) lbl, - (size_t) strlen(lbl), - other_secret, other_secret_len, - master_secret_len); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_output_bytes(&derivation, - master, - master_secret_len); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_abort(&derivation); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } else -#endif - { -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - psa_status_t status; - psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PMS KDF for ECJPAKE")); - - handshake->pmslen = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE; - - status = psa_key_derivation_setup(&derivation, alg); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_set_capacity(&derivation, - PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx, - &derivation); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_output_bytes(&derivation, - handshake->premaster, - handshake->pmslen); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_abort(&derivation); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } -#endif - ret = handshake->tls_prf(handshake->premaster, handshake->pmslen, - lbl, seed, seed_len, - master, - master_secret_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "premaster secret", - handshake->premaster, - handshake->pmslen); - - mbedtls_platform_zeroize(handshake->premaster, - sizeof(handshake->premaster)); - } - - return 0; -} - -int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive keys")); - - /* Set PRF, calc_verify and calc_finished function pointers */ - ret = ssl_set_handshake_prfs(ssl->handshake, - (mbedtls_md_type_t) ciphersuite_info->mac); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret); - return ret; - } - - /* Compute master secret if needed */ - ret = ssl_compute_master(ssl->handshake, - ssl->session_negotiate->master, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_compute_master", ret); - return ret; - } - - /* Swap the client and server random values: - * - MS derivation wanted client+server (RFC 5246 8.1) - * - key derivation wants server+client (RFC 5246 6.3) */ - { - unsigned char tmp[64]; - memcpy(tmp, ssl->handshake->randbytes, 64); - memcpy(ssl->handshake->randbytes, tmp + 32, 32); - memcpy(ssl->handshake->randbytes + 32, tmp, 32); - mbedtls_platform_zeroize(tmp, sizeof(tmp)); - } - - /* Populate transform structure */ - ret = ssl_tls12_populate_transform(ssl->transform_negotiate, - ssl->session_negotiate->ciphersuite, - ssl->session_negotiate->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - ssl->session_negotiate->encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ssl->handshake->tls_prf, - ssl->handshake->randbytes, - ssl->tls_version, - ssl->conf->endpoint, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls12_populate_transform", ret); - return ret; - } - - /* We no longer need Server/ClientHello.random values */ - mbedtls_platform_zeroize(ssl->handshake->randbytes, - sizeof(ssl->handshake->randbytes)); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive keys")); - - return 0; -} - -int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) -{ - switch (md) { -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_HASH_SHA384: - ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; - break; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_HASH_SHA256: - ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; - break; -#endif - default: - return -1; - } -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ssl; -#endif - return 0; -} - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl, - const psa_hash_operation_t *hs_op, - size_t buffer_size, - unsigned char *hash, - size_t *hlen) -{ - psa_status_t status; - psa_hash_operation_t cloned_op = psa_hash_operation_init(); - -#if !defined(MBEDTLS_DEBUG_C) - (void) ssl; -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify")); - status = psa_hash_clone(hs_op, &cloned_op); - if (status != PSA_SUCCESS) { - goto exit; - } - - status = psa_hash_finish(&cloned_op, hash, buffer_size, hlen); - if (status != PSA_SUCCESS) { - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); - -exit: - psa_hash_abort(&cloned_op); - return mbedtls_md_error_from_psa(status); -} -#else -static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl, - const mbedtls_md_context_t *hs_ctx, - unsigned char *hash, - size_t *hlen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t cloned_ctx; - - mbedtls_md_init(&cloned_ctx); - -#if !defined(MBEDTLS_DEBUG_C) - (void) ssl; -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify")); - - ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&cloned_ctx, hs_ctx); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_md_finish(&cloned_ctx, hash); - if (ret != 0) { - goto exit; - } - - *hlen = mbedtls_md_get_size(mbedtls_md_info_from_ctx(hs_ctx)); - - MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - -exit: - mbedtls_md_free(&cloned_ctx); - return ret; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(PSA_WANT_ALG_SHA_256) -int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32, - hash, hlen); -#else - return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256, - hash, hlen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) -int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48, - hash, hlen); -#else - return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384, - hash, hlen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex) -{ - unsigned char *p = ssl->handshake->premaster; - unsigned char *end = p + sizeof(ssl->handshake->premaster); - const unsigned char *psk = NULL; - size_t psk_len = 0; - int psk_ret = mbedtls_ssl_get_psk(ssl, &psk, &psk_len); - - if (psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) { - /* - * This should never happen because the existence of a PSK is always - * checked before calling this function. - * - * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with - * the shared secret without PSK. - */ - if (key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } - - /* - * PMS = struct { - * opaque other_secret<0..2^16-1>; - * opaque psk<0..2^16-1>; - * }; - * with "other_secret" depending on the particular key exchange - */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) { - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_PUT_UINT16_BE(psk_len, p, 0); - p += 2; - - if (end < p || (size_t) (end - p) < psk_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(p, 0, psk_len); - p += psk_len; - } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Write length only when we know the actual value */ - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - p + 2, (size_t) (end - (p + 2)), &len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - MBEDTLS_PUT_UINT16_BE(len, p, 0); - p += 2 + len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t zlen; - - if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, - p + 2, (size_t) (end - (p + 2)), - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); - return ret; - } - - MBEDTLS_PUT_UINT16_BE(zlen, p, 0); - p += 2 + zlen; - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* opaque psk<0..2^16-1>; */ - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_PUT_UINT16_BE(psk_len, p, 0); - p += 2; - - if (end < p || (size_t) (end - p) < psk_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(p, psk, psk_len); - p += psk_len; - - ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster); - - return 0; -} -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_request(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl) -{ - /* If renegotiation is not enforced, retransmit until we would reach max - * timeout if we were using the usual handshake doubling scheme */ - if (ssl->conf->renego_max_records < 0) { - uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; - unsigned char doublings = 1; - - while (ratio != 0) { - ++doublings; - ratio >>= 1; - } - - if (++ssl->renego_records_seen > doublings) { - MBEDTLS_SSL_DEBUG_MSG(2, ("no longer retransmitting hello request")); - return 0; - } - } - - return ssl_write_hello_request(ssl); -} -#endif -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ - -/* - * Handshake functions - */ -#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* No certificate support -> dummy functions */ -int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - ssl->state++; - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Some certificate support -> implement write and parse */ - -int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t i, n; - const mbedtls_x509_crt *crt; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; - return 0; - } - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (ssl->handshake->client_auth == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; - return 0; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (mbedtls_ssl_own_cert(ssl) == NULL) { - /* Should never happen because we shouldn't have picked the - * ciphersuite if we don't have a certificate. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } -#endif - - MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl)); - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 6 length of all certs - * 7 . 9 length of cert. 1 - * 10 . n-1 peer certificate - * n . n+2 length of cert. 2 - * n+3 . ... upper level cert, etc. - */ - i = 7; - crt = mbedtls_ssl_own_cert(ssl); - - while (crt != NULL) { - n = crt->raw.len; - if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { - MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl->out_msg[i] = MBEDTLS_BYTE_2(n); - ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n); - ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n); - - i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n); - i += n; crt = crt->next; - } - - ssl->out_msg[4] = MBEDTLS_BYTE_2(i - 7); - ssl->out_msg[5] = MBEDTLS_BYTE_1(i - 7); - ssl->out_msg[6] = MBEDTLS_BYTE_0(i - 7); - - ssl->out_msglen = i; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; - - ssl->state++; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate")); - - return ret; -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len) -{ - mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; - - if (peer_crt == NULL) { - return -1; - } - - if (peer_crt->raw.len != crt_buf_len) { - return -1; - } - - return memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len); -} -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char const * const peer_cert_digest = - ssl->session->peer_cert_digest; - mbedtls_md_type_t const peer_cert_digest_type = - ssl->session->peer_cert_digest_type; - mbedtls_md_info_t const * const digest_info = - mbedtls_md_info_from_type(peer_cert_digest_type); - unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; - size_t digest_len; - - if (peer_cert_digest == NULL || digest_info == NULL) { - return -1; - } - - digest_len = mbedtls_md_get_size(digest_info); - if (digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN) { - return -1; - } - - ret = mbedtls_md(digest_info, crt_buf, crt_buf_len, tmp_digest); - if (ret != 0) { - return -1; - } - - return memcmp(tmp_digest, peer_cert_digest, digest_len); -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ - -/* - * Once the certificate message is read, parse it into a cert chain and - * perform basic checks, but leave actual verification to the caller - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *chain) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - int crt_cnt = 0; -#endif - size_t i, n; - uint8_t alert; - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - i = mbedtls_ssl_hs_hdr_len(ssl); - - /* - * Same message structure as in mbedtls_ssl_write_certificate() - */ - n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); - - if (ssl->in_msg[i] != 0 || - ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ - i += 3; - - /* Iterate through and parse the CRTs in the provided chain. */ - while (i < ssl->in_hslen) { - /* Check that there's room for the next CRT's length fields. */ - if (i + 3 > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - /* In theory, the CRT can be up to 2**24 Bytes, but we don't support - * anything beyond 2**16 ~ 64K. */ - if (ssl->in_msg[i] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - /* Read length of the next CRT in the chain. */ - n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); - i += 3; - - if (n < 128 || i + n > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Check if we're handling the first CRT in the chain. */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - if (crt_cnt++ == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - /* During client-side renegotiation, check that the server's - * end-CRTs hasn't changed compared to the initial handshake, - * mitigating the triple handshake attack. On success, reuse - * the original end-CRT instead of parsing it again. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("Check that peer CRT hasn't changed during renegotiation")); - if (ssl_check_peer_crt_unchanged(ssl, - &ssl->in_msg[i], - n) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("new server cert during renegotiation")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - /* Now we can safely free the original chain. */ - ssl_clear_peer_cert(ssl->session); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ - - /* Parse the next certificate in the chain. */ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n); -#else - /* If we don't need to store the CRT chain permanently, parse - * it in-place from the input buffer instead of making a copy. */ - ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n); -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - switch (ret) { - case 0: /*ok*/ - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: - /* Ignore certificate with an unknown algorithm: maybe a - prior certificate was already trusted. */ - break; - - case MBEDTLS_ERR_X509_ALLOC_FAILED: - alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; - goto crt_parse_der_failed; - - case MBEDTLS_ERR_X509_UNKNOWN_VERSION: - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - goto crt_parse_der_failed; - - default: - alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; -crt_parse_der_failed: - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - } - - i += n; - } - - MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", chain); - return 0; -} - -#if defined(MBEDTLS_SSL_SRV_C) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl) -{ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - return -1; - } - - if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && - memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer has no certificate")); - return 0; - } - return -1; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/* Check if a certificate message is expected. - * Return either - * - SSL_CERTIFICATE_EXPECTED, or - * - SSL_CERTIFICATE_SKIP - * indicating whether a Certificate message is expected or not. - */ -#define SSL_CERTIFICATE_EXPECTED 0 -#define SSL_CERTIFICATE_SKIP 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, - int authmode) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - return SSL_CERTIFICATE_SKIP; - } - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { - ssl->session_negotiate->verify_result = - MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return SSL_CERTIFICATE_SKIP; - } - } -#else - ((void) authmode); -#endif /* MBEDTLS_SSL_SRV_C */ - - return SSL_CERTIFICATE_EXPECTED; -} - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl, - unsigned char *start, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* Remember digest of the peer's end-CRT. */ - ssl->session_negotiate->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (ssl->session_negotiate->peer_cert_digest == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed", - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN)); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - start, len, - ssl->session_negotiate->peer_cert_digest); - - ssl->session_negotiate->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - ssl->session_negotiate->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl, - unsigned char *start, size_t len) -{ - unsigned char *end = start + len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Make a copy of the peer's raw public key. */ - mbedtls_pk_init(&ssl->handshake->peer_pubkey); - ret = mbedtls_pk_parse_subpubkey(&start, end, - &ssl->handshake->peer_pubkey); - if (ret != 0) { - /* We should have parsed the public key before. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return 0; -} -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) -{ - int ret = 0; - int crt_expected; - /* Authmode: precedence order is SNI if used else configuration */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -#else - const int authmode = ssl->conf->authmode; -#endif - void *rs_ctx = NULL; - mbedtls_x509_crt *chain = NULL; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - - crt_expected = ssl_parse_certificate_coordinate(ssl, authmode); - if (crt_expected == SSL_CERTIFICATE_SKIP) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - goto exit; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) { - chain = ssl->handshake->ecrs_peer_cert; - ssl->handshake->ecrs_peer_cert = NULL; - goto crt_verify; - } -#endif - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - /* mbedtls_ssl_read_record may have sent an alert already. We - let it decide whether to alert. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - goto exit; - } - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl_srv_check_client_no_crt_notification(ssl) == 0) { - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - - if (authmode != MBEDTLS_SSL_VERIFY_OPTIONAL) { - ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - - goto exit; - } -#endif /* MBEDTLS_SSL_SRV_C */ - - /* Clear existing peer CRT structure in case we tried to - * reuse a session but it failed, and allocate a new one. */ - ssl_clear_peer_cert(ssl->session_negotiate); - - chain = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (chain == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", - sizeof(mbedtls_x509_crt))); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_x509_crt_init(chain); - - ret = ssl_parse_certificate_chain(ssl, chain); - if (ret != 0) { - goto exit; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; - } - -crt_verify: - if (ssl->handshake->ecrs_enabled) { - rs_ctx = &ssl->handshake->ecrs_ctx; - } -#endif - - ret = mbedtls_ssl_verify_certificate(ssl, authmode, chain, - ssl->handshake->ciphersuite_info, - rs_ctx); - if (ret != 0) { - goto exit; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - { - unsigned char *crt_start, *pk_start; - size_t crt_len, pk_len; - - /* We parse the CRT chain without copying, so - * these pointers point into the input buffer, - * and are hence still valid after freeing the - * CRT chain. */ - - crt_start = chain->raw.p; - crt_len = chain->raw.len; - - pk_start = chain->pk_raw.p; - pk_len = chain->pk_raw.len; - - /* Free the CRT structures before computing - * digest and copying the peer's public key. */ - mbedtls_x509_crt_free(chain); - mbedtls_free(chain); - chain = NULL; - - ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len); - if (ret != 0) { - goto exit; - } - - ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len); - if (ret != 0) { - goto exit; - } - } -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Pass ownership to session structure. */ - ssl->session_negotiate->peer_cert = chain; - chain = NULL; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); - -exit: - - if (ret == 0) { - ssl->state++; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - ssl->handshake->ecrs_peer_cert = chain; - chain = NULL; - } -#endif - - if (chain != NULL) { - mbedtls_x509_crt_free(chain); - mbedtls_free(chain); - } - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, - unsigned char *padbuf, size_t hlen, - unsigned char *buf, int from) -{ - unsigned int len = 12; - const char *sender; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; - psa_hash_operation_t *hs_op = ctx; - psa_hash_operation_t cloned_op = PSA_HASH_OPERATION_INIT; - size_t hash_size; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t *hs_ctx = ctx; - mbedtls_md_context_t cloned_ctx; - mbedtls_md_init(&cloned_ctx); -#endif - - mbedtls_ssl_session *session = ssl->session_negotiate; - if (!session) { - session = ssl->session; - } - - sender = (from == MBEDTLS_SSL_IS_CLIENT) - ? "client finished" - : "server finished"; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls")); - - status = psa_hash_clone(hs_op, &cloned_op); - if (status != PSA_SUCCESS) { - goto exit; - } - - status = psa_hash_finish(&cloned_op, padbuf, hlen, &hash_size); - if (status != PSA_SUCCESS) { - goto exit; - } - MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen); -#else - MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls")); - - ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&cloned_ctx, hs_ctx); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_md_finish(&cloned_ctx, padbuf); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen); - - /* - * TLSv1.2: - * hash = PRF( master, finished_label, - * Hash( handshake ) )[0.11] - */ - ssl->handshake->tls_prf(session->master, 48, sender, - padbuf, hlen, buf, len); - - MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - - mbedtls_platform_zeroize(padbuf, hlen); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); - -exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&cloned_op); - return mbedtls_md_error_from_psa(status); -#else - mbedtls_md_free(&cloned_ctx); - return ret; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} - -#if defined(PSA_WANT_ALG_SHA_256) -static int ssl_calc_finished_tls_sha256( - mbedtls_ssl_context *ssl, unsigned char *buf, int from) -{ - unsigned char padbuf[32]; - return ssl_calc_finished_tls_generic(ssl, -#if defined(MBEDTLS_USE_PSA_CRYPTO) - &ssl->handshake->fin_sha256_psa, -#else - &ssl->handshake->fin_sha256, -#endif - padbuf, sizeof(padbuf), - buf, from); -} -#endif /* PSA_WANT_ALG_SHA_256*/ - - -#if defined(PSA_WANT_ALG_SHA_384) -static int ssl_calc_finished_tls_sha384( - mbedtls_ssl_context *ssl, unsigned char *buf, int from) -{ - unsigned char padbuf[48]; - return ssl_calc_finished_tls_generic(ssl, -#if defined(MBEDTLS_USE_PSA_CRYPTO) - &ssl->handshake->fin_sha384_psa, -#else - &ssl->handshake->fin_sha384, -#endif - padbuf, sizeof(padbuf), - buf, from); -} -#endif /* PSA_WANT_ALG_SHA_384*/ - -void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free")); - - /* - * Free our handshake params - */ - mbedtls_ssl_handshake_free(ssl); - mbedtls_free(ssl->handshake); - ssl->handshake = NULL; - - /* - * Free the previous transform and switch in the current one - */ - if (ssl->transform) { - mbedtls_ssl_transform_free(ssl->transform); - mbedtls_free(ssl->transform); - } - ssl->transform = ssl->transform_negotiate; - ssl->transform_negotiate = NULL; - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free")); -} - -void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - int resume = ssl->handshake->resume; - - MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup")); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; - ssl->renego_records_seen = 0; - } -#endif - - /* - * Free the previous session and switch in the current one - */ - if (ssl->session) { -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - /* RFC 7366 3.1: keep the EtM state */ - ssl->session_negotiate->encrypt_then_mac = - ssl->session->encrypt_then_mac; -#endif - - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - } - ssl->session = ssl->session_negotiate; - ssl->session_negotiate = NULL; - - /* - * Add cache entry - */ - if (ssl->conf->f_set_cache != NULL && - ssl->session->id_len != 0 && - resume == 0) { - if (ssl->conf->f_set_cache(ssl->conf->p_cache, - ssl->session->id, - ssl->session->id_len, - ssl->session) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cache did not store session")); - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->flight != NULL) { - /* Cancel handshake timer */ - mbedtls_ssl_set_timer(ssl, 0); - - /* Keep last flight around in case we need to resend it: - * we need the handshake and transform structures for that */ - MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform")); - } else -#endif - mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); -} - -int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) -{ - int ret; - unsigned int hash_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished")); - - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate); - - ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); - } - - /* - * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites - * may define some other value. Currently (early 2016), no defined - * ciphersuite does this (and this is unlikely to change as activity has - * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. - */ - hash_len = 12; - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->verify_data_len = hash_len; - memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len); -#endif - - ssl->out_msglen = 4 + hash_len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; - - /* - * In case of session resuming, invert the client and server - * ChangeCipherSpec messages order. - */ - if (ssl->handshake->resume != 0) { -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; - } -#endif -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; - } -#endif - } else { - ssl->state++; - } - - /* - * Switch to our negotiated transform and session parameters for outbound - * data. - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data")); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - unsigned char i; - - /* Remember current epoch settings for resending */ - ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, - sizeof(ssl->handshake->alt_out_ctr)); - - /* Set sequence_number to zero */ - memset(&ssl->cur_out_ctr[2], 0, sizeof(ssl->cur_out_ctr) - 2); - - - /* Increment epoch */ - for (i = 2; i > 0; i--) { - if (++ssl->cur_out_ctr[i - 1] != 0) { - break; - } - } - - /* The loop goes to its end iff the counter is wrapping */ - if (i == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); - - ssl->transform_out = ssl->transform_negotiate; - ssl->session_out = ssl->session_negotiate; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_send_flight_completed(ssl); - } -#endif - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished")); - - return 0; -} - -#define SSL_MAX_HASH_LEN 12 - -int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int hash_len = 12; - unsigned char buf[SSL_MAX_HASH_LEN]; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished")); - - ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); - } - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - goto exit; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto exit; - } - - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto exit; - } - - if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - ret = MBEDTLS_ERR_SSL_DECODE_ERROR; - goto exit; - } - - if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), - buf, hash_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto exit; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->verify_data_len = hash_len; - memcpy(ssl->peer_verify_data, buf, hash_len); -#endif - - if (ssl->handshake->resume != 0) { -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; - } -#endif -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; - } -#endif - } else { - ssl->state++; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_recv_flight_completed(ssl); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished")); - -exit: - mbedtls_platform_zeroize(buf, hash_len); - return ret; -} - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -/* - * Helper to get TLS 1.2 PRF from ciphersuite - * (Duplicates bits of logic from ssl_set_handshake_prfs().) - */ -static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) -{ - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - return tls_prf_sha384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - { - if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256) { - return tls_prf_sha256; - } - } -#endif -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ciphersuite_info; -#endif - - return NULL; -} -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf) -{ - ((void) tls_prf); -#if defined(PSA_WANT_ALG_SHA_384) - if (tls_prf == tls_prf_sha384) { - return MBEDTLS_SSL_TLS_PRF_SHA384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - if (tls_prf == tls_prf_sha256) { - return MBEDTLS_SSL_TLS_PRF_SHA256; - } else -#endif - return MBEDTLS_SSL_TLS_PRF_NONE; -} - -/* - * Populate a transform structure with session keys and all the other - * necessary information. - * - * Parameters: - * - [in/out]: transform: structure to populate - * [in] must be just initialised with mbedtls_ssl_transform_init() - * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf() - * - [in] ciphersuite - * - [in] master - * - [in] encrypt_then_mac - * - [in] tls_prf: pointer to PRF to use for key derivation - * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random - * - [in] tls_version: TLS version - * - [in] endpoint: client or server - * - [in] ssl: used for: - * - ssl->conf->{f,p}_export_keys - * [in] optionally used for: - * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - mbedtls_ssl_protocol_version tls_version, - unsigned endpoint, - const mbedtls_ssl_context *ssl) -{ - int ret = 0; - unsigned char keyblk[256]; - unsigned char *key1; - unsigned char *key2; - unsigned char *mac_enc; - unsigned char *mac_dec; - size_t mac_key_len = 0; - size_t iv_copy_len; - size_t keylen; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - mbedtls_ssl_mode_t ssl_mode; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_algorithm_t mac_alg = 0; - size_t key_bits; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - - /* - * Some data just needs copying into the structure - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - transform->encrypt_then_mac = encrypt_then_mac; -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - transform->tls_version = tls_version; - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform - * generation separate. This should never happen. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* - * Get various info structures - */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); - if (ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found", - ciphersuite)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ciphersuite_info); - - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - transform->taglen = - ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, - transform->taglen, - &alg, - &key_type, - &key_bits)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret); - goto end; - } -#else - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) ciphersuite_info->cipher); - if (cipher_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", - ciphersuite_info->cipher)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - if (mac_alg == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", - (unsigned) ciphersuite_info->mac)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#else - md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - if (md_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found", - (unsigned) ciphersuite_info->mac)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Copy own and peer's CID if the use of the CID - * extension has been negotiated. */ - if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform")); - - transform->in_cid_len = ssl->own_cid_len; - memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid, - transform->in_cid_len); - - transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy(transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid, - transform->out_cid_len); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Compute key block using the PRF - */ - ret = tls_prf(master, 48, "key expansion", randbytes, 64, keyblk, 256); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite = %s", - mbedtls_ssl_get_ciphersuite_name(ciphersuite))); - MBEDTLS_SSL_DEBUG_BUF(3, "master secret", master, 48); - MBEDTLS_SSL_DEBUG_BUF(4, "random bytes", randbytes, 64); - MBEDTLS_SSL_DEBUG_BUF(4, "key block", keyblk, 256); - - /* - * Determine the appropriate key, IV and MAC length. - */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - keylen = PSA_BITS_TO_BYTES(key_bits); -#else - keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; -#endif - -#if defined(MBEDTLS_SSL_HAVE_AEAD) - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - size_t explicit_ivlen; - - transform->maclen = 0; - mac_key_len = 0; - - /* All modes haves 96-bit IVs, but the length of the static parts vary - * with mode and version: - * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes - * (to be concatenated with a dynamically chosen IV of 8 Bytes) - * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's - * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record - * sequence number). - */ - transform->ivlen = 12; - - int is_chachapoly = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - is_chachapoly = (key_type == PSA_KEY_TYPE_CHACHA20); -#else - is_chachapoly = (mbedtls_cipher_info_get_mode(cipher_info) - == MBEDTLS_MODE_CHACHAPOLY); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (is_chachapoly) { - transform->fixed_ivlen = 12; - } else { - transform->fixed_ivlen = 4; - } - - /* Minimum length of encrypted record */ - explicit_ivlen = transform->ivlen - transform->fixed_ivlen; - transform->minlen = explicit_ivlen + transform->taglen; - } else -#endif /* MBEDTLS_SSL_HAVE_AEAD */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || - ssl_mode == MBEDTLS_SSL_MODE_CBC || - ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type); -#else - size_t block_size = mbedtls_cipher_info_get_block_size(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Get MAC length */ - mac_key_len = PSA_HASH_LENGTH(mac_alg); -#else - /* Initialize HMAC contexts */ - if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 || - (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); - goto end; - } - - /* Get MAC length */ - mac_key_len = mbedtls_md_get_size(md_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - transform->maclen = mac_key_len; - - /* IV length */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg); -#else - transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* Minimum length */ - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { - transform->minlen = transform->maclen; - } else { - /* - * GenericBlockCipher: - * 1. if EtM is in use: one block plus MAC - * otherwise: * first multiple of blocklen greater than maclen - * 2. IV - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - transform->minlen = transform->maclen - + block_size; - } else -#endif - { - transform->minlen = transform->maclen - + block_size - - transform->maclen % block_size; - } - - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - transform->minlen += transform->ivlen; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - } - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("keylen: %u, minlen: %u, ivlen: %u, maclen: %u", - (unsigned) keylen, - (unsigned) transform->minlen, - (unsigned) transform->ivlen, - (unsigned) transform->maclen)); - - /* - * Finally setup the cipher contexts, IVs and MAC secrets. - */ -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - key1 = keyblk + mac_key_len * 2; - key2 = keyblk + mac_key_len * 2 + keylen; - - mac_enc = keyblk; - mac_dec = keyblk + mac_key_len; - - iv_copy_len = (transform->fixed_ivlen) ? - transform->fixed_ivlen : transform->ivlen; - memcpy(transform->iv_enc, key2 + keylen, iv_copy_len); - memcpy(transform->iv_dec, key2 + keylen + iv_copy_len, - iv_copy_len); - } else -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - key1 = keyblk + mac_key_len * 2 + keylen; - key2 = keyblk + mac_key_len * 2; - - mac_enc = keyblk + mac_key_len; - mac_dec = keyblk; - - iv_copy_len = (transform->fixed_ivlen) ? - transform->fixed_ivlen : transform->ivlen; - memcpy(transform->iv_dec, key1 + keylen, iv_copy_len); - memcpy(transform->iv_enc, key1 + keylen + iv_copy_len, - iv_copy_len); - } else -#endif /* MBEDTLS_SSL_SRV_C */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys(ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, - master, 48, - randbytes + 32, - randbytes, - tls_prf_get_type(tls_prf)); - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - transform->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - if ((status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_enc)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status); - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret); - goto end; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - if ((status = psa_import_key(&attributes, - key2, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_dec)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret); - goto end; - } - } -#else - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - goto end; - } - - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - goto end; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - goto end; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - goto end; - } - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (mbedtls_cipher_info_get_mode(cipher_info) == MBEDTLS_MODE_CBC) { - if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc, - MBEDTLS_PADDING_NONE)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); - goto end; - } - - if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec, - MBEDTLS_PADDING_NONE)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); - goto end; - } - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - /* For HMAC-based ciphersuites, initialize the HMAC transforms. - For AEAD-based ciphersuites, there is nothing to do here. */ - if (mac_key_len != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg); - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(mac_alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - if ((status = psa_import_key(&attributes, - mac_enc, mac_key_len, - &transform->psa_mac_enc)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); - goto end; - } - - if ((transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) || - ((transform->psa_alg == PSA_ALG_CBC_NO_PADDING) -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - && (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) -#endif - )) { - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - } else { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - } - - if ((status = psa_import_key(&attributes, - mac_dec, mac_key_len, - &transform->psa_mac_dec)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); - goto end; - } -#else - ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len); - if (ret != 0) { - goto end; - } - ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len); - if (ret != 0) { - goto end; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - ((void) mac_dec); - ((void) mac_enc); - -end: - mbedtls_platform_zeroize(keyblk, sizeof(keyblk)); - return ret; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_psa_ecjpake_read_round( - psa_pake_operation_t *pake_ctx, - const unsigned char *buf, - size_t len, mbedtls_ecjpake_rounds_t round) -{ - psa_status_t status; - size_t input_offset = 0; - /* - * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice - * At round two perform a single cycle - */ - unsigned int remaining_steps = (round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1; - - for (; remaining_steps > 0; remaining_steps--) { - for (psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; - step <= PSA_PAKE_STEP_ZK_PROOF; - ++step) { - /* Length is stored at the first byte */ - size_t length = buf[input_offset]; - input_offset += 1; - - if (input_offset + length > len) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - status = psa_pake_input(pake_ctx, step, - buf + input_offset, length); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - input_offset += length; - } - } - - if (input_offset != len) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - return 0; -} - -int mbedtls_psa_ecjpake_write_round( - psa_pake_operation_t *pake_ctx, - unsigned char *buf, - size_t len, size_t *olen, - mbedtls_ecjpake_rounds_t round) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; - /* - * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice - * At round two perform a single cycle - */ - unsigned int remaining_steps = (round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1; - - for (; remaining_steps > 0; remaining_steps--) { - for (psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; - step <= PSA_PAKE_STEP_ZK_PROOF; - ++step) { - /* - * For each step, prepend 1 byte with the length of the data as - * given by psa_pake_output(). - */ - status = psa_pake_output(pake_ctx, step, - buf + output_offset + 1, - len - output_offset - 1, - &output_len); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *(buf + output_offset) = (uint8_t) output_len; - - output_offset += output_len + 1; - } - } - - *olen = output_offset; - - return 0; -} -#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg) -{ - psa_status_t status; - psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); - - if ((status = psa_hash_setup(&hash_operation, - hash_alg)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_setup", status); - goto exit; - } - - if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes, - 64)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); - goto exit; - } - - if ((status = psa_hash_update(&hash_operation, - data, data_len)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); - goto exit; - } - - if ((status = psa_hash_finish(&hash_operation, hash, PSA_HASH_MAX_SIZE, - hashlen)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_finish", status); - goto exit; - } - -exit: - if (status != PSA_SUCCESS) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - switch (status) { - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - } - return 0; -} - -#else - -int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg) -{ - int ret = 0; - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); - *hashlen = mbedtls_md_get_size(md_info); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange")); - - mbedtls_md_init(&ctx); - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); - goto exit; - } - if ((ret = mbedtls_md_starts(&ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret); - goto exit; - } - if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); - goto exit; - } - if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); - goto exit; - } - if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); - goto exit; - } - -exit: - mbedtls_md_free(&ctx); - - if (ret != 0) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - } - - return ret; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/* Find the preferred hash for a given signature algorithm. */ -unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - mbedtls_ssl_context *ssl, - unsigned int sig_alg) -{ - unsigned int i; - uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; - - if (sig_alg == MBEDTLS_SSL_SIG_ANON) { - return MBEDTLS_SSL_HASH_NONE; - } - - for (i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) { - unsigned int hash_alg_received = - MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG( - received_sig_algs[i]); - unsigned int sig_alg_received = - MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG( - received_sig_algs[i]); - - mbedtls_md_type_t md_alg = - mbedtls_ssl_md_alg_from_hash((unsigned char) hash_alg_received); - if (md_alg == MBEDTLS_MD_NONE) { - continue; - } - - if (sig_alg == sig_alg_received) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { - psa_algorithm_t psa_hash_alg = - mbedtls_md_psa_alg_from_type(md_alg); - - if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, - PSA_ALG_ECDSA(psa_hash_alg), - PSA_KEY_USAGE_SIGN_HASH)) { - continue; - } - - if (sig_alg_received == MBEDTLS_SSL_SIG_RSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, - PSA_ALG_RSA_PKCS1V15_SIGN( - psa_hash_alg), - PSA_KEY_USAGE_SIGN_HASH)) { - continue; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - return hash_alg_received; - } - } - - return MBEDTLS_SSL_HASH_NONE; -} - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -int mbedtls_ssl_validate_ciphersuite( - const mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *suite_info, - mbedtls_ssl_protocol_version min_tls_version, - mbedtls_ssl_protocol_version max_tls_version) -{ - (void) ssl; - - if (suite_info == NULL) { - return -1; - } - - if ((suite_info->min_tls_version > max_tls_version) || - (suite_info->max_tls_version < min_tls_version)) { - return -1; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - ssl->handshake->psa_pake_ctx_is_ok != 1) -#else - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - return -1; - } -#endif - - /* Don't suggest PSK-based ciphersuite if no PSK is available. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && - mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { - return -1; - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - return 0; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Function for writing a signature algorithm extension. - * - * The `extension_data` field of signature algorithm contains a `SignatureSchemeList` - * value (TLS 1.3 RFC8446): - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; - * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; - * - * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm` - * value (TLS 1.2 RFC5246): - * enum { - * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), - * sha512(6), (255) - * } HashAlgorithm; - * - * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } - * SignatureAlgorithm; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2..2^16-2>; - * - * The TLS 1.3 signature algorithm extension was defined to be a compatible - * generalization of the TLS 1.2 signature algorithm extension. - * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by - * `SignatureScheme` field of TLS 1.3 - * - */ -int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *out_len) -{ - unsigned char *p = buf; - unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ - size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("adding signature_algorithms extension")); - - /* Check if we have space for header and length field: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - supported_signature_algorithms_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - - /* - * Write supported_signature_algorithms - */ - supported_sig_alg = p; - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); - if (sig_alg == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { - MBEDTLS_SSL_DEBUG_MSG(3, ("got signature scheme [%x] %s", - *sig_alg, - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) { - continue; - } - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(*sig_alg, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, ("sent signature scheme [%x] %s", - *sig_alg, - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - } - - /* Length of supported_signature_algorithms */ - supported_sig_alg_len = (size_t) (p - supported_sig_alg); - if (supported_sig_alg_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No signature algorithms defined.")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SIG_ALG, buf, 0); - MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len + 2, buf, 2); - MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len, buf, 4); - - *out_len = (size_t) (p - buf); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -/* - * mbedtls_ssl_parse_server_name_ext - * - * Structure of server_name extension: - * - * enum { - * host_name(0), (255) - * } NameType; - * opaque HostName<1..2^16-1>; - * - * struct { - * NameType name_type; - * select (name_type) { - * case host_name: HostName; - * } name; - * } ServerName; - * struct { - * ServerName server_name_list<1..2^16-1> - * } ServerNameList; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - size_t server_name_list_len, hostname_len; - const unsigned char *server_name_list_end; - - MBEDTLS_SSL_DEBUG_MSG(3, ("parse ServerName extension")); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - server_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, server_name_list_len); - server_name_list_end = p + server_name_list_len; - while (p < server_name_list_end) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, server_name_list_end, 3); - hostname_len = MBEDTLS_GET_UINT16_BE(p, 1); - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, server_name_list_end, - hostname_len + 3); - - if (p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) { - /* sni_name is intended to be used only during the parsing of the - * ClientHello message (it is reset to NULL before the end of - * the message parsing). Thus it is ok to just point to the - * reception buffer and not make a copy of it. - */ - ssl->handshake->sni_name = p + 3; - ssl->handshake->sni_name_len = hostname_len; - if (ssl->conf->f_sni == NULL) { - return 0; - } - ret = ssl->conf->f_sni(ssl->conf->p_sni, - ssl, p + 3, hostname_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_sni_wrapper", ret); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME, - MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME); - return MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME; - } - return 0; - } - - p += hostname_len + 3; - } - - return 0; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t protocol_name_list_len; - const unsigned char *protocol_name_list; - const unsigned char *protocol_name_list_end; - size_t protocol_name_len; - - /* If ALPN not configured, just ignore the extension */ - if (ssl->conf->alpn_list == NULL) { - return 0; - } - - /* - * RFC7301, section 3.1 - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - */ - - /* - * protocol_name_list_len 2 bytes - * protocol_name_len 1 bytes - * protocol_name >=1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4); - - protocol_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, protocol_name_list_len); - protocol_name_list = p; - protocol_name_list_end = p + protocol_name_list_len; - - /* Validate peer's list (lengths) */ - while (p < protocol_name_list_end) { - protocol_name_len = *p++; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, - protocol_name_len); - if (protocol_name_len == 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - p += protocol_name_len; - } - - /* Use our order of preference */ - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { - size_t const alpn_len = strlen(*alpn); - p = protocol_name_list; - while (p < protocol_name_list_end) { - protocol_name_len = *p++; - if (protocol_name_len == alpn_len && - memcmp(p, *alpn, alpn_len) == 0) { - ssl->alpn_chosen = *alpn; - return 0; - } - - p += protocol_name_len; - } - } - - /* If we get here, no match was found */ - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL, - MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL); - return MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL; -} - -int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - size_t protocol_name_len; - *out_len = 0; - - if (ssl->alpn_chosen == NULL) { - return 0; - } - - protocol_name_len = strlen(ssl->alpn_chosen); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 7 + protocol_name_len); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server side, adding alpn extension")); - /* - * 0 . 1 ext identifier - * 2 . 3 ext length - * 4 . 5 protocol list length - * 6 . 6 protocol name length - * 7 . 7+n protocol name - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0); - - *out_len = 7 + protocol_name_len; - - MBEDTLS_PUT_UINT16_BE(protocol_name_len + 3, p, 2); - MBEDTLS_PUT_UINT16_BE(protocol_name_len + 1, p, 4); - /* Note: the length of the chosen protocol has been checked to be less - * than 255 bytes in `mbedtls_ssl_conf_alpn_protocols`. - */ - p[6] = MBEDTLS_BYTE_0(protocol_name_len); - - memcpy(p + 7, ssl->alpn_chosen, protocol_name_len); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, - const char *hostname) -{ - /* Initialize to suppress unnecessary compiler warning */ - size_t hostname_len = 0; - - /* Check if new hostname is valid before - * making any change to current one */ - if (hostname != NULL) { - hostname_len = strlen(hostname); - - if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - /* Now it's clear that we will overwrite the old hostname, - * so we can free it safely */ - if (session->hostname != NULL) { - mbedtls_zeroize_and_free(session->hostname, - strlen(session->hostname)); - } - - /* Passing NULL as hostname shall clear the old one */ - if (hostname == NULL) { - session->hostname = NULL; - } else { - session->hostname = mbedtls_calloc(1, hostname_len + 1); - if (session->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->hostname, hostname, hostname_len); - } - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_SERVER_NAME_INDICATION && - MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) && \ - defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session, - const char *alpn) -{ - size_t alpn_len = 0; - - if (alpn != NULL) { - alpn_len = strlen(alpn); - - if (alpn_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - if (session->ticket_alpn != NULL) { - mbedtls_zeroize_and_free(session->ticket_alpn, - strlen(session->ticket_alpn)); - session->ticket_alpn = NULL; - } - - if (alpn != NULL) { - session->ticket_alpn = mbedtls_calloc(alpn_len + 1, 1); - if (session->ticket_alpn == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->ticket_alpn, alpn, alpn_len); - } - - return 0; -} -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ - -/* - * The following functions are used by 1.2 and 1.3, client and server. - */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int recv_endpoint, - mbedtls_ssl_protocol_version tls_version, - uint32_t *flags) -{ - int ret = 0; - unsigned int usage = 0; - const char *ext_oid; - size_t ext_len; - - /* - * keyUsage - */ - - /* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants - * to check what a compliant client will think while choosing which cert - * to send to the client. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { - /* TLS 1.2 server part of the key exchange */ - switch (ciphersuite->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - break; - - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - break; - - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - usage = MBEDTLS_X509_KU_KEY_AGREEMENT; - break; - - /* Don't use default: we want warnings when adding new values */ - case MBEDTLS_KEY_EXCHANGE_NONE: - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - usage = 0; - } - } else -#endif - { - /* This is either TLS 1.3 authentication, which always uses signatures, - * or 1.2 client auth: rsa_sign and mbedtls_ecdsa_sign are the only - * options we implement, both using signatures. */ - (void) tls_version; - (void) ciphersuite; - usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - } - - if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) { - *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; - ret = -1; - } - - /* - * extKeyUsage - */ - - if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { - ext_oid = MBEDTLS_OID_SERVER_AUTH; - ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); - } else { - ext_oid = MBEDTLS_OID_CLIENT_AUTH; - ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH); - } - - if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) { - *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; - ret = -1; - } - - return ret; -} - -int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info, - void *rs_ctx) -{ - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { - return 0; - } - - /* - * Primary check: use the appropriate X.509 verification function - */ - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); - void *p_vrfy; - if (ssl->f_vrfy != NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback")); - f_vrfy = ssl->f_vrfy; - p_vrfy = ssl->p_vrfy; - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback")); - f_vrfy = ssl->conf->f_vrfy; - p_vrfy = ssl->conf->p_vrfy; - } - - int ret = 0; - int have_ca_chain_or_callback = 0; -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (ssl->conf->f_ca_cb != NULL) { - ((void) rs_ctx); - have_ca_chain_or_callback = 1; - - MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification")); - ret = mbedtls_x509_crt_verify_with_ca_cb( - chain, - ssl->conf->f_ca_cb, - ssl->conf->p_ca_cb, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy); - } else -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - { - mbedtls_x509_crt *ca_chain; - mbedtls_x509_crl *ca_crl; -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_ca_chain != NULL) { - ca_chain = ssl->handshake->sni_ca_chain; - ca_crl = ssl->handshake->sni_ca_crl; - } else -#endif - { - ca_chain = ssl->conf->ca_chain; - ca_crl = ssl->conf->ca_crl; - } - - if (ca_chain != NULL) { - have_ca_chain_or_callback = 1; - } - - ret = mbedtls_x509_crt_verify_restartable( - chain, - ca_chain, ca_crl, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy, rs_ctx); - } - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret); - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - - /* - * Secondary checks: always done, but change 'ret' only if it was 0 - */ - - /* With TLS 1.2 and ECC certs, check that the curve used by the - * certificate is on our list of acceptable curves. - * - * With TLS 1.3 this is not needed because the curve is part of the - * signature algorithm (eg ecdsa_secp256r1_sha256) which is checked when - * we validate the signature made with the key associated to this cert. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) { - if (mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)")); - ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; - if (ret == 0) { - ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - - /* Check X.509 usage extensions (keyUsage, extKeyUsage) */ - if (mbedtls_ssl_check_cert_usage(chain, - ciphersuite_info, - ssl->conf->endpoint, - ssl->tls_version, - &ssl->session_negotiate->verify_result) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); - if (ret == 0) { - ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - } - - /* With authmode optional, we want to keep going if the certificate was - * unacceptable, but still fail on other errors (out of memory etc), - * including fatal errors from the f_vrfy callback. - * - * The only acceptable errors are: - * - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: cert rejected by primary check; - * - MBEDTLS_ERR_SSL_BAD_CERTIFICATE: cert rejected by secondary checks. - * Anything else is a fatal error. */ - if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && - (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) { - ret = 0; - } - - /* Return a specific error as this is a user error: inconsistent - * configuration - can't verify without trust anchors. */ - if (have_ca_chain_or_callback == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain")); - ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; - } - - if (ret != 0) { - uint8_t alert; - - /* The certificate may have been rejected for several reasons. - Pick one and send the corresponding alert. Which alert to send - may be a subject of debate in some cases. */ - if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) { - alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) { - alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) { - alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) { - alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) { - alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; - } else { - alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; - } - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - alert); - } - -#if defined(MBEDTLS_DEBUG_C) - if (ssl->session_negotiate->verify_result != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x", - (unsigned int) ssl->session_negotiate->verify_result)); - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear")); - } -#endif /* MBEDTLS_DEBUG_C */ - - return ret; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c deleted file mode 100644 index 14ce37757..000000000 --- a/library/ssl_tls12_client.c +++ /dev/null @@ -1,3585 +0,0 @@ -/* - * TLS client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "ssl_client.h" -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/constant_time.h" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa_util_internal.h" -#include "psa/crypto.h" -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#include - -#include - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/platform_util.h" -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the - * initial ClientHello, in which case also adding the renegotiation - * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ - if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding renegotiation extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len); - - /* - * Secure renegotiation - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1); - *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len); - - memcpy(p, ssl->own_verify_data, ssl->verify_data_len); - - *olen = 5 + ssl->verify_data_len; - - return 0; -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - (void) ssl; /* ssl used for debugging only */ - - *olen = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding supported_point_formats extension")); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 2; - - *p++ = 1; - *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; - - *olen = 6; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t kkpp_len = 0; - - *olen = 0; - - /* Skip costly extension if we can't use EC J-PAKE anyway */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (ssl->handshake->psa_pake_ctx_is_ok != 1) { - return 0; - } -#else - if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { - return 0; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding ecjpake_kkpp extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); - p += 2; - - /* - * We may need to send ClientHello multiple times for Hello verification. - * We don't want to compute fresh values every time (both for performance - * and consistency reasons), so cache the extension content. - */ - if (ssl->handshake->ecjpake_cache == NULL || - ssl->handshake->ecjpake_cache_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters")); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - p + 2, end - p - 2, &kkpp_len, - MBEDTLS_ECJPAKE_ROUND_ONE); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return ret; - } -#else - ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ecjpake_write_round_one", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); - if (ssl->handshake->ecjpake_cache == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed")); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len); - ssl->handshake->ecjpake_cache_len = kkpp_len; - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters")); - - kkpp_len = ssl->handshake->ecjpake_cache_len; - MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len); - - memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len); - } - - MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); - p += 2; - - *olen = kkpp_len + 4; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_cid_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t ext_len; - - /* - * struct { - * opaque cid<0..2^8-1>; - * } ConnectionId; - */ - - *olen = 0; - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - return 0; - } - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension")); - - /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX - * which is at most 255, so the increment cannot overflow. */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5)); - - /* Add extension ID + size */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0); - p += 2; - ext_len = (size_t) ssl->own_cid_len + 1; - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2; - - *p++ = (uint8_t) ssl->own_cid_len; - memcpy(p, ssl->own_cid, ssl->own_cid_len); - - *olen = ssl->own_cid_len + 5; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding max_fragment_length extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 1; - - *p++ = ssl->conf->mfl_code; - - *olen = 5; - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding encrypt_then_mac extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; - - return 0; -} -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding extended_master_secret extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; - - return 0; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t tlen = ssl->session_negotiate->ticket_len; - - *olen = 0; - - if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding session ticket extension")); - - /* The addition is safe here since the ticket length is 16 bit. */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(tlen, p, 0); - p += 2; - - *olen = 4; - - if (ssl->session_negotiate->ticket == NULL || tlen == 0) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen)); - - memcpy(p, ssl->session_negotiate->ticket, tlen); - - *olen += tlen; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t protection_profiles_index = 0, ext_len = 0; - uint16_t mki_len = 0, profile_value = 0; - - *olen = 0; - - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0)) { - return 0; - } - - /* RFC 5764 section 4.1.1 - * uint8 SRTPProtectionProfile[2]; - * - * struct { - * SRTPProtectionProfiles SRTPProtectionProfiles; - * opaque srtp_mki<0..255>; - * } UseSRTPData; - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - */ - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { - mki_len = ssl->dtls_srtp_info.mki_len; - } - /* Extension length = 2 bytes for profiles length, - * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), - * 1 byte for srtp_mki vector length and the mki_len value - */ - ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension")); - - /* Check there is room in the buffer for the extension + 4 bytes - * - the extension tag (2 bytes) - * - the extension length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2; - - /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ - /* micro-optimization: - * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH - * which is lower than 127, so the upper byte of the length is always 0 - * For the documentation, the more generic code is left in comments - * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) - * >> 8 ) & 0xFF ); - */ - *p++ = 0; - *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len); - - for (protection_profiles_index = 0; - protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; - protection_profiles_index++) { - profile_value = mbedtls_ssl_check_srtp_profile_value - (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]); - if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x", - profile_value)); - MBEDTLS_PUT_UINT16_BE(profile_value, p, 0); - p += 2; - } else { - /* - * Note: we shall never arrive here as protection profiles - * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function - */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, " - "illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index] - )); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - } - - *p++ = mki_len & 0xFF; - - if (mki_len != 0) { - memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len); - /* - * Increment p to point to the current position. - */ - p += mki_len; - MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } - - /* - * total extension length: extension type (2 bytes) - * + extension length (2 bytes) - * + protection profile length (2 bytes) - * + 2 * number of protection profiles - * + srtp_mki vector length(1 byte) - * + mki value - */ - *olen = p - buf; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - int uses_ec, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t ext_len = 0; - - (void) ssl; - (void) end; - (void) uses_ec; - (void) ret; - (void) ext_len; - - *out_len = 0; - - /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added - * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if ((ret = ssl_write_renegotiation_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (uses_ec) { - if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, - &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret); - return ret; - } - p += ext_len; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if ((ret = ssl_write_cid_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret); - return ret; - } - p += ext_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if ((ret = ssl_write_max_fragment_length_ext(ssl, p, end, - &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if ((ret = ssl_write_extended_ms_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - if ((ret = ssl_write_use_srtp_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if ((ret = ssl_write_session_ticket_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret); - return ret; - } - p += ext_len; -#endif - - *out_len = (size_t) (p - buf); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Check verify-data in constant-time. The length OTOH is no secret */ - if (len != 1 + ssl->verify_data_len * 2 || - buf[0] != ssl->verify_data_len * 2 || - mbedtls_ct_memcmp(buf + 1, - ssl->own_verify_data, ssl->verify_data_len) != 0 || - mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len, - ssl->peer_verify_data, ssl->verify_data_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - if (len != 1 || buf[0] != 0x00) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-zero length renegotiation info")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - /* - * server should use the extension only if we did, - * and if so the server's value should match ours (and len is always 1) - */ - if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || - len != 1 || - buf[0] != ssl->conf->mfl_code) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching max fragment length extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t peer_cid_len; - - if ( /* CID extension only makes sense in DTLS */ - ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - /* The server must only send the CID extension if we have offered it. */ - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - if (len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - peer_cid_len = *buf++; - len--; - - if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if (len != peer_cid_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; - ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); - MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len); - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching encrypt-then-MAC extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - ((void) buf); - - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; - - return 0; -} -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching extended master secret extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - ((void) buf); - - ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - - return 0; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || - len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching session ticket extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - ((void) buf); - - ssl->handshake->new_session_ticket = 1; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t list_size; - const unsigned char *p; - - if (len == 0 || (size_t) (buf[0] + 1) != len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - list_size = buf[0]; - - p = buf + 1; - while (list_size > 0) { - if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, - p[0]); -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); - return 0; - } - - list_size--; - p++; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); - return 0; - } - - /* If we got here, we no longer need our cached extension */ - mbedtls_free(ssl->handshake->ecjpake_cache); - ssl->handshake->ecjpake_cache = NULL; - ssl->handshake->ecjpake_cache_len = 0; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, buf, len, - MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - return 0; -#else - if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, - buf, len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - return 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - size_t list_len, name_len; - const char **p; - - /* If we didn't send it, the server shouldn't send it */ - if (ssl->conf->alpn_list == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - * - * the "ProtocolNameList" MUST contain exactly one "ProtocolName" - */ - - /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if (len < 4) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - list_len = MBEDTLS_GET_UINT16_BE(buf, 0); - if (list_len != len - 2) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - name_len = buf[2]; - if (name_len != list_len - 1) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Check that the server chosen protocol was in our list and save it */ - for (p = ssl->conf->alpn_list; *p != NULL; p++) { - if (name_len == strlen(*p) && - memcmp(buf + 3, *p, name_len) == 0) { - ssl->alpn_chosen = *p; - return 0; - } - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; - size_t i, mki_len = 0; - uint16_t server_protection_profile_value = 0; - - /* If use_srtp is not configured, just ignore the extension */ - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0)) { - return 0; - } - - /* RFC 5764 section 4.1.1 - * uint8 SRTPProtectionProfile[2]; - * - * struct { - * SRTPProtectionProfiles SRTPProtectionProfiles; - * opaque srtp_mki<0..255>; - * } UseSRTPData; - - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - * - */ - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { - mki_len = ssl->dtls_srtp_info.mki_len; - } - - /* - * Length is 5 + optional mki_value : one protection profile length (2 bytes) - * + protection profile (2 bytes) - * + mki_len(1 byte) - * and optional srtp_mki - */ - if ((len < 5) || (len != (buf[4] + 5u))) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * get the server protection profile - */ - - /* - * protection profile length must be 0x0002 as we must have only - * one protection profile in server Hello - */ - if ((buf[0] != 0) || (buf[1] != 2)) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - server_protection_profile_value = (buf[2] << 8) | buf[3]; - server_protection = mbedtls_ssl_check_srtp_profile_value( - server_protection_profile_value); - if (server_protection != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - server_protection))); - } - - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; - - /* - * Check we have the server profile in our list - */ - for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - server_protection))); - break; - } - } - - /* If no match was found : server problem, it shall never answer with incompatible profile */ - if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* If server does not use mki in its reply, make sure the client won't keep - * one as negotiated */ - if (len == 5) { - ssl->dtls_srtp_info.mki_len = 0; - } - - /* - * RFC5764: - * If the client detects a nonzero-length MKI in the server's response - * that is different than the one the client offered, then the client - * MUST abort the handshake and SHOULD send an invalid_parameter alert. - */ - if (len > 5 && (buf[4] != mki_len || - (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } -#if defined(MBEDTLS_DEBUG_C) - if (len > 5) { - MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } -#endif - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/* - * Parse HelloVerifyRequest. Only called after verifying the HS type. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - uint16_t dtls_legacy_version; - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint8_t cookie_len; -#else - uint16_t cookie_len; -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request")); - - /* Check that there is enough room for: - * - 2 bytes of version - * - 1 byte of cookie_len - */ - if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("incoming HelloVerifyRequest message is too short")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * struct { - * ProtocolVersion server_version; - * opaque cookie<0..2^8-1>; - * } HelloVerifyRequest; - */ - MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); - dtls_legacy_version = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* - * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff) - * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to - * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2) - */ - if (dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version")); - - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - cookie_len = *p++; - if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("cookie length does not match incoming message size")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len); - - mbedtls_free(ssl->handshake->cookie); - - ssl->handshake->cookie = mbedtls_calloc(1, cookie_len); - if (ssl->handshake->cookie == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len)); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->handshake->cookie, p, cookie_len); - ssl->handshake->cookie_len = cookie_len; - - /* Start over at ClientHello */ - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - ret = mbedtls_ssl_reset_checksum(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); - return ret; - } - - mbedtls_ssl_recv_flight_completed(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request")); - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) -{ - int ret, i; - size_t n; - size_t ext_len; - unsigned char *buf, *ext; - unsigned char comp; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int renegotiation_info_seen = 0; -#endif - int handshake_failure = 0; - const mbedtls_ssl_ciphersuite_t *suite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - buf = ssl->in_msg; - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - ssl->renego_records_seen++; - - if (ssl->conf->renego_max_records >= 0 && - ssl->renego_records_seen > ssl->conf->renego_max_records) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("renegotiation requested, but not honored by server")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-handshake message during renegotiation")); - - ssl->keep_current_message = 1; - return MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { - MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request")); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); - return ssl_parse_hello_verify_request(ssl); - } else { - /* We made it through the verification process */ - mbedtls_free(ssl->handshake->cookie); - ssl->handshake->cookie = NULL; - ssl->handshake->cookie_len = 0; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) || - buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * 0 . 1 server_version - * 2 . 33 random (maybe including 4 bytes of Unix time) - * 34 . 34 session_id length = n - * 35 . 34+n session_id - * 35+n . 36+n cipher_suite - * 37+n . 37+n compression_method - * - * 38+n . 39+n extensions length (optional) - * 40+n . .. extensions - */ - buf += mbedtls_ssl_hs_hdr_len(ssl); - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf, 2); - ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, - ssl->conf->transport); - ssl->session_negotiate->tls_version = ssl->tls_version; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - if (ssl->tls_version < ssl->conf->min_tls_version || - ssl->tls_version > ssl->conf->max_tls_version) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "server version out of bounds - min: [0x%x], server: [0x%x], max: [0x%x]", - (unsigned) ssl->conf->min_tls_version, - (unsigned) ssl->tls_version, - (unsigned) ssl->conf->max_tls_version)); - - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu", - ((unsigned long) buf[2] << 24) | - ((unsigned long) buf[3] << 16) | - ((unsigned long) buf[4] << 8) | - ((unsigned long) buf[5]))); - - memcpy(ssl->handshake->randbytes + 32, buf + 2, 32); - - n = buf[34]; - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 2, 32); - - if (n > 32) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { - ext_len = MBEDTLS_GET_UINT16_BE(buf, 38 + n); - - if ((ext_len > 0 && ext_len < 4) || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) { - ext_len = 0; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* ciphersuite (used later) */ - i = (int) MBEDTLS_GET_UINT16_BE(buf, n + 35); - - /* - * Read and check compression - */ - comp = buf[37 + n]; - - if (comp != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("server hello, bad compression: %d", comp)); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - /* - * Initialize update checksum functions - */ - ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i); - if (ssl->handshake->ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("ciphersuite info for %04x not found", (unsigned int) i)); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 35, n); - - /* - * Check if the session can be resumed - */ - if (ssl->handshake->resume == 0 || n == 0 || -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || -#endif - ssl->session_negotiate->ciphersuite != i || - ssl->session_negotiate->id_len != n || - memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { - ssl->state++; - ssl->handshake->resume = 0; -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif - ssl->session_negotiate->ciphersuite = i; - ssl->session_negotiate->id_len = n; - memcpy(ssl->session_negotiate->id, buf + 35, n); - } else { - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", - ssl->handshake->resume ? "a" : "no")); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i)); - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d", - buf[37 + n])); - - /* - * Perform cipher suite validation in same way as in ssl_write_client_hello. - */ - i = 0; - while (1) { - if (ssl->conf->ciphersuite_list[i] == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if (ssl->conf->ciphersuite_list[i++] == - ssl->session_negotiate->ciphersuite) { - break; - } - } - - suite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite); - if (mbedtls_ssl_validate_ciphersuite(ssl, suite_info, ssl->tls_version, - ssl->tls_version) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("server hello, chosen ciphersuite: %s", suite_info->name)); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && - ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - ssl->handshake->ecrs_enabled = 1; - } -#endif - - if (comp != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ext = buf + 40 + n; - - MBEDTLS_SSL_DEBUG_MSG(2, - ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len)); - - while (ext_len) { - unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0); - unsigned int ext_size = MBEDTLS_GET_UINT16_BE(ext, 2); - - if (ext_size + 4 > ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - switch (ext_id) { - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; -#endif - - if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4, - ext_size)) != 0) { - return ret; - } - - break; - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found max_fragment_length extension")); - - if ((ret = ssl_parse_max_fragment_length_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - - if ((ret = ssl_parse_cid_ext(ssl, - ext + 4, - ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension")); - - if ((ret = ssl_parse_encrypt_then_mac_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found extended_master_secret extension")); - - if ((ret = ssl_parse_extended_ms_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension")); - - if ((ret = ssl_parse_session_ticket_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found supported_point_formats extension")); - - if ((ret = ssl_parse_supported_point_formats_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension")); - - if ((ret = ssl_parse_ecjpake_kkpp(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - - if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - default: - MBEDTLS_SSL_DEBUG_MSG(3, - ("unknown extension found: %u (ignoring)", ext_id)); - } - - ext_len -= 4 + ext_size; - ext += 4 + ext_size; - - if (ext_len > 0 && ext_len < 4) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } - - /* - * mbedtls_ssl_derive_keys() has to be called after the parsing of the - * extensions. It sets the transform data for the resumed session which in - * case of DTLS includes the server CID extracted from the CID extension. - */ - if (ssl->handshake->resume) { - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return ret; - } - } - - /* - * Renegotiation security checks - */ - if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("legacy renegotiation, breaking off handshake")); - handshake_failure = 1; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("renegotiation_info extension missing (secure)")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { - MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("renegotiation_info extension present (legacy)")); - handshake_failure = 1; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - if (handshake_failure == 1) { - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); - - return 0; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t dhm_actual_bitlen; - - /* - * Ephemeral DH parameters: - * - * struct { - * opaque dh_p<1..2^16-1>; - * opaque dh_g<1..2^16-1>; - * opaque dh_Ys<1..2^16-1>; - * } ServerDHParams; - */ - if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx, - p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret); - return ret; - } - - dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx); - if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", - dhm_actual_bitlen, - ssl->conf->dhm_min_bitlen)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - uint16_t tls_id; - size_t ecpoint_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - size_t ec_bits = 0; - - /* - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - * - * 1 curve_type (must be "named_curve") - * 2..3 NamedCurve - * 4 ECPoint.len - * 5+ ECPoint contents - */ - if (end - *p < 4) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* First byte is curve_type; only named_curve is handled */ - if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Next two bytes are the namedcurve value */ - tls_id = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - /* Check it's a curve we offered */ - if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("bad server key exchange message (ECDHE curve): %u", - (unsigned) tls_id)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Convert EC's TLS ID to PSA key type. */ - if (mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ec_bits) == PSA_ERROR_NOT_SUPPORTED) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - handshake->xxdh_psa_type = key_type; - handshake->xxdh_psa_bits = ec_bits; - - /* Keep a copy of the peer's public key */ - ecpoint_len = *(*p)++; - if ((size_t) (end - *p) < ecpoint_len) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len); - handshake->xxdh_psa_peerkey_len = ecpoint_len; - *p += ecpoint_len; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#else -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) -{ - uint16_t tls_id; - mbedtls_ecp_group_id grp_id; -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - grp_id = ssl->handshake->ecdh_ctx.grp.id; -#else - grp_id = ssl->handshake->ecdh_ctx.grp_id; -#endif - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", - mbedtls_ssl_get_curve_name_from_tls_id(tls_id))); - - if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { - return -1; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP); - - return 0; -} - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - /* - * Ephemeral ECDH parameters: - * - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - */ - if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx, - (const unsigned char **) p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - if (ssl_check_server_ecdh_params(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message (ECDHE curve)")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - uint16_t len; - ((void) ssl); - - /* - * PSK parameters: - * - * opaque psk_identity_hint<0..2^16-1>; - */ - if (end - (*p) < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message (psk_identity_hint length)")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - len = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - if (end - (*p) < len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message (psk_identity_hint length)")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Note: we currently ignore the PSK identity hint, as we only allow one - * PSK to be provisioned on the client. This could be changed later if - * someone needs that feature. - */ - *p += len; - ret = 0; - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -/* - * Generate a pre-master secret and encrypt it with the server's RSA key - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, - size_t offset, size_t *olen, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len_bytes = 2; - unsigned char *p = ssl->handshake->premaster + pms_offset; - mbedtls_pk_context *peer_pk; - - if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Generate (part of) the pre-master as - * struct { - * ProtocolVersion client_version; - * opaque random[46]; - * } PreMasterSecret; - */ - mbedtls_ssl_write_version(p, ssl->conf->transport, - MBEDTLS_SSL_VERSION_TLS1_2); - - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); - return ret; - } - - ssl->handshake->pmslen = 48; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * Now write it out, encrypted - */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - if ((ret = mbedtls_pk_encrypt(peer_pk, - p, ssl->handshake->pmslen, - ssl->out_msg + offset + len_bytes, olen, - MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret); - return ret; - } - - if (len_bytes == 2) { - MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); - *olen += 2; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *peer_pk; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* This is a public key, so it can't be opaque, so can_do() is a good - * enough check to ensure pk_ec() is safe to use below. */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); -#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); - - if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported", - grp_id)); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* If the above conversion to TLS ID was fine, then also this one will be, - so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - /* Store peer's public key in psa format. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); - ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; - ret = 0; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - size_t olen = 0; - ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, - ssl->handshake->xxdh_psa_peerkey, - sizeof(ssl->handshake->xxdh_psa_peerkey)); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); - return ret; - } - ssl->handshake->xxdh_psa_peerkey_len = olen; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ - if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, - MBEDTLS_ECDH_THEIRS)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); - return ret; - } - - if (ssl_check_server_ecdh_params(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it, - * so that more RAM is available for upcoming expensive - * operations like ECDHE. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - unsigned char *p = NULL, *end = NULL; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; - return 0; - } - ((void) p); - ((void) end); -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { - if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; - return 0; - } - ((void) p); - ((void) end); -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { - goto start_processing; - } -#endif - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * ServerKeyExchange may be skipped with PSK when the server - * doesn't use a psk_identity_hint - */ - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - /* Current message is probably either - * CertificateRequest or ServerHelloDone */ - ssl->keep_current_message = 1; - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(1, - ("server key exchange message must not be skipped")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; - } - -start_processing: -#endif - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - end = ssl->in_msg + ssl->in_hslen; - MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, (size_t) (end - p)); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } /* FALLTHROUGH */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - ; /* nothing more to do */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { - if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* - * The first 3 bytes are: - * [0] MBEDTLS_ECP_TLS_NAMED_CURVE - * [1, 2] elliptic curve's TLS ID - * - * However since we only support secp256r1 for now, we check only - * that TLS ID here - */ - uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE(p, 1); - uint16_t exp_tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - MBEDTLS_ECP_DP_SECP256R1); - - if (exp_tls_id == 0) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - if ((*p != MBEDTLS_ECP_TLS_NAMED_CURVE) || - (read_tls_id != exp_tls_id)) { - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - p += 3; - - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, p, end - p, - MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#else - ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, - p, end - p); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { - size_t sig_len, hashlen; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; - unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - size_t params_len = (size_t) (p - params); - void *rs_ctx = NULL; - uint16_t sig_alg; - - mbedtls_pk_context *peer_pk; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * Handle the digitally-signed structure - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - sig_alg, &pk_alg, &md_alg) != 0 && - !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && - !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - p += 2; - - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * Read signature - */ - - if (p > end - 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - sig_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (p != end - sig_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len); - - /* - * Compute the hash that has been signed - */ - if (md_alg != MBEDTLS_MD_NONE) { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, - params, params_len, - md_alg); - if (ret != 0) { - return ret; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); - - /* - * Verify signature - */ - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - rs_ctx = &ssl->handshake->ecrs_ctx.pk; - } -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - mbedtls_pk_rsassa_pss_options rsassa_pss_options; - rsassa_pss_options.mgf1_hash_id = md_alg; - rsassa_pss_options.expected_salt_len = - mbedtls_md_get_size_from_type(md_alg); - if (rsassa_pss_options.expected_salt_len == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options, - peer_pk, - md_alg, hash, hashlen, - p, sig_len); - } else -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx); - - if (ret != 0) { - int send_alert_msg = 1; -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - send_alert_msg = (ret != MBEDTLS_ERR_ECP_IN_PROGRESS); -#endif - if (send_alert_msg) { - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); - } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it, - * so that more RAM is available for upcoming expensive - * operations like ECDHE. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -exit: - ssl->state++; - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); - - return 0; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t n = 0; - size_t cert_type_len = 0, dn_len = 0; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - size_t sig_alg_len; -#if defined(MBEDTLS_DEBUG_C) - unsigned char *sig_alg; - unsigned char *dn; -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; - return 0; - } - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - ssl->state++; - ssl->handshake->client_auth = - (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); - - MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request", - ssl->handshake->client_auth ? "a" : "no")); - - if (ssl->handshake->client_auth == 0) { - /* Current message is probably the ServerHelloDone */ - ssl->keep_current_message = 1; - goto exit; - } - - /* - * struct { - * ClientCertificateType certificate_types<1..2^8-1>; - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only - * DistinguishedName certificate_authorities<0..2^16-1>; - * } CertificateRequest; - * - * Since we only support a single certificate on clients, let's just - * ignore all the information that's supposed to help us pick a - * certificate. - * - * We could check that our certificate matches the request, and bail out - * if it doesn't, but it's simpler to just send the certificate anyway, - * and give the server the opportunity to decide if it should terminate - * the connection when it doesn't like our certificate. - * - * Same goes for the hash in TLS 1.2's signature_algorithms: at this - * point we only have one hash available (see comments in - * write_certificate_verify), so let's just use what we have. - * - * However, we still minimally parse the message to check it is at least - * superficially sane. - */ - buf = ssl->in_msg; - - /* certificate_types */ - if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)]; - n = cert_type_len; - - /* - * In the subsequent code there are two paths that read from buf: - * * the length of the signature algorithms field (if minor version of - * SSL is 3), - * * distinguished name length otherwise. - * Both reach at most the index: - * ...hdr_len + 2 + n, - * therefore the buffer length at this point must be greater than that - * regardless of the actual code path. - */ - if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* supported_signature_algorithms */ - sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); - - /* - * The furthest access in buf is in the loop few lines below: - * sig_alg[i + 1], - * where: - * sig_alg = buf + ...hdr_len + 3 + n, - * max(i) = sig_alg_len - 1. - * Therefore the furthest access is: - * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1], - * which reduces to: - * buf[...hdr_len + 3 + n + sig_alg_len], - * which is one less than we need the buf to be. - */ - if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 3 + n + sig_alg_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if defined(MBEDTLS_DEBUG_C) - sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n; - for (size_t i = 0; i < sig_alg_len; i += 2) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("Supported Signature Algorithm found: %02x %02x", - sig_alg[i], sig_alg[i + 1])); - } -#endif - - n += 2 + sig_alg_len; - - /* certificate_authorities */ - dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); - - n += dn_len; - if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if defined(MBEDTLS_DEBUG_C) - dn = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n - dn_len; - for (size_t i = 0, dni_len = 0; i < dn_len; i += 2 + dni_len) { - unsigned char *p = dn + i + 2; - mbedtls_x509_name name; - size_t asn1_len; - char s[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - memset(&name, 0, sizeof(name)); - dni_len = MBEDTLS_GET_UINT16_BE(dn + i, 0); - if (dni_len > dn_len - i - 2 || - mbedtls_asn1_get_tag(&p, p + dni_len, &asn1_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0 || - mbedtls_x509_get_name(&p, p + asn1_len, &name) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - MBEDTLS_SSL_DEBUG_MSG(3, - ("DN hint: %.*s", - mbedtls_x509_dn_gets(s, sizeof(s), &name), s)); - mbedtls_asn1_free_named_data_list_shallow(name.next); - } -#endif - -exit: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request")); - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) || - ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->state++; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_recv_flight_completed(ssl); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done")); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - size_t header_len; - size_t content_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { - /* - * DHM key exchange -- send G^X mod P - */ - content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); - - MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4); - header_len = 6; - - ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, - (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); - - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t key_attributes; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - header_len = 4; - - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); - - /* - * Generate EC private key for ECDHE exchange. - */ - - /* The master secret is obtained from the shared ECDH secret by - * applying the TLS 1.2 PRF with a specific salt and label. While - * the PSA Crypto API encourages combining key agreement schemes - * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not - * yet support the provisioning of salt + label to the KDF. - * For the time being, we therefore need to split the computation - * of the ECDH secret and the application of the TLS 1.2 PRF. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* Generate ECDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - /* Export the public part of the ECDH private key from PSA. - * The export format is an ECPoint structure as expected by TLS, - * but we just need to add a length byte before that. */ - unsigned char *own_pubkey = ssl->out_msg + header_len + 1; - unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t own_pubkey_max_len = (size_t) (end - own_pubkey); - size_t own_pubkey_len; - - status = psa_export_public_key(handshake->xxdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &own_pubkey_len); - if (status != PSA_SUCCESS) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - ssl->out_msg[header_len] = (unsigned char) own_pubkey_len; - content_len = own_pubkey_len + 1; - - /* The ECDH secret is the premaster secret used for key derivation. */ - - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, - handshake->xxdh_psa_peerkey_len, - ssl->handshake->premaster, - sizeof(ssl->handshake->premaster), - &ssl->handshake->pmslen); - - destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - - if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } -#else - /* - * ECDH key exchange -- send client public value - */ - header_len = 4; - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) { - goto ecdh_calc_secret; - } - - mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx); - } -#endif - - ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], 1000, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_n = content_len; - ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; - } - -ecdh_calc_secret: - if (ssl->handshake->ecrs_enabled) { - content_len = ssl->handshake->ecrs_n; - } -#endif - if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t key_attributes; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* - * opaque psk_identity<0..2^16-1>; - */ - if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { - /* We don't offer PSK suites if we don't have a PSK, - * and we check that the server's choice is among the - * ciphersuites we offered, so this should never happen. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* uint16 to store content length */ - const size_t content_len_size = 2; - - header_len = 4; - - if (header_len + content_len_size + ssl->conf->psk_identity_len - > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("psk identity too long or SSL buffer too short")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - unsigned char *p = ssl->out_msg + header_len; - - *p++ = MBEDTLS_BYTE_1(ssl->conf->psk_identity_len); - *p++ = MBEDTLS_BYTE_0(ssl->conf->psk_identity_len); - header_len += content_len_size; - - memcpy(p, ssl->conf->psk_identity, - ssl->conf->psk_identity_len); - p += ssl->conf->psk_identity_len; - - header_len += ssl->conf->psk_identity_len; - - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); - - /* - * Generate EC private key for ECDHE exchange. - */ - - /* The master secret is obtained from the shared ECDH secret by - * applying the TLS 1.2 PRF with a specific salt and label. While - * the PSA Crypto API encourages combining key agreement schemes - * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not - * yet support the provisioning of salt + label to the KDF. - * For the time being, we therefore need to split the computation - * of the ECDH secret and the application of the TLS 1.2 PRF. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* Generate ECDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - /* Export the public part of the ECDH private key from PSA. - * The export format is an ECPoint structure as expected by TLS, - * but we just need to add a length byte before that. */ - unsigned char *own_pubkey = p + 1; - unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t own_pubkey_max_len = (size_t) (end - own_pubkey); - size_t own_pubkey_len = 0; - - status = psa_export_public_key(handshake->xxdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &own_pubkey_len); - if (status != PSA_SUCCESS) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return PSA_TO_MBEDTLS_ERR(status); - } - - *p = (unsigned char) own_pubkey_len; - content_len = own_pubkey_len + 1; - - /* As RFC 5489 section 2, the premaster secret is formed as follows: - * - a uint16 containing the length (in octets) of the ECDH computation - * - the octet string produced by the ECDH computation - * - a uint16 containing the length (in octets) of the PSK - * - the PSK itself - */ - unsigned char *pms = ssl->handshake->premaster; - const unsigned char * const pms_end = pms + - sizeof(ssl->handshake->premaster); - /* uint16 to store length (in octets) of the ECDH computation */ - const size_t zlen_size = 2; - size_t zlen = 0; - - /* Perform ECDH computation after the uint16 reserved for the length */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, - handshake->xxdh_psa_peerkey_len, - pms + zlen_size, - pms_end - (pms + zlen_size), - &zlen); - - destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } else if (destruction_status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(destruction_status); - } - - /* Write the ECDH computation length before the ECDH computation */ - MBEDTLS_PUT_UINT16_BE(zlen, pms, 0); - pms += zlen_size + zlen; - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) { - /* - * opaque psk_identity<0..2^16-1>; - */ - if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { - /* We don't offer PSK suites if we don't have a PSK, - * and we check that the server's choice is among the - * ciphersuites we offered, so this should never happen. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - header_len = 4; - content_len = ssl->conf->psk_identity_len; - - if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("psk identity too long or SSL buffer too short")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); - ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); - - memcpy(ssl->out_msg + header_len, - ssl->conf->psk_identity, - ssl->conf->psk_identity_len); - header_len += ssl->conf->psk_identity_len; - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - content_len = 0; - } else -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - /* - * ClientDiffieHellmanPublic public (DHM send G^X mod P) - */ - content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); - - if (header_len + 2 + content_len > - MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("psk identity or DHM size too long or SSL buffer too short")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); - ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); - - ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, - (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); - return ret; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char *pms = ssl->handshake->premaster; - unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); - size_t pms_len; - - /* Write length only when we know the actual value */ - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - pms + 2, pms_end - (pms + 2), &pms_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0); - pms += 2 + pms_len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); -#endif - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - /* - * ClientECDiffieHellmanPublic public; - */ - ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q); - } else -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - header_len = 4; - if ((ret = ssl_write_encrypted_pms(ssl, header_len, - &content_len, 0)) != 0) { - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - header_len = 4; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char *out_p = ssl->out_msg + header_len; - unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - - header_len; - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - out_p, end_p - out_p, &content_len, - MBEDTLS_ECJPAKE_ROUND_TWO); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return ret; - } -#else - ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx, - ssl->out_msg + header_len, - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - &content_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); - return ret; - } - - ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - { - ((void) ciphersuite_info); - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->out_msglen = header_len + content_len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; - - ssl->state++; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange")); - - return 0; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - size_t n = 0, offset = 0; - unsigned char hash[48]; - unsigned char *hash_start = hash; - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - size_t hashlen; - void *rs_ctx = NULL; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) { - goto sign; - } -#endif - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; - return 0; - } - - if (ssl->handshake->client_auth == 0 || - mbedtls_ssl_own_cert(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; - return 0; - } - - if (mbedtls_ssl_own_key(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - /* - * Make a signature of the handshake digests - */ -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; - } - -sign: -#endif - - ret = ssl->handshake->calc_verify(ssl, hash, &hashlen); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret); - return ret; - } - - /* - * digitally-signed struct { - * opaque handshake_messages[handshake_messages_length]; - * }; - * - * Taking shortcut here. We assume that the server always allows the - * PRF Hash function and has sent it in the allowed signature - * algorithms list received in the Certificate Request message. - * - * Until we encounter a server that does not, we will take this - * shortcut. - * - * Reason: Otherwise we should have running hashes for SHA512 and - * SHA224 in order to satisfy 'weird' needs from the server - * side. - */ - if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - md_alg = MBEDTLS_MD_SHA384; - ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; - } else { - md_alg = MBEDTLS_MD_SHA256; - ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; - } - ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl)); - - /* Info from md_alg will be used instead */ - hashlen = 0; - offset = 2; - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - rs_ctx = &ssl->handshake->ecrs_ctx.pk; - } -#endif - - if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash_start, hashlen, - ssl->out_msg + 6 + offset, - out_buf_len - 6 - offset, - &n, - ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4); - - ssl->out_msglen = 6 + n + offset; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; - - ssl->state++; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify")); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - uint32_t lifetime; - size_t ticket_len; - unsigned char *ticket; - const unsigned char *msg; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * struct { - * uint32 ticket_lifetime_hint; - * opaque ticket<0..2^16-1>; - * } NewSessionTicket; - * - * 0 . 3 ticket_lifetime_hint - * 4 . 5 ticket_len (n) - * 6 . 5+n ticket content - */ - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || - ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - - lifetime = MBEDTLS_GET_UINT32_BE(msg, 0); - - ticket_len = MBEDTLS_GET_UINT16_BE(msg, 4); - - if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len)); - - /* We're not waiting for a NewSessionTicket message any more */ - ssl->handshake->new_session_ticket = 0; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - - /* - * Zero-length ticket means the server changed his mind and doesn't want - * to send a ticket after all, so just forget it - */ - if (ticket_len == 0) { - return 0; - } - - if (ssl->session != NULL && ssl->session->ticket != NULL) { - mbedtls_zeroize_and_free(ssl->session->ticket, - ssl->session->ticket_len); - ssl->session->ticket = NULL; - ssl->session->ticket_len = 0; - } - - mbedtls_zeroize_and_free(ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len); - ssl->session_negotiate->ticket = NULL; - ssl->session_negotiate->ticket_len = 0; - - if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ticket, msg + 6, ticket_len); - - ssl->session_negotiate->ticket = ticket; - ssl->session_negotiate->ticket_len = ticket_len; - ssl->session_negotiate->ticket_lifetime = lifetime; - - /* - * RFC 5077 section 3.4: - * "If the client receives a session ticket from the server, then it - * discards any Session ID that was sent in the ServerHello." - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id")); - ssl->session_negotiate->id_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket")); - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -/* - * SSL handshake -- client side -- single step - */ -int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - /* Change state now, so that it is right in mbedtls_ssl_read_record(), used - * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && - ssl->handshake->new_session_ticket != 0) { - ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; - } -#endif - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - break; - - /* - * ==> ClientHello - */ - case MBEDTLS_SSL_CLIENT_HELLO: - ret = mbedtls_ssl_write_client_hello(ssl); - break; - - /* - * <== ServerHello - * Certificate - * ( ServerKeyExchange ) - * ( CertificateRequest ) - * ServerHelloDone - */ - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_parse_server_hello(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate(ssl); - break; - - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_parse_server_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_parse_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_parse_server_hello_done(ssl); - break; - - /* - * ==> ( Certificate/Alert ) - * ClientKeyExchange - * ( CertificateVerify ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_write_certificate(ssl); - break; - - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_write_client_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_write_certificate_verify(ssl); - break; - - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_write_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_write_finished(ssl); - break; - - /* - * <== ( NewSessionTicket ) - * ChangeCipherSpec - * Finished - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_NEW_SESSION_TICKET: - ret = ssl_parse_new_session_ticket(ssl); - break; -#endif - - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_parse_finished(ssl); - break; - - case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup(ssl); - break; - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return ret; -} - -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c deleted file mode 100644 index 9e7c52c5e..000000000 --- a/library/ssl_tls12_server.c +++ /dev/null @@ -1,4401 +0,0 @@ -/* - * TLS server-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "constant_time_internal.h" -#include "mbedtls/constant_time.h" - -#include - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif -#endif - -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen) -{ - if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - mbedtls_free(ssl->cli_id); - - if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->cli_id, info, ilen); - ssl->cli_id_len = ilen; - - return 0; -} - -void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie) -{ - conf->f_cookie_write = f_cookie_write; - conf->f_cookie_check = f_cookie_check; - conf->p_cookie = p_cookie; -} -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf) -{ - if (conf->f_psk != NULL) { - return 1; - } - - if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) { - return 0; - } - - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - return 1; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (conf->psk != NULL && conf->psk_len != 0) { - return 1; - } - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Check verify-data in constant-time. The length OTOH is no secret */ - if (len != 1 + ssl->verify_data_len || - buf[0] != ssl->verify_data_len || - mbedtls_ct_memcmp(buf + 1, ssl->peer_verify_data, - ssl->verify_data_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - if (len != 1 || buf[0] != 0x0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-zero length renegotiation info")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; - } - - return 0; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -/* - * Function for parsing a supported groups (TLS 1.3) or supported elliptic - * curves (TLS 1.2) extension. - * - * The "extension_data" field of a supported groups extension contains a - * "NamedGroupList" value (TLS 1.3 RFC8446): - * enum { - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - * - * The "extension_data" field of a supported elliptic curves extension contains - * a "NamedCurveList" value (TLS 1.2 RFC 8422): - * enum { - * deprecated(1..22), - * secp256r1 (23), secp384r1 (24), secp521r1 (25), - * x25519(29), x448(30), - * reserved (0xFE00..0xFEFF), - * deprecated(0xFF01..0xFF02), - * (0xFFFF) - * } NamedCurve; - * struct { - * NamedCurve named_curve_list<2..2^16-1> - * } NamedCurveList; - * - * The TLS 1.3 supported groups extension was defined to be a compatible - * generalization of the TLS 1.2 supported elliptic curves extension. They both - * share the same extension identifier. - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t list_size, our_size; - const unsigned char *p; - uint16_t *curves_tls_id; - - if (len < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - list_size = MBEDTLS_GET_UINT16_BE(buf, 0); - if (list_size + 2 != len || - list_size % 2 != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Should never happen unless client duplicates the extension */ - if (ssl->handshake->curves_tls_id != NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* Don't allow our peer to make us allocate too much memory, - * and leave room for a final 0 */ - our_size = list_size / 2 + 1; - if (our_size > MBEDTLS_ECP_DP_MAX) { - our_size = MBEDTLS_ECP_DP_MAX; - } - - if ((curves_tls_id = mbedtls_calloc(our_size, - sizeof(*curves_tls_id))) == NULL) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - ssl->handshake->curves_tls_id = curves_tls_id; - - p = buf + 2; - while (list_size > 0 && our_size > 1) { - uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE(p, 0); - - if (mbedtls_ssl_get_ecp_group_id_from_tls_id(curr_tls_id) != - MBEDTLS_ECP_DP_NONE) { - *curves_tls_id++ = curr_tls_id; - our_size--; - } - - list_size -= 2; - p += 2; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t list_size; - const unsigned char *p; - - if (len == 0 || (size_t) (buf[0] + 1) != len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - list_size = buf[0]; - - p = buf + 1; - while (list_size > 0) { - if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, - p[0]); -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); - return 0; - } - - list_size--; - p++; - } - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (ssl->handshake->psa_pake_ctx_is_ok != 1) -#else - if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); - return 0; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, buf, len, - MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - - return ret; - } -#else - if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, - buf, len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* Only mark the extension as OK when we're sure it is */ - ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->session_negotiate->mfl_code = buf[0]; - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t peer_cid_len; - - /* CID extension only makes sense in DTLS */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * struct { - * opaque cid<0..2^8-1>; - * } ConnectionId; - */ - - if (len < 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - peer_cid_len = *buf++; - len--; - - if (len != peer_cid_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Ignore CID if the user has disabled its use. */ - if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - /* Leave ssl->handshake->cid_in_use in its default - * value of MBEDTLS_SSL_CID_DISABLED. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("Client sent CID extension, but CID disabled")); - return 0; - } - - if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; - ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); - MBEDTLS_SSL_DEBUG_BUF(3, "Client CID", buf, peer_cid_len); - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ((void) buf); - - if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; - } - - return 0; -} -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ((void) buf); - - if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { - ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - } - - return 0; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session session; - - mbedtls_ssl_session_init(&session); - - if (ssl->conf->f_ticket_parse == NULL || - ssl->conf->f_ticket_write == NULL) { - return 0; - } - - /* Remember the client asked us to send a new ticket */ - ssl->handshake->new_session_ticket = 1; - - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, len)); - - if (len == 0) { - return 0; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket rejected: renegotiating")); - return 0; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - /* - * Failures are ok: just ignore the ticket and proceed. - */ - if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, - buf, len)) != 0) { - mbedtls_ssl_session_free(&session); - - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); - } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); - } else { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_parse", ret); - } - - return 0; - } - - /* - * Keep the session ID sent by the client, since we MUST send it back to - * inform them we're accepting the ticket (RFC 5077 section 3.4) - */ - session.id_len = ssl->session_negotiate->id_len; - memcpy(&session.id, ssl->session_negotiate->id, session.id_len); - - mbedtls_ssl_session_free(ssl->session_negotiate); - memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session)); - - /* Zeroize instead of free as we copied the content */ - mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session)); - - MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from ticket")); - - ssl->handshake->resume = 1; - - /* Don't send a new ticket after all, this one is OK */ - ssl->handshake->new_session_ticket = 0; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; - size_t i, j; - size_t profile_length; - uint16_t mki_length; - /*! 2 bytes for profile length and 1 byte for mki len */ - const size_t size_of_lengths = 3; - - /* If use_srtp is not configured, just ignore the extension */ - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0)) { - return 0; - } - - /* RFC5764 section 4.1.1 - * uint8 SRTPProtectionProfile[2]; - * - * struct { - * SRTPProtectionProfiles SRTPProtectionProfiles; - * opaque srtp_mki<0..255>; - * } UseSRTPData; - - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - */ - - /* - * Min length is 5: at least one protection profile(2 bytes) - * and length(2 bytes) + srtp_mki length(1 byte) - * Check here that we have at least 2 bytes of protection profiles length - * and one of srtp_mki length - */ - if (len < size_of_lengths) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; - - /* first 2 bytes are protection profile length(in bytes) */ - profile_length = (buf[0] << 8) | buf[1]; - buf += 2; - - /* The profile length cannot be bigger than input buffer size - lengths fields */ - if (profile_length > len - size_of_lengths || - profile_length % 2 != 0) { /* profiles are 2 bytes long, so the length must be even */ - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - /* - * parse the extension list values are defined in - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - */ - for (j = 0; j < profile_length; j += 2) { - uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1]; - client_protection = mbedtls_ssl_check_srtp_profile_value(protection_profile_value); - - if (client_protection != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection))); - } else { - continue; - } - /* check if suggested profile is in our list */ - for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection))); - break; - } - } - if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) { - break; - } - } - buf += profile_length; /* buf points to the mki length */ - mki_length = *buf; - buf++; - - if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || - mki_length + profile_length + size_of_lengths != len) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Parse the mki only if present and mki is supported locally */ - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - mki_length > 0) { - ssl->dtls_srtp_info.mki_len = mki_length; - - memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); - - MBEDTLS_SSL_DEBUG_BUF(3, "using mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/* - * Auxiliary functions for ServerHello parsing and related actions - */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/* - * Return 0 if the given key uses one of the acceptable curves, -1 otherwise - */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_key_curve(mbedtls_pk_context *pk, - uint16_t *curves_tls_id) -{ - uint16_t *curr_tls_id = curves_tls_id; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk); - mbedtls_ecp_group_id curr_grp_id; - - while (*curr_tls_id != 0) { - curr_grp_id = mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id); - if (curr_grp_id == grp_id) { - return 0; - } - curr_tls_id++; - } - - return -1; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */ - -/* - * Try picking a certificate for this ciphersuite, - * return 0 on success and -1 on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_pick_cert(mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info) -{ - mbedtls_ssl_key_cert *cur, *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t pk_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(ciphersuite_info); - psa_key_usage_t pk_usage = - mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(ciphersuite_info); -#else - mbedtls_pk_type_t pk_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - uint32_t flags; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_key_cert != NULL) { - list = ssl->handshake->sni_key_cert; - } else -#endif - list = ssl->conf->key_cert; - - int pk_alg_is_none = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - pk_alg_is_none = (pk_alg == PSA_ALG_NONE); -#else - pk_alg_is_none = (pk_alg == MBEDTLS_PK_NONE); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (pk_alg_is_none) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite requires certificate")); - - if (list == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate")); - return -1; - } - - for (cur = list; cur != NULL; cur = cur->next) { - flags = 0; - MBEDTLS_SSL_DEBUG_CRT(3, "candidate certificate chain, certificate", - cur->cert); - - int key_type_matches = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - ssl->conf->f_async_decrypt_start != NULL || - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); -#else - key_type_matches = ( - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#else - key_type_matches = mbedtls_pk_can_do(&cur->cert->pk, pk_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (!key_type_matches) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); - continue; - } - - /* - * This avoids sending the client a cert it'll reject based on - * keyUsage or other extensions. - * - * It also allows the user to provision different certificates for - * different uses based on keyUsage, eg if they want to avoid signing - * and decrypting with the same RSA key. - */ - if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_VERSION_TLS1_2, - &flags) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " - "(extended) key usage extension")); - continue; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - if (pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve(&cur->cert->pk, - ssl->handshake->curves_tls_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve")); - continue; - } -#endif - - /* If we get there, we got a winner */ - break; - } - - /* Do not update ssl->handshake->key_cert unless there is a match */ - if (cur != NULL) { - ssl->handshake->key_cert = cur; - MBEDTLS_SSL_DEBUG_CRT(3, "selected certificate chain, certificate", - ssl->handshake->key_cert->cert); - return 0; - } - - return -1; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/* - * Check if a given ciphersuite is suitable for use with our config/keys/etc - * Sets ciphersuite_info only if the suite matches. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, - const mbedtls_ssl_ciphersuite_t **ciphersuite_info) -{ - const mbedtls_ssl_ciphersuite_t *suite_info; - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_type; -#endif - - suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); - if (suite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("trying ciphersuite: %#04x (%s)", - (unsigned int) suite_id, suite_info->name)); - - if (suite_info->min_tls_version > ssl->tls_version || - suite_info->max_tls_version < ssl->tls_version) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: version")); - return 0; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: ecjpake " - "not configured or ext missing")); - return 0; - } -#endif - - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && - (ssl->handshake->curves_tls_id == NULL || - ssl->handshake->curves_tls_id[0] == 0)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " - "no common elliptic curve")); - return 0; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - /* If the ciphersuite requires a pre-shared key and we don't - * have one, skip it now rather than failing later */ - if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && - ssl_conf_has_psk_or_cb(ssl->conf) == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no pre-shared key")); - return 0; - } -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /* - * Final check: if ciphersuite requires us to have a - * certificate/key of a particular type: - * - select the appropriate certificate if we have one, or - * - try the next ciphersuite if we don't - * This must be done last since we modify the key_cert list. - */ - if (ssl_pick_cert(ssl, suite_info) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " - "no suitable certificate")); - return 0; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - /* If the ciphersuite requires signing, check whether - * a suitable hash algorithm is present. */ - sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); - if (sig_type != MBEDTLS_PK_NONE && - mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %u", (unsigned) sig_type)); - return 0; - } - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - - *ciphersuite_info = suite_info; - return 0; -} - -/* This function doesn't alert on errors that happen early during - ClientHello parsing because they might indicate that the client is - not talking SSL/TLS at all and would not understand our alert. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) -{ - int ret, got_common_suite; - size_t i, j; - size_t ciph_offset, comp_offset, ext_offset; - size_t msg_len, ciph_len, sess_len, comp_len, ext_len; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - size_t cookie_offset, cookie_len; -#endif - unsigned char *buf, *p, *ext; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int renegotiation_info_seen = 0; -#endif - int handshake_failure = 0; - const int *ciphersuites; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - /* If there is no signature-algorithm extension present, - * we need to fall back to the default values for allowed - * signature-hash pairs. */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - int sig_hash_alg_ext_present = 0; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); - - int renegotiating; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -read_record_header: -#endif - /* - * If renegotiating, then the input was read with mbedtls_ssl_read_record(), - * otherwise read it ourselves manually in order to support SSLv2 - * ClientHello, which doesn't use the same record layer format. - * Otherwise in a scenario of TLS 1.3/TLS 1.2 version negotiation, the - * ClientHello has been already fully fetched by the TLS 1.3 code and the - * flag ssl->keep_current_message is raised. - */ - renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); -#endif - if (!renegotiating && !ssl->keep_current_message) { - if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { - /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - } - - buf = ssl->in_hdr; - - MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl)); - - /* - * TLS Client Hello - * - * Record layer: - * 0 . 0 message type - * 1 . 2 protocol version - * 3 . 11 DTLS: epoch + record sequence number - * 3 . 4 message length - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message type: %d", - buf[0])); - - if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d", - MBEDTLS_GET_UINT16_BE(ssl->in_len, 0))); - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]", - buf[1], buf[2])); - - /* For DTLS if this is the initial handshake, remember the client sequence - * number to use it in our next message (RFC 6347 4.2.1) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE -#endif - ) { - /* Epoch should be 0 for initial handshakes */ - if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, - sizeof(ssl->cur_out_ctr) - 2); - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding")); - ssl->next_record_offset = 0; - ssl->in_left = 0; - goto read_record_header; - } - - /* No MAC to check yet, so we can update right now */ - mbedtls_ssl_dtls_replay_update(ssl); -#endif - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Set by mbedtls_ssl_read_record() */ - msg_len = ssl->in_hslen; - } else -#endif - { - if (ssl->keep_current_message) { - ssl->keep_current_message = 0; - } else { - if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if ((ret = mbedtls_ssl_fetch_input(ssl, - mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - /* Done reading this record, get ready for the next one */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl); - } else -#endif - ssl->in_left = 0; - } - } - - buf = ssl->in_msg; - - MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len); - - ret = ssl->handshake->update_checksum(ssl, buf, msg_len); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - - /* - * Handshake layer: - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 5 DTLS only: message sequence number - * 6 . 8 DTLS only: fragment offset - * 9 . 11 DTLS only: fragment length - */ - if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0])); - - if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - { - size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", - (unsigned) handshake_len)); - - /* The record layer has a record size limit of 2^14 - 1 and - * fragmentation is not supported, so buf[1] should be zero. */ - if (buf[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0", - (unsigned) buf[1])); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* We don't support fragmentation of ClientHello (yet?) */ - if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u", - (unsigned) msg_len, - (unsigned) mbedtls_ssl_hs_hdr_len(ssl), - (unsigned) handshake_len)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* - * Copy the client's handshake message_seq on initial handshakes, - * check sequence number on renego. - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - if (cli_msg_seq != ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " - "%u (expected %u)", cli_msg_seq, - ssl->handshake->in_msg_seq)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->handshake->in_msg_seq++; - } else -#endif - { - unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - ssl->handshake->out_msg_seq = cli_msg_seq; - ssl->handshake->in_msg_seq = cli_msg_seq + 1; - } - { - /* - * For now we don't support fragmentation, so make sure - * fragment_offset == 0 and fragment_length == length - */ - size_t fragment_offset, fragment_length, length; - fragment_offset = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); - fragment_length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); - length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("fragment_offset=%u fragment_length=%u length=%u", - (unsigned) fragment_offset, (unsigned) fragment_length, - (unsigned) length)); - if (fragment_offset != 0 || length != fragment_length) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - buf += mbedtls_ssl_hs_hdr_len(ssl); - msg_len -= mbedtls_ssl_hs_hdr_len(ssl); - - /* - * ClientHello layout: - * 0 . 1 protocol version - * 2 . 33 random bytes (starting with 4 bytes of Unix time) - * 34 . 34 session id length (1 byte) - * 35 . 34+x session id, where x = session id length from byte 34 - * 35+x . 35+x DTLS only: cookie length (1 byte) - * 36+x . .. DTLS only: cookie - * .. . .. ciphersuite list length (2 bytes) - * .. . .. ciphersuite list - * .. . .. compression alg. list length (1 byte) - * .. . .. compression alg. list - * .. . .. extensions length (2 bytes, optional) - * .. . .. extensions (optional) - */ - - /* - * Minimal length (with everything empty and extensions omitted) is - * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can - * read at least up to session id length without worrying. - */ - if (msg_len < 38) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Check and save the protocol version - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2); - - ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, - ssl->conf->transport); - ssl->session_negotiate->tls_version = ssl->tls_version; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server only supports TLS 1.2")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - /* - * Save client random (inc. Unix time) - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", buf + 2, 32); - - memcpy(ssl->handshake->randbytes, buf + 2, 32); - - /* - * Check the session ID length and save session ID - */ - sess_len = buf[34]; - - if (sess_len > sizeof(ssl->session_negotiate->id) || - sess_len + 34 + 2 > msg_len) { /* 2 for cipherlist length field */ - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 35, sess_len); - - ssl->session_negotiate->id_len = sess_len; - memset(ssl->session_negotiate->id, 0, - sizeof(ssl->session_negotiate->id)); - memcpy(ssl->session_negotiate->id, buf + 35, - ssl->session_negotiate->id_len); - - /* - * Check the cookie length and content - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - cookie_offset = 35 + sess_len; - cookie_len = buf[cookie_offset]; - - if (cookie_offset + 1 + cookie_len + 2 > msg_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", - buf + cookie_offset + 1, cookie_len); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (ssl->conf->f_cookie_check != NULL -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE -#endif - ) { - if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, - buf + cookie_offset + 1, cookie_len, - ssl->cli_id, ssl->cli_id_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification failed")); - ssl->handshake->cookie_verify_result = 1; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification passed")); - ssl->handshake->cookie_verify_result = 0; - } - } else -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - { - /* We know we didn't send a cookie, so it should be empty */ - if (cookie_len != 0) { - /* This may be an attacker's probe, so don't send an alert */ - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification skipped")); - } - - /* - * Check the ciphersuitelist length (will be parsed later) - */ - ciph_offset = cookie_offset + 1 + cookie_len; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - ciph_offset = 35 + sess_len; - - ciph_len = MBEDTLS_GET_UINT16_BE(buf, ciph_offset); - - if (ciph_len < 2 || - ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ - (ciph_len % 2) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", - buf + ciph_offset + 2, ciph_len); - - /* - * Check the compression algorithm's length. - * The list contents are ignored because implementing - * MBEDTLS_SSL_COMPRESS_NULL is mandatory and is the only - * option supported by Mbed TLS. - */ - comp_offset = ciph_offset + 2 + ciph_len; - - comp_len = buf[comp_offset]; - - if (comp_len < 1 || - comp_len > 16 || - comp_len + comp_offset + 1 > msg_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, compression", - buf + comp_offset + 1, comp_len); - - /* - * Check the extension length - */ - ext_offset = comp_offset + 1 + comp_len; - if (msg_len > ext_offset) { - if (msg_len < ext_offset + 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ext_len = MBEDTLS_GET_UINT16_BE(buf, ext_offset); - - if (msg_len != ext_offset + 2 + ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } else { - ext_len = 0; - } - - ext = buf + ext_offset + 2; - MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len); - - while (ext_len != 0) { - unsigned int ext_id; - unsigned int ext_size; - if (ext_len < 4) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - ext_id = MBEDTLS_GET_UINT16_BE(ext, 0); - ext_size = MBEDTLS_GET_UINT16_BE(ext, 2); - - if (ext_size + 4 > ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - switch (ext_id) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension")); - ret = mbedtls_ssl_parse_server_name_ext(ssl, ext + 4, - ext + 4 + ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; -#endif - - ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension")); - - ret = mbedtls_ssl_parse_sig_alg_ext(ssl, ext + 4, ext + 4 + ext_size); - if (ret != 0) { - return ret; - } - - sig_hash_alg_ext_present = 1; - break; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); - - ret = ssl_parse_supported_groups_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; - - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG(3, ("found supported point formats extension")); - ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - - ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake kkpp extension")); - - ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG(3, ("found max fragment length extension")); - - ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - - ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt then mac extension")); - - ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG(3, ("found extended master secret extension")); - - ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension")); - - ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - ret = mbedtls_ssl_parse_alpn_ext(ssl, ext + 4, - ext + 4 + ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - - ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - default: - MBEDTLS_SSL_DEBUG_MSG(3, ("unknown extension found: %u (ignoring)", - ext_id)); - } - - ext_len -= 4 + ext_size; - ext += 4 + ext_size; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - - /* - * Try to fall back to default hash SHA1 if the client - * hasn't provided any preferred signature-hash combinations. - */ - if (!sig_hash_alg_ext_present) { - uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; - const uint16_t default_sig_algs[] = { -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, - MBEDTLS_SSL_HASH_SHA1), -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, - MBEDTLS_SSL_HASH_SHA1), -#endif - MBEDTLS_TLS_SIG_NONE - }; - - MBEDTLS_STATIC_ASSERT(sizeof(default_sig_algs) / sizeof(default_sig_algs[0]) - <= MBEDTLS_RECEIVED_SIG_ALGS_SIZE, - "default_sig_algs is too big"); - - memcpy(received_sig_algs, default_sig_algs, sizeof(default_sig_algs)); - } - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - - /* - * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV - */ - for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) { - if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { - MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO ")); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV " - "during renegotiation")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#endif - ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; - break; - } - } - - /* - * Renegotiation security checks - */ - if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake")); - handshake_failure = 1; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension missing (secure)")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { - MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension present (legacy)")); - handshake_failure = 1; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - if (handshake_failure == 1) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* - * Server certification selection (after processing TLS extensions) - */ - if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret); - return ret; - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl->handshake->sni_name = NULL; - ssl->handshake->sni_name_len = 0; -#endif - - /* - * Search for a matching ciphersuite - * (At the end because we need information from the EC-based extensions - * and certificate from the SNI callback triggered by the SNI extension - * or certificate from server certificate selection callback.) - */ - got_common_suite = 0; - ciphersuites = ssl->conf->ciphersuite_list; - ciphersuite_info = NULL; - - if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) { - for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) { - for (i = 0; ciphersuites[i] != 0; i++) { - if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { - continue; - } - - got_common_suite = 1; - - if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], - &ciphersuite_info)) != 0) { - return ret; - } - - if (ciphersuite_info != NULL) { - goto have_ciphersuite; - } - } - } - } else { - for (i = 0; ciphersuites[i] != 0; i++) { - for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) { - if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { - continue; - } - - got_common_suite = 1; - - if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], - &ciphersuite_info)) != 0) { - return ret; - } - - if (ciphersuite_info != NULL) { - goto have_ciphersuite; - } - } - } - } - - if (got_common_suite) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, " - "but none of them usable")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - -have_ciphersuite: - MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name)); - - ssl->session_negotiate->ciphersuite = ciphersuites[i]; - ssl->handshake->ciphersuite_info = ciphersuite_info; - - ssl->state++; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_recv_flight_completed(ssl); - } -#endif - - /* Debugging-only output for testsuite */ -#if defined(MBEDTLS_DEBUG_C) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); - if (sig_alg != MBEDTLS_PK_NONE) { - unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u", - sig_hash)); - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("no hash algorithm for signature algorithm " - "%u - should not happen", (unsigned) sig_alg)); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello")); - - return 0; -} - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static void ssl_write_cid_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - size_t ext_len; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - - *olen = 0; - - /* Skip writing the extension if we don't want to use it or if - * the client hasn't offered it. */ - if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) { - return; - } - - /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX - * which is at most 255, so the increment cannot overflow. */ - if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding CID extension")); - - /* - * struct { - * opaque cid<0..2^8-1>; - * } ConnectionId; - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0); - p += 2; - ext_len = (size_t) ssl->own_cid_len + 1; - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2; - - *p++ = (uint8_t) ssl->own_cid_len; - memcpy(p, ssl->own_cid, ssl->own_cid_len); - - *olen = ssl->own_cid_len + 5; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) -static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - const mbedtls_ssl_ciphersuite_t *suite = NULL; - - /* - * RFC 7366: "If a server receives an encrypt-then-MAC request extension - * from a client and then selects a stream or Authenticated Encryption - * with Associated Data (AEAD) ciphersuite, it MUST NOT send an - * encrypt-then-MAC response extension back to the client." - */ - suite = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite); - if (suite == NULL) { - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; - } else { - mbedtls_ssl_mode_t ssl_mode = - mbedtls_ssl_get_mode_from_ciphersuite( - ssl->session_negotiate->encrypt_then_mac, - suite); - - if (ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM) { - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; - } - } - - if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding encrypt then mac extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding extended master secret " - "extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->handshake->new_session_ticket == 0) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding session ticket extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, secure renegotiation extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0); - p += 2; - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - *p++ = 0x00; - *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF; - *p++ = ssl->verify_data_len * 2 & 0xFF; - - memcpy(p, ssl->peer_verify_data, ssl->verify_data_len); - p += ssl->verify_data_len; - memcpy(p, ssl->own_verify_data, ssl->verify_data_len); - p += ssl->verify_data_len; - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - *p++ = 0x00; - *p++ = 0x01; - *p++ = 0x00; - } - - *olen = (size_t) (p - buf); -} - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, max_fragment_length extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 1; - - *p++ = ssl->session_negotiate->mfl_code; - - *olen = 5; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - ((void) ssl); - - if ((ssl->handshake->cli_exts & - MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT) == 0) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, supported_point_formats extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 2; - - *p++ = 1; - *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; - - *olen = 6; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t kkpp_len; - - *olen = 0; - - /* Skip costly computation if not needed */ - if (ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, ecjpake kkpp extension")); - - if (end - p < 4) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return; - } - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); - p += 2; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - p + 2, (size_t) (end - p - 2), &kkpp_len, - MBEDTLS_ECJPAKE_ROUND_ONE); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return; - } -#else - ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, - p + 2, (size_t) (end - p - 2), &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret); - return; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); - p += 2; - - *olen = kkpp_len + 4; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) && defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - size_t mki_len = 0, ext_len = 0; - uint16_t profile_value = 0; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - - *olen = 0; - - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding use_srtp extension")); - - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { - mki_len = ssl->dtls_srtp_info.mki_len; - } - - /* The extension total size is 9 bytes : - * - 2 bytes for the extension tag - * - 2 bytes for the total size - * - 2 bytes for the protection profile length - * - 2 bytes for the protection profile - * - 1 byte for the mki length - * + the actual mki length - * Check we have enough room in the output buffer */ - if ((size_t) (end - buf) < mki_len + 9) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return; - } - - /* extension */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0); - /* - * total length 5 and mki value: only one profile(2 bytes) - * and length(2 bytes) and srtp_mki ) - */ - ext_len = 5 + mki_len; - MBEDTLS_PUT_UINT16_BE(ext_len, buf, 2); - - /* protection profile length: 2 */ - buf[4] = 0x00; - buf[5] = 0x02; - profile_value = mbedtls_ssl_check_srtp_profile_value( - ssl->dtls_srtp_info.chosen_dtls_srtp_profile); - if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_PUT_UINT16_BE(profile_value, buf, 6); - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("use_srtp extension invalid profile")); - return; - } - - buf[8] = mki_len & 0xFF; - memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len); - - *olen = 9 + mki_len; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = ssl->out_msg + 4; - unsigned char *cookie_len_byte; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello verify request")); - - /* - * struct { - * ProtocolVersion server_version; - * opaque cookie<0..2^8-1>; - * } HelloVerifyRequest; - */ - - /* The RFC is not clear on this point, but sending the actual negotiated - * version looks like the most interoperable thing to do. */ - mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version); - MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); - p += 2; - - /* If we get here, f_cookie_check is not null */ - if (ssl->conf->f_cookie_write == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("inconsistent cookie callbacks")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Skip length byte until we know the length */ - cookie_len_byte = p++; - - if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie, - &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, - ssl->cli_id, ssl->cli_id_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_cookie_write", ret); - return ret; - } - - *cookie_len_byte = (unsigned char) (p - (cookie_len_byte + 1)); - - MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte); - - ssl->out_msglen = (size_t) (p - ssl->out_msg); - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - - ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello verify request")); - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl) -{ - int ret; - mbedtls_ssl_session session_tmp; - mbedtls_ssl_session * const session = ssl->session_negotiate; - - /* Resume is 0 by default, see ssl_handshake_init(). - * It may be already set to 1 by ssl_parse_session_ticket_ext(). */ - if (ssl->handshake->resume == 1) { - return; - } - if (session->id_len == 0) { - return; - } - if (ssl->conf->f_get_cache == NULL) { - return; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - return; - } -#endif - - mbedtls_ssl_session_init(&session_tmp); - - ret = ssl->conf->f_get_cache(ssl->conf->p_cache, - session->id, - session->id_len, - &session_tmp); - if (ret != 0) { - goto exit; - } - - if (session->ciphersuite != session_tmp.ciphersuite) { - /* Mismatch between cached and negotiated session */ - goto exit; - } - - /* Move semantics */ - mbedtls_ssl_session_free(session); - *session = session_tmp; - memset(&session_tmp, 0, sizeof(session_tmp)); - - MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from cache")); - ssl->handshake->resume = 1; - -exit: - - mbedtls_ssl_session_free(&session_tmp); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_hello(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t; -#endif - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen, ext_len = 0, n; - unsigned char *buf, *p; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello")); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->cookie_verify_result != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("client hello was not authenticated")); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - - return ssl_write_hello_verify_request(ssl); - } -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 5 protocol version - * 6 . 9 UNIX time() - * 10 . 37 random bytes - */ - buf = ssl->out_msg; - p = buf + 4; - - mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version); - p += 2; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen version: [%d:%d]", - buf[4], buf[5])); - -#if defined(MBEDTLS_HAVE_TIME) - t = mbedtls_time(NULL); - MBEDTLS_PUT_UINT32_BE(t, p, 0); - p += 4; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) t)); -#else - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { - return ret; - } - - p += 4; -#endif /* MBEDTLS_HAVE_TIME */ - - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { - return ret; - } - p += 20; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* - * RFC 8446 - * TLS 1.3 has a downgrade protection mechanism embedded in the server's - * random value. TLS 1.3 servers which negotiate TLS 1.2 or below in - * response to a ClientHello MUST set the last 8 bytes of their Random - * value specially in their ServerHello. - */ - if (mbedtls_ssl_conf_is_tls13_enabled(ssl->conf)) { - static const unsigned char magic_tls12_downgrade_string[] = - { 'D', 'O', 'W', 'N', 'G', 'R', 'D', 1 }; - - MBEDTLS_STATIC_ASSERT( - sizeof(magic_tls12_downgrade_string) == 8, - "magic_tls12_downgrade_string does not have the expected size"); - - memcpy(p, magic_tls12_downgrade_string, - sizeof(magic_tls12_downgrade_string)); - } else -#endif - { - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { - return ret; - } - } - p += 8; - - memcpy(ssl->handshake->randbytes + 32, buf + 6, 32); - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 6, 32); - - ssl_handle_id_based_session_resumption(ssl); - - if (ssl->handshake->resume == 0) { - /* - * New session, create a new session id, - * unless we're about to issue a session ticket - */ - ssl->state++; - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->new_session_ticket != 0) { - ssl->session_negotiate->id_len = n = 0; - memset(ssl->session_negotiate->id, 0, 32); - } else -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - { - ssl->session_negotiate->id_len = n = 32; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, - n)) != 0) { - return ret; - } - } - } else { - /* - * Resuming a session - */ - n = ssl->session_negotiate->id_len; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - } - - /* - * 38 . 38 session id length - * 39 . 38+n session id - * 39+n . 40+n chosen ciphersuite - * 41+n . 41+n chosen compression alg. - * 42+n . 43+n extensions length - * 44+n . 43+n+m extensions - */ - *p++ = (unsigned char) ssl->session_negotiate->id_len; - memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); - p += ssl->session_negotiate->id_len; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 39, n); - MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", - ssl->handshake->resume ? "a" : "no")); - - MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); - p += 2; - *p++ = MBEDTLS_BYTE_0(MBEDTLS_SSL_COMPRESS_NULL); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %s", - mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite))); - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: 0x%02X", - (unsigned int) MBEDTLS_SSL_COMPRESS_NULL)); - - /* - * First write extensions, then the total length - */ - ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - const mbedtls_ssl_ciphersuite_t *suite = - mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); - if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) { - ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_ALPN) - unsigned char *end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN - 4; - if ((ret = mbedtls_ssl_write_alpn_ext(ssl, p + 2 + ext_len, end, &olen)) - != 0) { - return ret; - } - - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len)); - - if (ext_len > 0) { - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2 + ext_len; - } - - ssl->out_msglen = (size_t) (p - buf); - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - - ret = mbedtls_ssl_write_handshake_msg(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - - return ret; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - ssl->state++; - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - uint16_t dn_size, total_dn_size; /* excluding length bytes */ - size_t ct_len, sa_len; /* including length bytes */ - unsigned char *buf, *p; - const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - const mbedtls_x509_crt *crt; - int authmode; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - - ssl->state++; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { - authmode = ssl->handshake->sni_authmode; - } else -#endif - authmode = ssl->conf->authmode; - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) || - authmode == MBEDTLS_SSL_VERIFY_NONE) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - return 0; - } - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 4 cert type count - * 5 .. m-1 cert types - * m .. m+1 sig alg length (TLS 1.2 only) - * m+1 .. n-1 SignatureAndHashAlgorithms (TLS 1.2 only) - * n .. n+1 length of all DNs - * n+2 .. n+3 length of DN 1 - * n+4 .. ... Distinguished Name #1 - * ... .. ... length of DN 2, etc. - */ - buf = ssl->out_msg; - p = buf + 4; - - /* - * Supported certificate types - * - * ClientCertificateType certificate_types<1..2^8-1>; - * enum { (255) } ClientCertificateType; - */ - ct_len = 0; - -#if defined(MBEDTLS_RSA_C) - p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN; -#endif - - p[0] = (unsigned char) ct_len++; - p += ct_len; - - sa_len = 0; - - /* - * Add signature_algorithms for verify (TLS 1.2) - * - * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * enum { (255) } HashAlgorithm; - * enum { (255) } SignatureAlgorithm; - */ - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); - if (sig_alg == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) { - unsigned char hash = MBEDTLS_BYTE_1(*sig_alg); - - if (mbedtls_ssl_set_calc_verify_md(ssl, hash)) { - continue; - } - if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) { - continue; - } - - /* Write elements at offsets starting from 1 (offset 0 is for the - * length). Thus the offset of each element is the length of the - * partial list including that element. */ - sa_len += 2; - MBEDTLS_PUT_UINT16_BE(*sig_alg, p, sa_len); - - } - - /* Fill in list length. */ - MBEDTLS_PUT_UINT16_BE(sa_len, p, 0); - sa_len += 2; - p += sa_len; - - /* - * DistinguishedName certificate_authorities<0..2^16-1>; - * opaque DistinguishedName<1..2^16-1>; - */ - p += 2; - - total_dn_size = 0; - - if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) { - /* NOTE: If trusted certificates are provisioned - * via a CA callback (configured through - * `mbedtls_ssl_conf_ca_cb()`, then the - * CertificateRequest is currently left empty. */ - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->dn_hints != NULL) { - crt = ssl->handshake->dn_hints; - } else -#endif - if (ssl->conf->dn_hints != NULL) { - crt = ssl->conf->dn_hints; - } else -#endif -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_ca_chain != NULL) { - crt = ssl->handshake->sni_ca_chain; - } else -#endif - crt = ssl->conf->ca_chain; - - while (crt != NULL && crt->version != 0) { - /* It follows from RFC 5280 A.1 that this length - * can be represented in at most 11 bits. */ - dn_size = (uint16_t) crt->subject_raw.len; - - if (end < p || (size_t) (end - p) < 2 + (size_t) dn_size) { - MBEDTLS_SSL_DEBUG_MSG(1, ("skipping CAs: buffer too short")); - break; - } - - MBEDTLS_PUT_UINT16_BE(dn_size, p, 0); - p += 2; - memcpy(p, crt->subject_raw.p, dn_size); - p += dn_size; - - MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size); - - total_dn_size += (unsigned short) (2 + dn_size); - crt = crt->next; - } - } - - ssl->out_msglen = (size_t) (p - buf); - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); - - ret = mbedtls_ssl_write_handshake_msg(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)) -#if defined(MBEDTLS_USE_PSA_CRYPTO) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *pk; - mbedtls_pk_type_t pk_type; - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; - size_t key_len; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id; - mbedtls_ecp_keypair *key; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ - - pk = mbedtls_ssl_own_key(ssl); - - if (pk == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - pk_type = mbedtls_pk_get_type(pk); - - switch (pk_type) { - case MBEDTLS_PK_OPAQUE: -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - /* Get the attributes of the key previously parsed by PK module in - * order to extract its type and length (in bits). */ - status = psa_get_key_attributes(pk->priv_id, &key_attributes); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - if (pk_type != MBEDTLS_PK_OPAQUE) { - /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK - * module and only have ECDSA capabilities. Since we need - * them for ECDH later, we export and then re-import them with - * proper flags and algorithm. Of course We also set key's type - * and bits that we just got above. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - /* Set this key as owned by the TLS library: it will be its duty - * to clear it exit. */ - ssl->handshake->xxdh_psa_privkey_is_external = 0; - - ret = 0; - break; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - /* Opaque key is created by the user (externally from Mbed TLS) - * so we assume it already has the right algorithm and flags - * set. Just copy its ID as reference. */ - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - ssl->handshake->xxdh_psa_privkey_is_external = 1; - ret = 0; - break; - -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - key = mbedtls_pk_ec_rw(*pk); - grp_id = mbedtls_pk_get_ec_group_id(pk); - if (grp_id == MBEDTLS_ECP_DP_NONE) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - /* This elliptic curve is not supported */ - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* If the above conversion to TLS ID was fine, then also this one will - be, so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_platform_zeroize(buf, sizeof(buf)); - break; - } - - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - mbedtls_platform_zeroize(buf, sizeof(buf)); - break; - } - - mbedtls_platform_zeroize(buf, sizeof(buf)); - ret = 0; - break; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ - default: - ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -exit: - psa_reset_key_attributes(&key_attributes); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - return ret; -} -#else /* MBEDTLS_USE_PSA_CRYPTO */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - const mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); - if (private_key == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no server private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_ECKEY)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, - mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)), - MBEDTLS_ECDH_OURS)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_ASYNC_PRIVATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl, - size_t *signature_len) -{ - /* Append the signature to ssl->out_msg, leaving 2 bytes for the - * signature length which will be added in ssl_write_server_key_exchange - * after the call to ssl_prepare_server_key_exchange. - * ssl_write_server_key_exchange also takes care of incrementing - * ssl->out_msglen. */ - unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; - size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN - - sig_start); - int ret = ssl->conf->f_async_resume(ssl, - sig_start, signature_len, sig_max_len); - if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data(ssl, NULL); - } - MBEDTLS_SSL_DEBUG_RET(2, "ssl_resume_server_key_exchange", ret); - return ret; -} -#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && - defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ - -/* Prepare the ServerKeyExchange message, up to and including - * calculating the signature if any, but excluding formatting the - * signature and sending the message. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, - size_t *signature_len) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - unsigned char *dig_signed = NULL; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ - - (void) ciphersuite_info; /* unused in some configurations */ -#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - (void) signature_len; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); -#endif -#endif - - ssl->out_msglen = 4; /* header (type:1, length:3) to be written later */ - - /* - * - * Part 1: Provide key exchange parameters for chosen ciphersuite. - * - */ - - /* - * - ECJPAKE key exchanges - */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char *out_p = ssl->out_msg + ssl->out_msglen; - unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - - ssl->out_msglen; - size_t output_offset = 0; - size_t output_len = 0; - - /* - * The first 3 bytes are: - * [0] MBEDTLS_ECP_TLS_NAMED_CURVE - * [1, 2] elliptic curve's TLS ID - * - * However since we only support secp256r1 for now, we hardcode its - * TLS ID here - */ - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - MBEDTLS_ECP_DP_SECP256R1); - if (tls_id == 0) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE; - MBEDTLS_PUT_UINT16_BE(tls_id, out_p, 1); - output_offset += 3; - - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - out_p + output_offset, - end_p - out_p - output_offset, &output_len, - MBEDTLS_ECJPAKE_ROUND_TWO); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return ret; - } - - output_offset += output_len; - ssl->out_msglen += output_offset; -#else - size_t len = 0; - - ret = mbedtls_ecjpake_write_round_two( - &ssl->handshake->ecjpake_ctx, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); - return ret; - } - - ssl->out_msglen += len; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - - /* - * For (EC)DHE key exchanges with PSK, parameters are prefixed by support - * identity hint (RFC 4279, Sec. 3). Until someone needs this feature, - * we use empty support identity hints here. - **/ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - ssl->out_msg[ssl->out_msglen++] = 0x00; - ssl->out_msg[ssl->out_msglen++] = 0x00; - } -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - - /* - * - DHE key exchanges - */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * Ephemeral DH parameters: - * - * struct { - * opaque dh_p<1..2^16-1>; - * opaque dh_g<1..2^16-1>; - * opaque dh_Ys<1..2^16-1>; - * } ServerDHParams; - */ - if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx, - &ssl->conf->dhm_P, - &ssl->conf->dhm_G)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret); - return ret; - } - - if ((ret = mbedtls_dhm_make_params( - &ssl->handshake->dhm_ctx, - (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), - ssl->out_msg + ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret); - return ret; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - dig_signed = ssl->out_msg + ssl->out_msglen; -#endif - - ssl->out_msglen += len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */ - - /* - * - ECDHE key exchanges - */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) { - /* - * Ephemeral ECDH parameters: - * - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - */ - uint16_t *curr_tls_id = ssl->handshake->curves_tls_id; - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - /* Match our preference list against the offered curves */ - if ((group_list == NULL) || (curr_tls_id == NULL)) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - for (; *group_list != 0; group_list++) { - for (curr_tls_id = ssl->handshake->curves_tls_id; - *curr_tls_id != 0; curr_tls_id++) { - if (*curr_tls_id == *group_list) { - goto curve_matching_done; - } - } - } - -curve_matching_done: - if (*curr_tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", - mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id))); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t key_attributes; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - uint8_t *p = ssl->out_msg + ssl->out_msglen; - const size_t header_size = 4; // curve_type(1), namedcurve(2), - // data length(1) - const size_t data_length_size = 1; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - size_t ec_bits = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); - - /* Convert EC's TLS ID to PSA key type. */ - if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id, - &key_type, - &ec_bits) == PSA_ERROR_NOT_SUPPORTED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse.")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - handshake->xxdh_psa_type = key_type; - handshake->xxdh_psa_bits = ec_bits; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* - * ECParameters curve_params - * - * First byte is curve_type, always named_curve - */ - *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE; - - /* - * Next two bytes are the namedcurve value - */ - MBEDTLS_PUT_UINT16_BE(*curr_tls_id, p, 0); - p += 2; - - /* Generate ECDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); - return ret; - } - - /* - * ECPoint public - * - * First byte is data length. - * It will be filled later. p holds now the data length location. - */ - - /* Export the public part of the ECDH private key from PSA. - * Make one byte space for the length. - */ - unsigned char *own_pubkey = p + data_length_size; - - size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - - (own_pubkey - ssl->out_msg)); - - status = psa_export_public_key(handshake->xxdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); - (void) psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return ret; - } - - /* Store the length of the exported public key. */ - *p = (uint8_t) len; - - /* Determine full message length. */ - len += header_size; -#else - mbedtls_ecp_group_id curr_grp_id = - mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id); - - if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, - curr_grp_id)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret); - return ret; - } - - if ((ret = mbedtls_ecdh_make_params( - &ssl->handshake->ecdh_ctx, &len, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - dig_signed = ssl->out_msg + ssl->out_msglen; -#endif - - ssl->out_msglen += len; - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ - - /* - * - * Part 2: For key exchanges involving the server signing the - * exchange parameters, compute and add the signature here. - * - */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { - if (dig_signed == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - size_t dig_signed_len = (size_t) (ssl->out_msg + ssl->out_msglen - dig_signed); - size_t hashlen = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * 2.1: Choose hash algorithm: - * For TLS 1.2, obey signature-hash-algorithm extension - * to choose appropriate hash. - */ - - mbedtls_pk_type_t sig_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); - - unsigned char sig_hash = - (unsigned char) mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); - - mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash(sig_hash); - - /* For TLS 1.2, obey signature-hash-algorithm extension - * (RFC 5246, Sec. 7.4.1.4.1). */ - if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - /* (... because we choose a cipher suite - * only if there is a matching hash.) */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("pick hash algorithm %u for signing", (unsigned) md_alg)); - - /* - * 2.2: Compute the hash to be signed - */ - if (md_alg != MBEDTLS_MD_NONE) { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, - dig_signed, - dig_signed_len, - md_alg); - if (ret != 0) { - return ret; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); - - /* - * 2.3: Compute and add the signature - */ - /* - * We need to specify signature and hash algorithm explicitly through - * a prefix to the signature. - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * struct { - * SignatureAndHashAlgorithm algorithm; - * opaque signature<0..2^16-1>; - * } DigitallySigned; - * - */ - - ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg(md_alg); - ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg(sig_alg); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_sign_start != NULL) { - ret = ssl->conf->f_async_sign_start(ssl, - mbedtls_ssl_own_cert(ssl), - md_alg, hash, hashlen); - switch (ret) { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_sign was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return ssl_resume_server_key_exchange(ssl, signature_len); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - default: - MBEDTLS_SSL_DEBUG_RET(1, "f_async_sign_start", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (mbedtls_ssl_own_key(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - /* Append the signature to ssl->out_msg, leaving 2 bytes for the - * signature length which will be added in ssl_write_server_key_exchange - * after the call to ssl_prepare_server_key_exchange. - * ssl_write_server_key_exchange also takes care of incrementing - * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len, - ssl->conf->f_rng, - ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); - return ret; - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - - return 0; -} - -/* Prepare the ServerKeyExchange message and send it. For ciphersuites - * that do not include a ServerKeyExchange message, do nothing. Either - * way, if successful, move on to the next step in the SSL state - * machine. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t signature_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) - /* Extract static ECDH parameters and abort if ServerKeyExchange - * is not needed. */ - if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { - /* For suites involving ECDH, extract DH parameters - * from certificate at this point. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { - ret = ssl_get_ecdh_params_from_cert(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - return ret; - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - - /* Key exchanges not involving ephemeral keys don't use - * ServerKeyExchange, so end here. */ - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); - ssl->state++; - return 0; - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /* If we have already prepared the message and there is an ongoing - * signature operation, resume signing. */ - if (ssl->handshake->async_in_progress != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("resuming signature operation")); - ret = ssl_resume_server_key_exchange(ssl, &signature_len); - } else -#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && - defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ - { - /* ServerKeyExchange is needed. Prepare the message. */ - ret = ssl_prepare_server_key_exchange(ssl, &signature_len); - } - - if (ret != 0) { - /* If we're starting to write a new message, set ssl->out_msglen - * to 0. But if we're resuming after an asynchronous message, - * out_msglen is the amount of data written so far and mst be - * preserved. */ - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange (pending)")); - } else { - ssl->out_msglen = 0; - } - return ret; - } - - /* If there is a signature, write its length. - * ssl_prepare_server_key_exchange already wrote the signature - * itself at its proper place in the output buffer. */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if (signature_len != 0) { - ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1(signature_len); - ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0(signature_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "my signature", - ssl->out_msg + ssl->out_msglen, - signature_len); - - /* Skip over the already-written signature */ - ssl->out_msglen += signature_len; - } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - - /* Add header and send. */ - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; - - ssl->state++; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange")); - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello done")); - - ssl->out_msglen = 4; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; - - ssl->state++; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_send_flight_completed(ssl); - } -#endif - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello done")); - - return 0; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t n; - - /* - * Receive G^Y mod P, premaster = (G^Y)^X mod P - */ - if (*p + 2 > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - n = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - if (*p + n > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - *p += n; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = ssl->conf->f_async_resume(ssl, - peer_pms, peer_pmslen, peer_pmssize); - if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data(ssl, NULL); - } - MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret); - return ret; -} -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl); - if (own_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate")); - return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - mbedtls_pk_context *public_key = &own_cert->pk; - mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); - size_t len = mbedtls_pk_get_len(public_key); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /* If we have already started decoding the message and there is an ongoing - * decryption operation, resume signing. */ - if (ssl->handshake->async_in_progress != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation")); - return ssl_resume_decrypt_pms(ssl, - peer_pms, peer_pmslen, peer_pmssize); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - /* - * Prepare to decrypt the premaster using own private RSA key - */ - if (p + 2 > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - if (*p++ != MBEDTLS_BYTE_1(len) || - *p++ != MBEDTLS_BYTE_0(len)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (p + len != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Decrypt the premaster secret - */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_decrypt_start != NULL) { - ret = ssl->conf->f_async_decrypt_start(ssl, - mbedtls_ssl_own_cert(ssl), - p, len); - switch (ret) { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_decrypt_start was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return ssl_resume_decrypt_pms(ssl, - peer_pms, - peer_pmslen, - peer_pmssize); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - default: - MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - ret = mbedtls_pk_decrypt(private_key, p, len, - peer_pms, peer_pmslen, peer_pmssize, - ssl->conf->f_rng, ssl->conf->p_rng); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *pms = ssl->handshake->premaster + pms_offset; - unsigned char ver[2]; - unsigned char fake_pms[48], peer_pms[48]; - size_t peer_pmslen; - mbedtls_ct_condition_t diff; - - /* In case of a failure in decryption, the decryption may write less than - * 2 bytes of output, but we always read the first two bytes. It doesn't - * matter in the end because diff will be nonzero in that case due to - * ret being nonzero, and we only care whether diff is 0. - * But do initialize peer_pms and peer_pmslen for robustness anyway. This - * also makes memory analyzers happy (don't access uninitialized memory, - * even if it's an unsigned char). */ - peer_pms[0] = peer_pms[1] = ~0; - peer_pmslen = 0; - - ret = ssl_decrypt_encrypted_pms(ssl, p, end, - peer_pms, - &peer_pmslen, - sizeof(peer_pms)); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - return ret; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - mbedtls_ssl_write_version(ver, ssl->conf->transport, - ssl->session_negotiate->tls_version); - - /* Avoid data-dependent branches while checking for invalid - * padding, to protect against timing-based Bleichenbacher-type - * attacks. */ - diff = mbedtls_ct_bool(ret); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48)); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0])); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1])); - - /* - * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding - * must not cause the connection to end immediately; instead, send a - * bad_record_mac later in the handshake. - * To protect against timing-based variants of the attack, we must - * not have any branch that depends on whether the decryption was - * successful. In particular, always generate the fake premaster secret, - * regardless of whether it will ultimately influence the output or not. - */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); - if (ret != 0) { - /* It's ok to abort on an RNG failure, since this does not reveal - * anything about the RSA decryption. */ - return ret; - } - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (diff != MBEDTLS_CT_FALSE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - } -#endif - - if (sizeof(ssl->handshake->premaster) < pms_offset || - sizeof(ssl->handshake->premaster) - pms_offset < 48) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - ssl->handshake->pmslen = 48; - - /* Set pms to either the true or the fake PMS, without - * data-dependent branches. */ - mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen); - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end) -{ - int ret = 0; - uint16_t n; - - if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no pre-shared key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - /* - * Receive client pre-shared key identity name - */ - if (end - *p < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - n = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - if (n == 0 || n > end - *p) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (ssl->conf->f_psk != NULL) { - if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) { - ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - } else { - /* Identity is not a big secret since clients send it in the clear, - * but treat it carefully anyway, just in case */ - if (n != ssl->conf->psk_identity_len || - mbedtls_ct_memcmp(ssl->conf->psk_identity, *p, n) != 0) { - ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - } - - if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { - MBEDTLS_SSL_DEBUG_BUF(3, "Unknown PSK identity", *p, n); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY); - return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - - *p += n; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - unsigned char *p, *end; - - ciphersuite_info = ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA && - (ssl->handshake->async_in_progress != 0)) { - /* We've already read a record and there is an asynchronous - * operation in progress to decrypt it. So skip reading the - * record. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record")); - } else -#endif - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - end = ssl->in_msg + ssl->in_hslen; - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { - if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); - return ret; - } - - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t data_len = (size_t) (*p++); - size_t buf_len = (size_t) (end - p); - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Read the peer's public key.")); - - /* - * We must have at least two bytes (1 for length, at least 1 for data) - */ - if (buf_len < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length: %" MBEDTLS_PRINTF_SIZET, - buf_len)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - if (data_len < 1 || data_len > buf_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - data_len, buf_len)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Store peer's ECDH public key. */ - if (data_len > sizeof(handshake->xxdh_psa_peerkey)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - data_len, - sizeof(handshake->xxdh_psa_peerkey))); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - memcpy(handshake->xxdh_psa_peerkey, p, data_len); - handshake->xxdh_psa_peerkey_len = data_len; - - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement( - PSA_ALG_ECDH, handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len, - handshake->premaster, sizeof(handshake->premaster), - &handshake->pmslen); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); - if (handshake->xxdh_psa_privkey_is_external == 0) { - (void) psa_destroy_key(handshake->xxdh_psa_privkey); - } - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return ret; - } - - if (handshake->xxdh_psa_privkey_is_external == 0) { - status = psa_destroy_key(handshake->xxdh_psa_privkey); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); - return ret; - } - } - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; -#else - if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, (size_t) (end - p))) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP); - - if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); - return ret; - } - - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char *pms = ssl->handshake->premaster; - unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); - size_t pms_len; - - /* Write length only when we know the actual value */ - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - pms + 2, pms_end - (pms + 2), &pms_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0); - pms += 2 + pms_len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); -#else - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - size_t ecpoint_len; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return ret; - } - - /* Keep a copy of the peer's public key */ - if (p >= end) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ecpoint_len = *(p++); - if ((size_t) (end - p) < ecpoint_len) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account - the sizes of the FFDH keys which are at least 2048 bits. - The size of the array is thus greater than 256 bytes which is greater than any - possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/ -#if !defined(PSA_WANT_ALG_FFDH) - if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#else - MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX, - "peer key buffer too small"); -#endif - - memcpy(handshake->xxdh_psa_peerkey, p, ecpoint_len); - handshake->xxdh_psa_peerkey_len = ecpoint_len; - p += ecpoint_len; - - /* As RFC 5489 section 2, the premaster secret is formed as follows: - * - a uint16 containing the length (in octets) of the ECDH computation - * - the octet string produced by the ECDH computation - * - a uint16 containing the length (in octets) of the PSK - * - the PSK itself - */ - unsigned char *psm = ssl->handshake->premaster; - const unsigned char * const psm_end = - psm + sizeof(ssl->handshake->premaster); - /* uint16 to store length (in octets) of the ECDH computation */ - const size_t zlen_size = 2; - size_t zlen = 0; - - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, - handshake->xxdh_psa_peerkey_len, - psm + zlen_size, - psm_end - (psm + zlen_size), - &zlen); - - destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } else if (destruction_status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(destruction_status); - } - - /* Write the ECDH computation length before the ECDH computation */ - MBEDTLS_PUT_UINT16_BE(zlen, psm, 0); - psm += zlen_size + zlen; - -#else /* MBEDTLS_USE_PSA_CRYPTO */ - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - - if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, (size_t) (end - p))) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP); - - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret); - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p), - MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret); - return ret; - } -#else - ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, - p, (size_t) (end - p)); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - - ssl->state++; - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); - - return 0; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t i, sig_len; - unsigned char hash[48]; - unsigned char *hash_start = hash; - size_t hashlen; - mbedtls_pk_type_t pk_alg; - mbedtls_md_type_t md_alg; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - mbedtls_pk_context *peer_pk; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; - return 0; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (ssl->session_negotiate->peer_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; - return 0; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert_digest == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; - return 0; - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* Read the message without adding it to the checksum */ - ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_read_record"), ret); - return ret; - } - - ssl->state++; - - /* Process the message contents */ - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - i = mbedtls_ssl_hs_hdr_len(ssl); - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * struct { - * SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only - * opaque signature<0..2^16-1>; - * } DigitallySigned; - */ - if (i + 2 > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Hash - */ - md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]); - - if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" - " for verify message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - -#if !defined(MBEDTLS_MD_SHA1) - if (MBEDTLS_MD_SHA1 == md_alg) { - hash_start += 16; - } -#endif - - /* Info from md_alg will be used instead */ - hashlen = 0; - - i++; - - /* - * Signature - */ - if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) - == MBEDTLS_PK_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" - " for verify message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * Check the certificate's key type matches the signature alg - */ - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - i++; - - if (i + 2 > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i); - i += 2; - - if (i + sig_len != ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Calculate hash and verify signature */ - { - size_t dummy_hlen; - ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret); - return ret; - } - } - - if ((ret = mbedtls_pk_verify(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); - return ret; - } - - ret = mbedtls_ssl_update_handshake_status(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tlen; - uint32_t lifetime; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write new session ticket")); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET; - - /* - * struct { - * uint32 ticket_lifetime_hint; - * opaque ticket<0..2^16-1>; - * } NewSessionTicket; - * - * 4 . 7 ticket_lifetime_hint (0 = unspecified) - * 8 . 9 ticket_len (n) - * 10 . 9+n ticket content - */ - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->ticket_creation_time = mbedtls_ms_time(); -#endif - if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, - ssl->session_negotiate, - ssl->out_msg + 10, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, - &tlen, &lifetime)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_write", ret); - tlen = 0; - } - - MBEDTLS_PUT_UINT32_BE(lifetime, ssl->out_msg, 4); - MBEDTLS_PUT_UINT16_BE(tlen, ssl->out_msg, 8); - ssl->out_msglen = 10 + tlen; - - /* - * Morally equivalent to updating ssl->state, but NewSessionTicket and - * ChangeCipherSpec share the same state. - */ - ssl->handshake->new_session_ticket = 0; - - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -/* - * SSL handshake -- server side -- single step - */ -int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state)); - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - break; - - /* - * <== ClientHello - */ - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_parse_client_hello(ssl); - break; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: - return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED; -#endif - - /* - * ==> ServerHello - * Certificate - * ( ServerKeyExchange ) - * ( CertificateRequest ) - * ServerHelloDone - */ - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_write_server_hello(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_write_certificate(ssl); - break; - - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_write_server_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_write_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_write_server_hello_done(ssl); - break; - - /* - * <== ( Certificate/Alert ) - * ClientKeyExchange - * ( CertificateVerify ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate(ssl); - break; - - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_parse_client_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_parse_certificate_verify(ssl); - break; - - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_parse_finished(ssl); - break; - - /* - * ==> ( NewSessionTicket ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->new_session_ticket != 0) { - ret = ssl_write_new_session_ticket(ssl); - } else -#endif - ret = mbedtls_ssl_write_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_write_finished(ssl); - break; - - case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup(ssl); - break; - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return ret; -} - -void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order) -{ - conf->respect_cli_pref = order; -} - -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c deleted file mode 100644 index 919db7d46..000000000 --- a/library/ssl_tls13_client.c +++ /dev/null @@ -1,3181 +0,0 @@ -/* - * TLS 1.3 client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "ssl_client.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -/* Write extensions */ - -/* - * ssl_tls13_write_supported_versions_ext(): - * - * struct { - * ProtocolVersion versions<2..254>; - * } SupportedVersions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_supported_versions_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - unsigned char versions_len = (ssl->handshake->min_tls_version <= - MBEDTLS_SSL_VERSION_TLS1_2) ? 4 : 2; - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding supported versions extension")); - - /* Check if we have space to write the extension: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - versions_length (1 byte ) - * - versions (2 or 4 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + versions_len); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0); - MBEDTLS_PUT_UINT16_BE(versions_len + 1, p, 2); - p += 4; - - /* Length of versions */ - *p++ = versions_len; - - /* Write values of supported versions. - * They are defined by the configuration. - * Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2. - */ - mbedtls_ssl_write_version(p, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_3); - MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [3:4]")); - - - if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) { - mbedtls_ssl_write_version(p + 2, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); - MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [3:3]")); - } - - *out_len = 5 + versions_len; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - ((void) ssl); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2); - if (mbedtls_ssl_read_version(buf, ssl->conf->transport) != - MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(1, ("unexpected version")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if (&buf[2] != end) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("supported_versions ext data length incorrect")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - const unsigned char *p = buf; - const unsigned char *end = buf + len; - size_t protocol_name_list_len, protocol_name_len; - const unsigned char *protocol_name_list_end; - - /* If we didn't send it, the server shouldn't send it */ - if (ssl->conf->alpn_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - * - * the "ProtocolNameList" MUST contain exactly one "ProtocolName" - */ - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - protocol_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, protocol_name_list_len); - protocol_name_list_end = p + protocol_name_list_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, 1); - protocol_name_len = *p++; - - /* Check that the server chosen protocol was in our list and save it */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len); - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { - if (protocol_name_len == strlen(*alpn) && - memcmp(p, *alpn, protocol_name_len) == 0) { - ssl->alpn_chosen = *alpn; - return 0; - } - } - - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; -} -#endif /* MBEDTLS_SSL_ALPN */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) -{ - uint16_t group_id = ssl->handshake->offered_group_id; - - if (group_id == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || - mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* Destroy generated private key. */ - status = psa_destroy_key(ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); - return ret; - } - - ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return 0; - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - if (0 /* other KEMs? */) { - /* Do something */ - } - - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -/* - * Functions for writing key_share extension. - */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, - uint16_t *group_id) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); - /* Pick first available ECDHE group compatible with TLS 1.3 */ - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *group_list != 0; group_list++) { -#if defined(PSA_WANT_ALG_ECDH) - if ((mbedtls_ssl_get_psa_curve_info_from_tls_id( - *group_list, NULL, NULL) == PSA_SUCCESS) && - mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { - *group_id = *group_list; - return 0; - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) { - *group_id = *group_list; - return 0; - } -#endif - } -#else - ((void) ssl); - ((void) group_id); -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - - return ret; -} - -/* - * ssl_tls13_write_key_share_ext - * - * Structure of key_share extension in ClientHello: - * - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - * struct { - * KeyShareEntry client_shares<0..2^16-1>; - * } KeyShareClientHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - unsigned char *client_shares; /* Start of client_shares */ - size_t client_shares_len; /* Length of client_shares */ - uint16_t group_id; - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - *out_len = 0; - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - client_shares_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello: adding key share extension")); - - /* HRR could already have requested something else. */ - group_id = ssl->handshake->offered_group_id; - if (!mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) && - !mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_get_default_group_id(ssl, - &group_id)); - } - - /* - * Dispatch to type-specific key generation function. - * - * So far, we're only supporting ECDHE. With the introduction - * of PQC KEMs, we'll want to have multiple branches, one per - * type of KEM, and dispatch to the corresponding crypto. And - * only one key share entry is allowed. - */ - client_shares = p; -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || - mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { - /* Pointer to group */ - unsigned char *group = p; - /* Length of key_exchange */ - size_t key_exchange_len = 0; - - /* Check there is space for header of KeyShareEntry - * - group (2 bytes) - * - key_exchange_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - p += 4; - ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - ssl, group_id, p, end, &key_exchange_len); - p += key_exchange_len; - if (ret != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange")); - return ret; - } - - /* Write group */ - MBEDTLS_PUT_UINT16_BE(group_id, group, 0); - /* Write key_exchange_length */ - MBEDTLS_PUT_UINT16_BE(key_exchange_len, group, 2); - } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - if (0 /* other KEMs? */) { - /* Do something */ - } else { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Length of client_shares */ - client_shares_len = p - client_shares; - if (client_shares_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No key share defined.")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE(client_shares_len + 2, buf, 2); - /* Write client_shares_length */ - MBEDTLS_PUT_UINT16_BE(client_shares_len, buf, 4); - - /* Update offered_group_id field */ - ssl->handshake->offered_group_id = group_id; - - /* Output the total length of key_share extension. */ - *out_len = p - buf; - - MBEDTLS_SSL_DEBUG_BUF( - 3, "client hello, key_share extension", buf, *out_len); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); - -cleanup: - - return ret; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -/* - * ssl_tls13_parse_hrr_key_share_ext() - * Parse key_share extension in Hello Retry Request - * - * struct { - * NamedGroup selected_group; - * } KeyShareHelloRetryRequest; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - const unsigned char *p = buf; - int selected_group; - int found = 0; - - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "key_share extension", p, end - buf); - - /* Read selected_group */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - selected_group = MBEDTLS_GET_UINT16_BE(p, 0); - MBEDTLS_SSL_DEBUG_MSG(3, ("selected_group ( %d )", selected_group)); - - /* Upon receipt of this extension in a HelloRetryRequest, the client - * MUST first verify that the selected_group field corresponds to a - * group which was provided in the "supported_groups" extension in the - * original ClientHello. - * The supported_group was based on the info in ssl->conf->group_list. - * - * If the server provided a key share that was not sent in the ClientHello - * then the client MUST abort the handshake with an "illegal_parameter" alert. - */ - for (; *group_list != 0; group_list++) { -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { - if ((mbedtls_ssl_get_psa_curve_info_from_tls_id( - *group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) || - *group_list != selected_group) { - found = 1; - break; - } - } -#endif /* PSA_WANT_ALG_ECDH */ -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) { - found = 1; - break; - } -#endif /* PSA_WANT_ALG_FFDH */ - } - - /* Client MUST verify that the selected_group field does not - * correspond to a group which was provided in the "key_share" - * extension in the original ClientHello. If the server sent an - * HRR message with a key share already provided in the - * ClientHello then the client MUST abort the handshake with - * an "illegal_parameter" alert. - */ - if (found == 0 || selected_group == ssl->handshake->offered_group_id) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid key share in HRR")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* Remember server's preference for next ClientHello */ - ssl->handshake->offered_group_id = selected_group; - - return 0; -#else /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - (void) ssl; - (void) buf; - (void) end; - return MBEDTLS_ERR_SSL_BAD_CONFIG; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ -} - -/* - * ssl_tls13_parse_key_share_ext() - * Parse key_share extension in Server Hello - * - * struct { - * KeyShareEntry server_share; - * } KeyShareServerHello; - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - uint16_t group, offered_group; - - /* ... - * NamedGroup group; (2 bytes) - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - group = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check that the chosen group matches the one we offered. */ - offered_group = ssl->handshake->offered_group_id; - if (offered_group != group) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Invalid server key share, our group %u, their group %u", - (unsigned) offered_group, (unsigned) group)); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || - mbedtls_ssl_tls13_named_group_is_ffdh(group)) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("DHE group name: %s", mbedtls_ssl_named_group_to_str(group))); - ret = mbedtls_ssl_tls13_read_public_xxdhe_share(ssl, p, end - p); - if (ret != 0) { - return ret; - } - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - if (0 /* other KEMs? */) { - /* Do something */ - } else { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return ret; -} - -/* - * ssl_tls13_parse_cookie_ext() - * Parse cookie extension in Hello Retry Request - * - * struct { - * opaque cookie<1..2^16-1>; - * } Cookie; - * - * When sending a HelloRetryRequest, the server MAY provide a "cookie" - * extension to the client (this is an exception to the usual rule that - * the only extensions that may be sent are those that appear in the - * ClientHello). When sending the new ClientHello, the client MUST copy - * the contents of the extension received in the HelloRetryRequest into - * a "cookie" extension in the new ClientHello. Clients MUST NOT use - * cookies in their initial ClientHello in subsequent connections. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_cookie_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - uint16_t cookie_len; - const unsigned char *p = buf; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Retrieve length field of cookie */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - cookie_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cookie_len); - MBEDTLS_SSL_DEBUG_BUF(3, "cookie extension", p, cookie_len); - - mbedtls_free(handshake->cookie); - handshake->cookie_len = 0; - handshake->cookie = mbedtls_calloc(1, cookie_len); - if (handshake->cookie == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("alloc failed ( %ud bytes )", - cookie_len)); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(handshake->cookie, p, cookie_len); - handshake->cookie_len = cookie_len; - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_cookie_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - *out_len = 0; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if (handshake->cookie == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("no cookie to send; skip extension")); - return 0; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", - handshake->cookie, - handshake->cookie_len); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, handshake->cookie_len + 6); - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding cookie extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_COOKIE, p, 0); - MBEDTLS_PUT_UINT16_BE(handshake->cookie_len + 2, p, 2); - MBEDTLS_PUT_UINT16_BE(handshake->cookie_len, p, 4); - p += 6; - - /* Cookie */ - memcpy(p, handshake->cookie, handshake->cookie_len); - - *out_len = handshake->cookie_len + 6; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_COOKIE); - - return 0; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/* - * ssl_tls13_write_psk_key_exchange_modes_ext() structure: - * - * enum { psk_ke( 0 ), psk_dhe_ke( 1 ), ( 255 ) } PskKeyExchangeMode; - * - * struct { - * PskKeyExchangeMode ke_modes<1..255>; - * } PskKeyExchangeModes; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - int ke_modes_len = 0; - - ((void) ke_modes_len); - *out_len = 0; - - /* Skip writing extension if no PSK key exchange mode - * is enabled in the config. - */ - if (!mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip psk_key_exchange_modes extension")); - return 0; - } - - /* Require 7 bytes of data, otherwise fail, - * even if extension might be shorter. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 7); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("client hello, adding psk_key_exchange_modes extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, p, 0); - - /* Skip extension length (2 bytes) and - * ke_modes length (1 byte) for now. - */ - p += 5; - - if (mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl)) { - *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE; - ke_modes_len++; - - MBEDTLS_SSL_DEBUG_MSG(4, ("Adding PSK-ECDHE key exchange mode")); - } - - if (mbedtls_ssl_conf_tls13_is_psk_enabled(ssl)) { - *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE; - ke_modes_len++; - - MBEDTLS_SSL_DEBUG_MSG(4, ("Adding pure PSK key exchange mode")); - } - - /* Now write the extension and ke_modes length */ - MBEDTLS_PUT_UINT16_BE(ke_modes_len + 1, buf, 2); - buf[4] = ke_modes_len; - - *out_len = p - buf; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES); - - return 0; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); - - if (ciphersuite_info != NULL) { - return mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - } - - return PSA_ALG_NONE; -} - -static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - return ssl->handshake->resume && - session != NULL && session->ticket != NULL && - mbedtls_ssl_conf_tls13_is_kex_mode_enabled( - ssl, mbedtls_ssl_tls13_session_get_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - return ssl->handshake->resume && - session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - mbedtls_ssl_tls13_session_ticket_allow_early_data(session) && - mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); -} -#endif - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_ticket_get_identity(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **identity, - size_t *identity_len) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - - if (!ssl_tls13_has_configured_ticket(ssl)) { - return -1; - } - - *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite); - *identity = session->ticket; - *identity_len = session->ticket_len; - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_ticket_get_psk(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **psk, - size_t *psk_len) -{ - - mbedtls_ssl_session *session = ssl->session_negotiate; - - if (!ssl_tls13_has_configured_ticket(ssl)) { - return -1; - } - - *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite); - *psk = session->resumption_key; - *psk_len = session->resumption_key_len; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_psk_get_identity(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **identity, - size_t *identity_len) -{ - - if (!mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - return -1; - } - - *hash_alg = PSA_ALG_SHA_256; - *identity = ssl->conf->psk_identity; - *identity_len = ssl->conf->psk_identity_len; - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_psk_get_psk(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **psk, - size_t *psk_len) -{ - - if (!mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - return -1; - } - - *hash_alg = PSA_ALG_SHA_256; - *psk = ssl->conf->psk; - *psk_len = ssl->conf->psk_len; - return 0; -} - -static int ssl_tls13_get_configured_psk_count(mbedtls_ssl_context *ssl) -{ - int configured_psk_count = 0; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_has_configured_ticket(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket is configured")); - configured_psk_count++; - } -#endif - if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("PSK is configured")); - configured_psk_count++; - } - return configured_psk_count; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_identity(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - const unsigned char *identity, - size_t identity_len, - uint32_t obfuscated_ticket_age, - size_t *out_len) -{ - ((void) ssl); - *out_len = 0; - - /* - * - identity_len (2 bytes) - * - identity (psk_identity_len bytes) - * - obfuscated_ticket_age (4 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6 + identity_len); - - MBEDTLS_PUT_UINT16_BE(identity_len, buf, 0); - memcpy(buf + 2, identity, identity_len); - MBEDTLS_PUT_UINT32_BE(obfuscated_ticket_age, buf, 2 + identity_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "write identity", buf, 6 + identity_len); - - *out_len = 6 + identity_len; - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_binder(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - int psk_type, - psa_algorithm_t hash_alg, - const unsigned char *psk, - size_t psk_len, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char binder_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len = 0; - - *out_len = 0; - - binder_len = PSA_HASH_LENGTH(hash_alg); - - /* - * - binder_len (1 bytes) - * - binder (binder_len bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 1 + binder_len); - - buf[0] = binder_len; - - /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_md_type_from_psa_alg(hash_alg), - transcript, sizeof(transcript), &transcript_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_create_psk_binder(ssl, hash_alg, - psk, psk_len, psk_type, - transcript, buf + 1); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_create_psk_binder", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_BUF(4, "write binder", buf, 1 + binder_len); - - *out_len = 1 + binder_len; - - return 0; -} - -/* - * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: - * - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * PskIdentity identities<7..2^16-1>; - * PskBinderEntry binders<33..2^16-1>; - * } OfferedPsks; - * - * struct { - * select (Handshake.msg_type) { - * case client_hello: OfferedPsks; - * ... - * }; - * } PreSharedKeyExtension; - * - */ -int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *out_len, size_t *binders_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int configured_psk_count = 0; - unsigned char *p = buf; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - const unsigned char *identity; - size_t identity_len; - size_t l_binders_len = 0; - size_t output_len; - - *out_len = 0; - *binders_len = 0; - - /* Check if we have any PSKs to offer. If no, skip pre_shared_key */ - configured_psk_count = ssl_tls13_get_configured_psk_count(ssl); - if (configured_psk_count == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip pre_shared_key extensions")); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("Pre-configured PSK number = %d", - configured_psk_count)); - - /* Check if we have space to write the extension, binders included. - * - extension_type (2 bytes) - * - extension_data_len (2 bytes) - * - identities_len (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_ticket_get_identity( - ssl, &hash_alg, &identity, &identity_len) == 0) { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t now = mbedtls_ms_time(); - mbedtls_ssl_session *session = ssl->session_negotiate; - /* The ticket age has been checked to be smaller than the - * `ticket_lifetime` in ssl_prepare_client_hello() which is smaller than - * 7 days (enforced in ssl_tls13_parse_new_session_ticket()) . Thus the - * cast to `uint32_t` of the ticket age is safe. */ - uint32_t obfuscated_ticket_age = - (uint32_t) (now - session->ticket_reception_time); - obfuscated_ticket_age += session->ticket_age_add; - - ret = ssl_tls13_write_identity(ssl, p, end, - identity, identity_len, - obfuscated_ticket_age, - &output_len); -#else - ret = ssl_tls13_write_identity(ssl, p, end, identity, identity_len, - 0, &output_len); -#endif /* MBEDTLS_HAVE_TIME */ - if (ret != 0) { - return ret; - } - - p += output_len; - l_binders_len += 1 + PSA_HASH_LENGTH(hash_alg); - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - if (ssl_tls13_psk_get_identity( - ssl, &hash_alg, &identity, &identity_len) == 0) { - - ret = ssl_tls13_write_identity(ssl, p, end, identity, identity_len, 0, - &output_len); - if (ret != 0) { - return ret; - } - - p += output_len; - l_binders_len += 1 + PSA_HASH_LENGTH(hash_alg); - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding pre_shared_key extension, " - "omitting PSK binder list")); - - /* Take into account the two bytes for the length of the binders. */ - l_binders_len += 2; - /* Check if there is enough space for binders */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, l_binders_len); - - /* - * - extension_type (2 bytes) - * - extension_data_len (2 bytes) - * - identities_len (2 bytes) - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, buf, 0); - MBEDTLS_PUT_UINT16_BE(p - buf - 4 + l_binders_len, buf, 2); - MBEDTLS_PUT_UINT16_BE(p - buf - 6, buf, 4); - - *out_len = (p - buf) + l_binders_len; - *binders_len = l_binders_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key identities", buf, p - buf); - - return 0; -} - -int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - const unsigned char *psk; - size_t psk_len; - size_t output_len; - - /* Check if we have space to write binders_len. - * - binders_len (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p += 2; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len) == 0) { - - ret = ssl_tls13_write_binder(ssl, p, end, - MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION, - hash_alg, psk, psk_len, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - if (ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len) == 0) { - - ret = ssl_tls13_write_binder(ssl, p, end, - MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL, - hash_alg, psk, psk_len, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding PSK binder list.")); - - /* - * - binders_len (2 bytes) - */ - MBEDTLS_PUT_UINT16_BE(p - buf - 2, buf, 0); - - MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key binders", buf, p - buf); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); - - return 0; -} - -/* - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * - * select (Handshake.msg_type) { - * ... - * case server_hello: uint16 selected_identity; - * }; - * - * } PreSharedKeyExtension; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int selected_identity; - const unsigned char *psk; - size_t psk_len; - psa_algorithm_t hash_alg; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2); - selected_identity = MBEDTLS_GET_UINT16_BE(buf, 0); - ssl->handshake->selected_identity = (uint16_t) selected_identity; - - MBEDTLS_SSL_DEBUG_MSG(3, ("selected_identity = %d", selected_identity)); - - if (selected_identity >= ssl_tls13_get_configured_psk_count(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid PSK identity.")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) { - ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len); - } else -#endif - if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - ret = ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len); - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - if (ret != 0) { - return ret; - } - - if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac) - != hash_alg) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Invalid ciphersuite for external psk.")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t ext_len; - - *out_len = 0; - - /* Write supported_versions extension - * - * Supported Versions Extension is mandatory with TLS 1.3. - */ - ret = ssl_tls13_write_supported_versions_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - - /* Echo the cookie if the server provided one in its preceding - * HelloRetryRequest message. - */ - ret = ssl_tls13_write_cookie_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - ret = mbedtls_ssl_tls13_write_record_size_limit_ext( - ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - } -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) - /* In the first ClientHello, write the early data indication extension if - * necessary and update the early data state. - * If an HRR has been received and thus we are currently writing the - * second ClientHello, the second ClientHello must not contain an early - * data extension and the early data state must stay as it is: - * MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT or - * MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED. - */ - if (!ssl->handshake->hello_retry_request_flag) { - if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && - ssl_tls13_early_data_has_valid_ticket(ssl) && - ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT; - } else { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT; - } - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* For PSK-based key exchange we need the pre_shared_key extension - * and the psk_key_exchange_modes extension. - * - * The pre_shared_key extension MUST be the last extension in the - * ClientHello. Servers MUST check that it is the last extension and - * otherwise fail the handshake with an "illegal_parameter" alert. - * - * Add the psk_key_exchange_modes extension. - */ - ret = ssl_tls13_write_psk_key_exchange_modes_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; -#endif - - *out_len = p - buf; - - return 0; -} - -int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) -{ - ((void) ssl); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - const unsigned char *psk; - size_t psk_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Set hs psk for early data when writing the first psk")); - - ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_ticket_get_psk", ret); - return ret; - } - - ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - - /* - * Early data are going to be encrypted using the ciphersuite - * associated with the pre-shared key used for the handshake. - * Note that if the server rejects early data, the handshake - * based on the pre-shared key may complete successfully - * with a selected ciphersuite different from the ciphersuite - * associated with the pre-shared key. Only the hashes of the - * two ciphersuites have to be the same. In that case, the - * encrypted handshake data and application data are - * encrypted using a different ciphersuite than the one used for - * the rejected early data. - */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite); - ssl->handshake->ciphersuite_info = ciphersuite_info; - - /* Enable psk and psk_ephemeral to make stage early happy */ - ssl->handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - - /* Start the TLS 1.3 key schedule: - * Set the PSK and derive early secret. - */ - ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_key_schedule_stage_early", ret); - return ret; - } - - /* Derive early data key material */ - ret = mbedtls_ssl_tls13_compute_early_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_early_transform", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); -#else - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early data keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform( - ssl, ssl->handshake->transform_earlydata); - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE; -#endif - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - return 0; -} -/* - * Functions for parsing and processing Server Hello - */ - -/** - * \brief Detect if the ServerHello contains a supported_versions extension - * or not. - * - * \param[in] ssl SSL context - * \param[in] buf Buffer containing the ServerHello message - * \param[in] end End of the buffer containing the ServerHello message - * - * \return 0 if the ServerHello does not contain a supported_versions extension - * \return 1 if the ServerHello contains a supported_versions extension - * \return A negative value if an error occurred while parsing the ServerHello. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_is_supported_versions_ext_present( - mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t legacy_session_id_echo_len; - const unsigned char *supported_versions_data; - const unsigned char *supported_versions_data_end; - - /* - * Check there is enough data to access the legacy_session_id_echo vector - * length: - * - legacy_version 2 bytes - * - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes - * - legacy_session_id_echo length 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3); - p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2; - legacy_session_id_echo_len = *p; - - /* - * Jump to the extensions, jumping over: - * - legacy_session_id_echo (legacy_session_id_echo_len + 1) bytes - * - cipher_suite 2 bytes - * - legacy_compression_method 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len + 4); - p += legacy_session_id_echo_len + 4; - - return mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - ssl, p, end, - &supported_versions_data, &supported_versions_data_end); -} - -/* Returns a negative value on failure, and otherwise - * - 1 if the last eight bytes of the ServerHello random bytes indicate that - * the server is TLS 1.3 capable but negotiating TLS 1.2 or below. - * - 0 otherwise - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_is_downgrade_negotiation(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - /* First seven bytes of the magic downgrade strings, see RFC 8446 4.1.3 */ - static const unsigned char magic_downgrade_string[] = - { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44 }; - const unsigned char *last_eight_bytes_of_random; - unsigned char last_byte_of_random; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2); - last_eight_bytes_of_random = buf + 2 + MBEDTLS_SERVER_HELLO_RANDOM_LEN - 8; - - if (memcmp(last_eight_bytes_of_random, - magic_downgrade_string, - sizeof(magic_downgrade_string)) == 0) { - last_byte_of_random = last_eight_bytes_of_random[7]; - return last_byte_of_random == 0 || - last_byte_of_random == 1; - } - - return 0; -} - -/* Returns a negative value on failure, and otherwise - * - SSL_SERVER_HELLO or - * - SSL_SERVER_HELLO_HRR - * to indicate which message is expected and to be parsed next. - */ -#define SSL_SERVER_HELLO 0 -#define SSL_SERVER_HELLO_HRR 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_server_hello_is_hrr(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - - /* Check whether this message is a HelloRetryRequest ( HRR ) message. - * - * Server Hello and HRR are only distinguished by Random set to the - * special value of the SHA-256 of "HelloRetryRequest". - * - * struct { - * ProtocolVersion legacy_version = 0x0303; - * Random random; - * opaque legacy_session_id_echo<0..32>; - * CipherSuite cipher_suite; - * uint8 legacy_compression_method = 0; - * Extension extensions<6..2^16-1>; - * } ServerHello; - * - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR( - buf, end, 2 + sizeof(mbedtls_ssl_tls13_hello_retry_request_magic)); - - if (memcmp(buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic, - sizeof(mbedtls_ssl_tls13_hello_retry_request_magic)) == 0) { - return SSL_SERVER_HELLO_HRR; - } - - return SSL_SERVER_HELLO; -} - -/* - * Returns a negative value on failure, and otherwise - * - SSL_SERVER_HELLO or - * - SSL_SERVER_HELLO_HRR or - * - SSL_SERVER_HELLO_TLS1_2 - */ -#define SSL_SERVER_HELLO_TLS1_2 2 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_is_supported_versions_ext_present( - ssl, buf, end)); - - if (ret == 0) { - MBEDTLS_SSL_PROC_CHK_NEG( - ssl_tls13_is_downgrade_negotiation(ssl, buf, end)); - - /* If the server is negotiating TLS 1.2 or below and: - * . we did not propose TLS 1.2 or - * . the server responded it is TLS 1.3 capable but negotiating a lower - * version of the protocol and thus we are under downgrade attack - * abort the handshake with an "illegal parameter" alert. - */ - if (handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * Version 1.2 of the protocol has been negotiated, set the - * ssl->keep_current_message flag for the ServerHello to be kept and - * parsed as a TLS 1.2 ServerHello. We also change ssl->tls_version to - * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step() - * will dispatch to the TLS 1.2 state machine. - */ - ssl->keep_current_message = 1; - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, - buf, (size_t) (end - buf))); - - if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - ret = ssl_tls13_reset_key_share(ssl); - if (ret != 0) { - return ret; - } - } - - return SSL_SERVER_HELLO_TLS1_2; - } - - ssl->session_negotiate->tls_version = ssl->tls_version; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - ret = ssl_server_hello_is_hrr(ssl, buf, end); - switch (ret) { - case SSL_SERVER_HELLO: - MBEDTLS_SSL_DEBUG_MSG(2, ("received ServerHello message")); - break; - case SSL_SERVER_HELLO_HRR: - MBEDTLS_SSL_DEBUG_MSG(2, ("received HelloRetryRequest message")); - /* If a client receives a second HelloRetryRequest in the same - * connection (i.e., where the ClientHello was itself in response - * to a HelloRetryRequest), it MUST abort the handshake with an - * "unexpected_message" alert. - */ - if (handshake->hello_retry_request_flag) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Multiple HRRs received")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - /* - * Clients must abort the handshake with an "illegal_parameter" - * alert if the HelloRetryRequest would not result in any change - * in the ClientHello. - * In a PSK only key exchange that what we expect. - */ - if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Unexpected HRR in pure PSK key exchange.")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - handshake->hello_retry_request_flag = 1; - - break; - } - -cleanup: - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_server_hello_session_id_echo(mbedtls_ssl_context *ssl, - const unsigned char **buf, - const unsigned char *end) -{ - const unsigned char *p = *buf; - size_t legacy_session_id_echo_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - legacy_session_id_echo_len = *p++; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len); - - /* legacy_session_id_echo */ - if (ssl->session_negotiate->id_len != legacy_session_id_echo_len || - memcmp(ssl->session_negotiate->id, p, legacy_session_id_echo_len) != 0) { - MBEDTLS_SSL_DEBUG_BUF(3, "Expected Session ID", - ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Received Session ID", p, - legacy_session_id_echo_len); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - p += legacy_session_id_echo_len; - *buf = p; - - MBEDTLS_SSL_DEBUG_BUF(3, "Session ID", ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - return 0; -} - -/* Parse ServerHello message and configure context - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * Random random; - * opaque legacy_session_id_echo<0..32>; - * CipherSuite cipher_suite; - * uint8 legacy_compression_method = 0; - * Extension extensions<6..2^16-1>; - * } ServerHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end, - int is_hrr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t extensions_len; - const unsigned char *extensions_end; - uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - int fatal_alert = 0; - uint32_t allowed_extensions_mask; - int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : - MBEDTLS_SSL_HS_SERVER_HELLO; - - /* - * Check there is space for minimal fields - * - * - legacy_version ( 2 bytes) - * - random (MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes) - * - legacy_session_id_echo ( 1 byte ), minimum size - * - cipher_suite ( 2 bytes) - * - legacy_compression_method ( 1 byte ) - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6); - - MBEDTLS_SSL_DEBUG_BUF(4, "server hello", p, end - p); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", p, 2); - - /* ... - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * ... - * with ProtocolVersion defined as: - * uint16 ProtocolVersion; - */ - if (mbedtls_ssl_read_version(p, ssl->conf->transport) != - MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - goto cleanup; - } - p += 2; - - /* ... - * Random random; - * ... - * with Random defined as: - * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN]; - */ - if (!is_hrr) { - memcpy(&handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", - p, MBEDTLS_SERVER_HELLO_RANDOM_LEN); - } - p += MBEDTLS_SERVER_HELLO_RANDOM_LEN; - - /* ... - * opaque legacy_session_id_echo<0..32>; - * ... - */ - if (ssl_tls13_check_server_hello_session_id_echo(ssl, &p, end) != 0) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - goto cleanup; - } - - /* ... - * CipherSuite cipher_suite; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); - /* - * Check whether this ciphersuite is valid and offered. - */ - if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, - ssl->tls_version, - ssl->tls_version) != 0) || - !mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - /* - * If we received an HRR before and that the proposed selected - * ciphersuite in this server hello is not the same as the one - * proposed in the HRR, we abort the handshake and send an - * "illegal_parameter" alert. - */ - else if ((!is_hrr) && handshake->hello_retry_request_flag && - (cipher_suite != ssl->session_negotiate->ciphersuite)) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - - if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid ciphersuite(%04x) parameter", - cipher_suite)); - goto cleanup; - } - - /* Configure ciphersuites */ - mbedtls_ssl_optimize_checksum(ssl, ciphersuite_info); - - handshake->ciphersuite_info = ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: ( %04x ) - %s", - cipher_suite, ciphersuite_info->name)); - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif /* MBEDTLS_HAVE_TIME */ - - /* ... - * uint8 legacy_compression_method = 0; - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - if (p[0] != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method")); - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - goto cleanup; - } - p++; - - /* ... - * Extension extensions<6..2^16-1>; - * ... - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check extensions do not go beyond the buffer of data. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello extensions", p, extensions_len); - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - allowed_extensions_mask = is_hrr ? - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - const unsigned char *extension_data_end; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - extension_data_end = p + extension_data_len; - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, hs_msg_type, extension_type, allowed_extensions_mask); - if (ret != 0) { - return ret; - } - - switch (extension_type) { - case MBEDTLS_TLS_EXT_COOKIE: - - ret = ssl_tls13_parse_cookie_ext(ssl, - p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_parse_cookie_ext", - ret); - goto cleanup; - } - break; - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - ret = ssl_tls13_parse_supported_versions_ext(ssl, - p, - extension_data_end); - if (ret != 0) { - goto cleanup; - } - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension")); - - if ((ret = ssl_tls13_parse_server_pre_shared_key_ext( - ssl, p, extension_data_end)) != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("ssl_tls13_parse_server_pre_shared_key_ext"), ret); - return ret; - } - break; -#endif - - case MBEDTLS_TLS_EXT_KEY_SHARE: - MBEDTLS_SSL_DEBUG_MSG(3, ("found key_shares extension")); - if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; - } - - if (is_hrr) { - ret = ssl_tls13_parse_hrr_key_share_ext(ssl, - p, extension_data_end); - } else { - ret = ssl_tls13_parse_key_share_ext(ssl, - p, extension_data_end); - } - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_parse_key_share_ext", - ret); - goto cleanup; - } - break; - - default: - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, hs_msg_type, handshake->received_extensions); - -cleanup: - - if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - ret = MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } else if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - ret = MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - return ret; -} - -#if defined(MBEDTLS_DEBUG_C) -static const char *ssl_tls13_get_kex_mode_str(int mode) -{ - switch (mode) { - case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: - return "psk"; - case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: - return "ephemeral"; - case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: - return "psk_ephemeral"; - default: - return "unknown mode"; - } -} -#endif /* MBEDTLS_DEBUG_C */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Determine the key exchange mode: - * 1) If both the pre_shared_key and key_share extensions were received - * then the key exchange mode is PSK with EPHEMERAL. - * 2) If only the pre_shared_key extension was received then the key - * exchange mode is PSK-only. - * 3) If only the key_share extension was received then the key - * exchange mode is EPHEMERAL-only. - */ - switch (handshake->received_extensions & - (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE))) { - /* Only the pre_shared_key extension was received */ - case MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY): - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - break; - - /* Only the key_share extension was received */ - case MBEDTLS_SSL_EXT_MASK(KEY_SHARE): - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - break; - - /* Both the pre_shared_key and key_share extensions were received */ - case (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE)): - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - break; - - /* Neither pre_shared_key nor key_share extension was received */ - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("Unknown key exchange.")); - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto cleanup; - } - - if (!mbedtls_ssl_conf_tls13_is_kex_mode_enabled( - ssl, handshake->key_exchange_mode)) { - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - MBEDTLS_SSL_DEBUG_MSG( - 2, ("Key exchange mode(%s) is not supported.", - ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode))); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Selected key exchange mode: %s", - ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode))); - - /* Start the TLS 1.3 key scheduling if not already done. - * - * If we proposed early data then we have already derived an - * early secret using the selected PSK and its associated hash. - * It means that if the negotiated key exchange mode is psk or - * psk_ephemeral, we have already correctly computed the - * early secret and thus we do not do it again. In all other - * cases we compute it here. - */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT || - handshake->key_exchange_mode == - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) -#endif - { - ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_key_schedule_stage_early", ret); - goto cleanup; - } - } - - ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls13_compute_handshake_transform", - ret); - goto cleanup; - } - - mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake); - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); - ssl->session_in = ssl->session_negotiate; - -cleanup: - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - } - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_ssl_session_reset_msg_layer(ssl, 0); - - /* - * We are going to re-generate a shared secret corresponding to the group - * selected by the server, which is different from the group for which we - * generated a shared secret in the first client hello. - * Thus, reset the shared secret. - */ - ret = ssl_tls13_reset_key_share(ssl); - if (ret != 0) { - return ret; - } - - ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED; - } -#endif - - return 0; -} - -/* - * Wait and parse ServerHello handshake message. - * Handler for MBEDTLS_SSL_SERVER_HELLO - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf = NULL; - size_t buf_len = 0; - int is_hrr = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> %s", __func__)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); - - ret = ssl_tls13_preprocess_server_hello(ssl, buf, buf + buf_len); - if (ret < 0) { - goto cleanup; - } else { - is_hrr = (ret == SSL_SERVER_HELLO_HRR); - } - - if (ret == SSL_SERVER_HELLO_TLS1_2) { - ret = 0; - goto cleanup; - } - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_server_hello(ssl, buf, - buf + buf_len, - is_hrr)); - if (is_hrr) { - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl)); - } - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len)); - - if (is_hrr) { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl)); -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /* If not offering early data, the client sends a dummy CCS record - * immediately before its second flight. This may either be before - * its second ClientHello or before its encrypted handshake flight. - */ - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - } else { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_server_hello(ssl)); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - } - -cleanup: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= %s ( %s )", __func__, - is_hrr ? "HelloRetryRequest" : "ServerHello")); - return ret; -} - -/* - * - * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS - * - * The EncryptedExtensions message contains any extensions which - * should be protected, i.e., any which are not needed to establish - * the cryptographic context. - */ - -/* Parse EncryptedExtensions message - * struct { - * Extension extensions<0..2^16-1>; - * } EncryptedExtensions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = 0; - size_t extensions_len; - const unsigned char *p = buf; - const unsigned char *extensions_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "encrypted extensions", p, extensions_len); - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - /* - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE); - if (ret != 0) { - return ret; - } - - switch (extension_type) { -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - if ((ret = ssl_tls13_parse_alpn_ext( - ssl, p, (size_t) extension_data_len)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_TLS_EXT_EARLY_DATA: - - if (extension_data_len != 0) { - /* The message must be empty. */ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: - MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension")); - - ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( - ssl, p, p + extension_data_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) && - (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) { - MBEDTLS_SSL_DEBUG_MSG(3, - ( - "Record size limit extension cannot be used with max fragment length extension")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - handshake->received_extensions); - - /* Check that we consumed all the message. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("EncryptedExtension lengths misaligned")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) -{ - int ret; - unsigned char *buf; - size_t buf_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - &buf, &buf_len)); - - /* Process the message contents */ - MBEDTLS_SSL_PROC_CHK( - ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len)); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { - /* RFC8446 4.2.11 - * If the server supplies an "early_data" extension, the - * client MUST verify that the server's selected_identity - * is 0. If any other value is returned, the client MUST - * abort the handshake with an "illegal_parameter" alert. - * - * RFC 8446 4.2.10 - * In order to accept early data, the server MUST have accepted a PSK - * cipher suite and selected the first key offered in the client's - * "pre_shared_key" extension. In addition, it MUST verify that the - * following values are the same as those associated with the - * selected PSK: - * - The TLS version number - * - The selected cipher suite - * - The selected ALPN [RFC7301] protocol, if any - * - * The server has sent an early data extension in its Encrypted - * Extension message thus accepted to receive early data. We - * check here that the additional constraints on the handshake - * parameters, when early data are exchanged, are met, - * namely: - * - a PSK has been selected for the handshake - * - the selected PSK for the handshake was the first one proposed - * by the client. - * - the selected ciphersuite for the handshake is the ciphersuite - * associated with the selected PSK. - */ - if ((!mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) || - handshake->selected_identity != 0 || - handshake->ciphersuite_info->id != - ssl->session_negotiate->ciphersuite) { - - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED; - } else if (ssl->early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED; - } -#endif - - /* - * In case the client has proposed a PSK associated with a ticket, - * `ssl->session_negotiate->ciphersuite` still contains at this point the - * identifier of the ciphersuite associated with the ticket. This is that - * way because, if an exchange of early data is agreed upon, we need - * it to check that the ciphersuite selected for the handshake is the - * ticket ciphersuite (see above). This information is not needed - * anymore thus we can now set it to the identifier of the ciphersuite - * used in this session under negotiation. - */ - ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - buf, buf_len)); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); - } -#else - ((void) ssl); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); -#endif - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse encrypted extensions")); - return ret; - -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA - * - * RFC 8446 section 4.5 - * - * struct {} EndOfEarlyData; - * - * If the server sent an "early_data" extension in EncryptedExtensions, the - * client MUST send an EndOfEarlyData message after receiving the server - * Finished. Otherwise, the client MUST NOT send an EndOfEarlyData message. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_end_of_early_data(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf = NULL; - size_t buf_len; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write EndOfEarlyData")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_hdr_to_checksum( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0)); - - MBEDTLS_SSL_PROC_CHK( - mbedtls_ssl_finish_handshake_msg(ssl, buf_len, 0)); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write EndOfEarlyData")); - return ret; -} - -int mbedtls_ssl_get_early_data_status(mbedtls_ssl_context *ssl) -{ - if ((ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) || - (!mbedtls_ssl_is_handshake_over(ssl))) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - switch (ssl->early_data_state) { - case MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT: - return MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED; - break; - - case MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED: - return MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - break; - - case MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED: - return MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - break; - - default: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * STATE HANDLING: CertificateRequest - * - */ -#define SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST 0 -#define SSL_CERTIFICATE_REQUEST_SKIP 1 -/* Coordination: - * Deals with the ambiguity of not knowing if a CertificateRequest - * will be sent. Returns a negative code on failure, or - * - SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST - * - SSL_CERTIFICATE_REQUEST_SKIP - * indicating if a Certificate Request is expected or not. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - ssl->keep_current_message = 1; - - if ((ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) && - (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("got a certificate request")); - return SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("got no certificate request")); - - return SSL_CERTIFICATE_REQUEST_SKIP; -} - -/* - * ssl_tls13_parse_certificate_request() - * Parse certificate request - * struct { - * opaque certificate_request_context<0..2^8-1>; - * Extension extensions<2..2^16-1>; - * } CertificateRequest; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_certificate_request(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - size_t certificate_request_context_len = 0; - size_t extensions_len = 0; - const unsigned char *extensions_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* ... - * opaque certificate_request_context<0..2^8-1> - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - certificate_request_context_len = (size_t) p[0]; - p += 1; - - if (certificate_request_context_len > 0) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_request_context_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Certificate Request Context", - p, certificate_request_context_len); - - handshake->certificate_request_context = - mbedtls_calloc(1, certificate_request_context_len); - if (handshake->certificate_request_context == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(handshake->certificate_request_context, p, - certificate_request_context_len); - p += certificate_request_context_len; - } - - /* ... - * Extension extensions<2..2^16-1>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR); - if (ret != 0) { - return ret; - } - - switch (extension_type) { - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found signature algorithms extension")); - ret = mbedtls_ssl_parse_sig_alg_ext(ssl, p, - p + extension_data_len); - if (ret != 0) { - return ret; - } - - break; - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - handshake->received_extensions); - - /* Check that we consumed all the message. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("CertificateRequest misaligned")); - goto decode_error; - } - - /* RFC 8446 section 4.3.2 - * - * The "signature_algorithms" extension MUST be specified - */ - if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(SIG_ALG)) == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("no signature algorithms extension found")); - goto decode_error; - } - - ssl->handshake->client_auth = 1; - return 0; - -decode_error: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; -} - -/* - * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); - - if (ret == SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST) { - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request( - ssl, buf, buf + buf_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - buf, buf_len)); - } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) { - ret = 0; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_server_certificate(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_process_certificate(ssl); - if (ret != 0) { - return ret; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); - if (ret != 0) { - return ret; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * Handler for MBEDTLS_SSL_SERVER_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_process_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_application_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED) { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED; - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else -#endif /* MBEDTLS_SSL_EARLY_DATA */ - { -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - } - - return 0; -} - -/* - * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_client_certificate(mbedtls_ssl_context *ssl) -{ - int non_empty_certificate_msg = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, - ("Switch to handshake traffic keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform(ssl, ssl->handshake->transform_handshake); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (ssl->handshake->client_auth) { - int ret = mbedtls_ssl_tls13_write_certificate(ssl); - if (ret != 0) { - return ret; - } - - if (mbedtls_ssl_own_cert(ssl) != NULL) { - non_empty_certificate_msg = 1; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip write certificate")); - } -#endif - - if (non_empty_certificate_msg) { - mbedtls_ssl_handshake_set_state(ssl, - MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip write certificate verify")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - - return 0; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_client_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); - - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - - return ret; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * Handler for MBEDTLS_SSL_CLIENT_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_client_finished(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_write_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret); - return ret; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_FLUSH_BUFFERS); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_FLUSH_BUFFERS - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_flush_buffers(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - - mbedtls_ssl_tls13_handshake_wrapup(ssl); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - return 0; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* From RFC 8446 section 4.2.10 - * - * struct { - * select (Handshake.msg_type) { - * case new_session_ticket: uint32 max_early_data_size; - * ... - * }; - * } EarlyDataIndication; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_new_session_ticket_early_data_ext( - mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - mbedtls_ssl_session *session = ssl->session; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); - - session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); - mbedtls_ssl_tls13_session_set_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("received max_early_data_size: %u", - (unsigned int) session->max_early_data_size)); - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - const unsigned char *p = buf; - - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < end) { - unsigned int extension_type; - size_t extension_data_len; - int ret; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST); - if (ret != 0) { - return ret; - } - - switch (extension_type) { -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_new_session_ticket_early_data_ext( - ssl, p, p + extension_data_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_new_session_ticket_early_data_ext", - ret); - } - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - handshake->received_extensions); - - return 0; -} - -/* - * From RFC8446, page 74 - * - * struct { - * uint32 ticket_lifetime; - * uint32 ticket_age_add; - * opaque ticket_nonce<0..255>; - * opaque ticket<1..2^16-1>; - * Extension extensions<0..2^16-2>; - * } NewSessionTicket; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - unsigned char **ticket_nonce, - size_t *ticket_nonce_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - mbedtls_ssl_session *session = ssl->session; - size_t ticket_len; - unsigned char *ticket; - size_t extensions_len; - - *ticket_nonce = NULL; - *ticket_nonce_len = 0; - /* - * ticket_lifetime 4 bytes - * ticket_age_add 4 bytes - * ticket_nonce_len 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 9); - - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - MBEDTLS_SSL_DEBUG_MSG(3, - ("ticket_lifetime: %u", - (unsigned int) session->ticket_lifetime)); - if (session->ticket_lifetime > - MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime exceeds 7 days.")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 4); - MBEDTLS_SSL_DEBUG_MSG(3, - ("ticket_age_add: %u", - (unsigned int) session->ticket_age_add)); - - *ticket_nonce_len = p[8]; - p += 9; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, *ticket_nonce_len); - *ticket_nonce = p; - MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:", *ticket_nonce, *ticket_nonce_len); - p += *ticket_nonce_len; - - /* Ticket */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ticket_len); - MBEDTLS_SSL_DEBUG_BUF(3, "received ticket", p, ticket_len); - - /* Check if we previously received a ticket already. */ - if (session->ticket != NULL || session->ticket_len > 0) { - mbedtls_free(session->ticket); - session->ticket = NULL; - session->ticket_len = 0; - } - - if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed")); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(ticket, p, ticket_len); - p += ticket_len; - session->ticket = ticket; - session->ticket_len = ticket_len; - - /* Clear all flags in ticket_flags */ - mbedtls_ssl_tls13_session_clear_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "ticket extension", p, extensions_len); - - ret = ssl_tls13_parse_new_session_ticket_exts(ssl, p, p + extensions_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_parse_new_session_ticket_exts", - ret); - return ret; - } - - return 0; -} - -/* Non negative return values for ssl_tls13_postprocess_new_session_ticket(). - * - POSTPROCESS_NEW_SESSION_TICKET_SIGNAL, all good, we have to signal the - * application that a valid ticket has been received. - * - POSTPROCESS_NEW_SESSION_TICKET_DISCARD, no fatal error, we keep the - * connection alive but we do not signal the ticket to the application. - */ -#define POSTPROCESS_NEW_SESSION_TICKET_SIGNAL 0 -#define POSTPROCESS_NEW_SESSION_TICKET_DISCARD 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, - unsigned char *ticket_nonce, - size_t ticket_nonce_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session *session = ssl->session; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - psa_algorithm_t psa_hash_alg; - int hash_length; - - if (session->ticket_lifetime == 0) { - return POSTPROCESS_NEW_SESSION_TICKET_DISCARD; - } - -#if defined(MBEDTLS_HAVE_TIME) - /* Store ticket creation time */ - session->ticket_reception_time = mbedtls_ms_time(); -#endif - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); - if (ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_length = PSA_HASH_LENGTH(psa_hash_alg); - if (hash_length == -1 || - (size_t) hash_length > sizeof(session->resumption_key)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - - MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret", - session->app_secrets.resumption_master_secret, - hash_length); - - /* Compute resumption key - * - * HKDF-Expand-Label( resumption_master_secret, - * "resumption", ticket_nonce, Hash.length ) - */ - ret = mbedtls_ssl_tls13_hkdf_expand_label( - psa_hash_alg, - session->app_secrets.resumption_master_secret, - hash_length, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption), - ticket_nonce, - ticket_nonce_len, - session->resumption_key, - hash_length); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(2, - "Creating the ticket-resumed PSK failed", - ret); - return ret; - } - - session->resumption_key_len = hash_length; - - MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK", - session->resumption_key, - session->resumption_key_len); - - /* Set ticket_flags depends on the selected key exchange modes */ - mbedtls_ssl_tls13_session_set_ticket_flags( - session, ssl->conf->tls13_kex_modes); - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - - return POSTPROCESS_NEW_SESSION_TICKET_SIGNAL; -} - -/* - * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len; - unsigned char *ticket_nonce; - size_t ticket_nonce_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - &buf, &buf_len)); - - /* - * We are about to update (maybe only partially) ticket data thus block - * any session export for the time being. - */ - ssl->session->exported = 1; - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_new_session_ticket( - ssl, buf, buf + buf_len, - &ticket_nonce, &ticket_nonce_len)); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_postprocess_new_session_ticket( - ssl, ticket_nonce, ticket_nonce_len)); - - switch (ret) { - case POSTPROCESS_NEW_SESSION_TICKET_SIGNAL: - /* - * All good, we have received a new valid ticket, session data can - * be exported now and we signal the ticket to the application. - */ - ssl->session->exported = 0; - ret = MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET; - break; - - case POSTPROCESS_NEW_SESSION_TICKET_DISCARD: - ret = 0; - MBEDTLS_SSL_DEBUG_MSG(2, ("Discard new session ticket")); - break; - - default: - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket")); - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - break; - - case MBEDTLS_SSL_CLIENT_HELLO: - ret = mbedtls_ssl_write_client_hello(ssl); - break; - - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_tls13_process_server_hello(ssl); - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - ret = ssl_tls13_process_encrypted_extensions(ssl); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_tls13_process_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = ssl_tls13_process_server_certificate(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_tls13_process_certificate_verify(ssl); - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = ssl_tls13_process_server_finished(ssl); - break; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_tls13_write_end_of_early_data(ssl); - break; -#endif - - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = ssl_tls13_write_client_certificate(ssl); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: - ret = ssl_tls13_write_client_certificate_verify(ssl); - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = ssl_tls13_write_client_finished(ssl); - break; - - case MBEDTLS_SSL_FLUSH_BUFFERS: - ret = ssl_tls13_flush_buffers(ssl); - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - ret = ssl_tls13_handshake_wrapup(ssl); - break; - - /* - * Injection of dummy-CCS's for middlebox compatibility - */ -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret != 0) { - break; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - break; - - case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret != 0) { - break; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - break; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early data keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform( - ssl, ssl->handshake->transform_earlydata); - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE; - } - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: - ret = ssl_tls13_process_new_session_ticket(ssl); - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return ret; -} - -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c deleted file mode 100644 index 6a7d50272..000000000 --- a/library/ssl_tls13_generic.c +++ /dev/null @@ -1,1745 +0,0 @@ -/* - * TLS 1.3 functionality shared between client and server - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include - -#include "mbedtls/error.h" -#include "debug_internal.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform.h" -#include "mbedtls/constant_time.h" -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" - -#include "ssl_tls13_invasive.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" - -#include "psa/crypto.h" -#include "psa_util_internal.h" - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ - MBEDTLS_SERVER_HELLO_RANDOM_LEN] = -{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, - 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, - 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, - 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C }; - -int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buf_len) -{ - int ret; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - goto cleanup; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - ssl->in_msg[0] != hs_type) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Receive unexpected handshake message.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto cleanup; - } - - /* - * Jump handshake header (4 bytes, see Section 4 of RFC 8446). - * ... - * HandshakeType msg_type; - * uint24 length; - * ... - */ - *buf = ssl->in_msg + 4; - *buf_len = ssl->in_hslen - 4; - -cleanup: - - return ret; -} - -int mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - mbedtls_ssl_context *ssl, - const unsigned char *buf, const unsigned char *end, - const unsigned char **supported_versions_data, - const unsigned char **supported_versions_data_end) -{ - const unsigned char *p = buf; - size_t extensions_len; - const unsigned char *extensions_end; - - *supported_versions_data = NULL; - *supported_versions_data_end = NULL; - - /* Case of no extension */ - if (p == end) { - return 0; - } - - /* ... - * Extension extensions; - * ... - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check extensions do not go beyond the buffer of data. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - if (extension_type == MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS) { - *supported_versions_data = p; - *supported_versions_data_end = p + extension_data_len; - return 1; - } - p += extension_data_len; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * STATE HANDLING: Read CertificateVerify - */ -/* Macro to express the maximum length of the verify structure. - * - * The structure is computed per TLS 1.3 specification as: - * - 64 bytes of octet 32, - * - 33 bytes for the context string - * (which is either "TLS 1.3, client CertificateVerify" - * or "TLS 1.3, server CertificateVerify"), - * - 1 byte for the octet 0x0, which serves as a separator, - * - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate) - * (depending on the size of the transcript_hash) - * - * This results in a total size of - * - 130 bytes for a SHA256-based transcript hash, or - * (64 + 33 + 1 + 32 bytes) - * - 146 bytes for a SHA384-based transcript hash. - * (64 + 33 + 1 + 48 bytes) - * - */ -#define SSL_VERIFY_STRUCT_MAX_SIZE (64 + \ - 33 + \ - 1 + \ - MBEDTLS_TLS1_3_MD_MAX_SIZE \ - ) - -/* - * The ssl_tls13_create_verify_structure() creates the verify structure. - * As input, it requires the transcript hash. - * - * The caller has to ensure that the buffer has size at least - * SSL_VERIFY_STRUCT_MAX_SIZE bytes. - */ -static void ssl_tls13_create_verify_structure(const unsigned char *transcript_hash, - size_t transcript_hash_len, - unsigned char *verify_buffer, - size_t *verify_buffer_len, - int from) -{ - size_t idx; - - /* RFC 8446, Section 4.4.3: - * - * The digital signature [in the CertificateVerify message] is then - * computed over the concatenation of: - * - A string that consists of octet 32 (0x20) repeated 64 times - * - The context string - * - A single 0 byte which serves as the separator - * - The content to be signed - */ - memset(verify_buffer, 0x20, 64); - idx = 64; - - if (from == MBEDTLS_SSL_IS_CLIENT) { - memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.client_cv, - MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv)); - idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv); - } else { /* from == MBEDTLS_SSL_IS_SERVER */ - memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.server_cv, - MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv)); - idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv); - } - - verify_buffer[idx++] = 0x0; - - memcpy(verify_buffer + idx, transcript_hash, transcript_hash_len); - idx += transcript_hash_len; - - *verify_buffer_len = idx; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end, - const unsigned char *verify_buffer, - size_t verify_buffer_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - uint16_t algorithm; - size_t signature_len; - mbedtls_pk_type_t sig_alg; - mbedtls_md_type_t md_alg; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - unsigned char verify_hash[PSA_HASH_MAX_SIZE]; - size_t verify_hash_len; - - void const *options = NULL; -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_pk_rsassa_pss_options rsassa_pss_options; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - - /* - * struct { - * SignatureScheme algorithm; - * opaque signature<0..2^16-1>; - * } CertificateVerify; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - algorithm = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* RFC 8446 section 4.4.3 - * - * If the CertificateVerify message is sent by a server, the signature - * algorithm MUST be one offered in the client's "signature_algorithms" - * extension unless no valid certificate chain can be produced without - * unsupported algorithms - * - * RFC 8446 section 4.4.2.2 - * - * If the client cannot construct an acceptable chain using the provided - * certificates and decides to abort the handshake, then it MUST abort the - * handshake with an appropriate certificate-related alert - * (by default, "unsupported_certificate"). - * - * Check if algorithm is an offered signature algorithm. - */ - if (!mbedtls_ssl_sig_alg_is_offered(ssl, algorithm)) { - /* algorithm not in offered signature algorithms list */ - MBEDTLS_SSL_DEBUG_MSG(1, ("Received signature algorithm(%04x) is not " - "offered.", - (unsigned int) algorithm)); - goto error; - } - - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - algorithm, &sig_alg, &md_alg) != 0) { - goto error; - } - - hash_alg = mbedtls_md_psa_alg_from_type(md_alg); - if (hash_alg == 0) { - goto error; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate Verify: Signature algorithm ( %04x )", - (unsigned int) algorithm)); - - /* - * Check the certificate's key type matches the signature alg - */ - if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key")); - goto error; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - signature_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, signature_len); - - status = psa_hash_compute(hash_alg, - verify_buffer, - verify_buffer_len, - verify_hash, - sizeof(verify_hash), - &verify_hash_len); - if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "hash computation PSA error", status); - goto error; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (sig_alg == MBEDTLS_PK_RSASSA_PSS) { - rsassa_pss_options.mgf1_hash_id = md_alg; - - rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH(hash_alg); - options = (const void *) &rsassa_pss_options; - } -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - - if ((ret = mbedtls_pk_verify_ext(sig_alg, options, - &ssl->session_negotiate->peer_cert->pk, - md_alg, verify_hash, verify_hash_len, - p, signature_len)) == 0) { - return 0; - } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); - -error: - /* RFC 8446 section 4.4.3 - * - * If the verification fails, the receiver MUST terminate the handshake - * with a "decrypt_error" alert. - */ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) -{ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE]; - size_t verify_buffer_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - - MBEDTLS_SSL_PROC_CHK( - mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len)); - - /* Need to calculate the hash of the transcript first - * before reading the message since otherwise it gets - * included in the transcript - */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, - (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_INTERNAL_ERROR); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "handshake hash", transcript, transcript_len); - - /* Create verify structure */ - ssl_tls13_create_verify_structure(transcript, - transcript_len, - verify_buffer, - &verify_buffer_len, - (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ? - MBEDTLS_SSL_IS_SERVER : - MBEDTLS_SSL_IS_CLIENT); - - /* Process the message contents */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify( - ssl, buf, buf + buf_len, - verify_buffer, verify_buffer_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, buf_len)); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_process_certificate_verify", ret); - return ret; -#else - ((void) ssl); - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ -} - -/* - * - * STATE HANDLING: Incoming Certificate. - * - */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -/* - * Structure of Certificate message: - * - * enum { - * X509(0), - * RawPublicKey(2), - * (255) - * } CertificateType; - * - * struct { - * select (certificate_type) { - * case RawPublicKey: - * * From RFC 7250 ASN.1_subjectPublicKeyInfo * - * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; - * case X509: - * opaque cert_data<1..2^24-1>; - * }; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - * - */ - -/* Parse certificate chain send by the server. */ -MBEDTLS_CHECK_RETURN_CRITICAL -MBEDTLS_STATIC_TESTABLE -int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t certificate_request_context_len = 0; - size_t certificate_list_len = 0; - const unsigned char *p = buf; - const unsigned char *certificate_list_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4); - certificate_request_context_len = p[0]; - certificate_list_len = MBEDTLS_GET_UINT24_BE(p, 1); - p += 4; - - /* In theory, the certificate list can be up to 2^24 Bytes, but we don't - * support anything beyond 2^16 = 64K. - */ - if ((certificate_request_context_len != 0) || - (certificate_list_len >= 0x10000)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* In case we tried to reuse a session but it failed */ - if (ssl->session_negotiate->peer_cert != NULL) { - mbedtls_x509_crt_free(ssl->session_negotiate->peer_cert); - mbedtls_free(ssl->session_negotiate->peer_cert); - } - - /* This is used by ssl_tls13_validate_certificate() */ - if (certificate_list_len == 0) { - ssl->session_negotiate->peer_cert = NULL; - ret = 0; - goto exit; - } - - if ((ssl->session_negotiate->peer_cert = - mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed", - sizeof(mbedtls_x509_crt))); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_ALLOC_FAILED); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(ssl->session_negotiate->peer_cert); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_list_len); - certificate_list_end = p + certificate_list_len; - while (p < certificate_list_end) { - size_t cert_data_len, extensions_len; - const unsigned char *extensions_end; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, 3); - cert_data_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - /* In theory, the CRT can be up to 2^24 Bytes, but we don't support - * anything beyond 2^16 = 64K. Otherwise as in the TLS 1.2 code, - * check that we have a minimum of 128 bytes of data, this is not - * clear why we need that though. - */ - if ((cert_data_len < 128) || (cert_data_len >= 0x10000)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad Certificate message")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, cert_data_len); - ret = mbedtls_x509_crt_parse_der(ssl->session_negotiate->peer_cert, - p, cert_data_len); - - switch (ret) { - case 0: /*ok*/ - break; - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: - /* Ignore certificate with an unknown algorithm: maybe a - prior certificate was already trusted. */ - break; - - case MBEDTLS_ERR_X509_ALLOC_FAILED: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_X509_ALLOC_FAILED); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - - case MBEDTLS_ERR_X509_UNKNOWN_VERSION: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, - MBEDTLS_ERR_X509_UNKNOWN_VERSION); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - - default: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT, - ret); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - } - - p += cert_data_len; - - /* Certificate extensions length */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, extensions_len); - - extensions_end = p + extensions_len; - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - /* - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT); - if (ret != 0) { - return ret; - } - - switch (extension_type) { - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_CERTIFICATE, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CERTIFICATE, - handshake->received_extensions); - } - -exit: - /* Check that all the message is consumed. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad Certificate message")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", - ssl->session_negotiate->peer_cert); - - return ret; -} -#else -MBEDTLS_CHECK_RETURN_CRITICAL -MBEDTLS_STATIC_TESTABLE -int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - ((void) ssl); - ((void) buf); - ((void) end); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -/* Validate certificate chain sent by the server. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) -{ - /* Authmode: precedence order is SNI if used else configuration */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -#else - const int authmode = ssl->conf->authmode; -#endif - - /* - * If the peer hasn't sent a certificate ( i.e. it sent - * an empty certificate chain ), this is reflected in the peer CRT - * structure being unset. - * Check for that and handle it depending on the - * authentication mode. - */ - if (ssl->session_negotiate->peer_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer has no certificate")); - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - /* The client was asked for a certificate but didn't send - * one. The client should know what's going on, so we - * don't send an alert. - */ - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) { - return 0; - } else { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_NO_CERT, - MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE); - return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - /* Regardless of authmode, the server is not allowed to send an empty - * certificate chain. (Last paragraph before 4.4.2.1 in RFC 8446: "The - * server's certificate_list MUST always be non-empty.") With authmode - * optional/none, we continue the handshake if we can't validate the - * server's cert, but we still break it if no certificate was sent. */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT, - MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE); - return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; - } -#endif /* MBEDTLS_SSL_CLI_C */ - } - - return mbedtls_ssl_verify_certificate(ssl, authmode, - ssl->session_negotiate->peer_cert, - NULL, NULL); -} -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) -{ - ((void) ssl); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, - &buf, &buf_len)); - - /* Parse the certificate chain sent by the peer. */ - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_parse_certificate(ssl, buf, - buf + buf_len)); - /* Validate the certificate chain and set the verification results. */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); - -cleanup: -#else /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - (void) ssl; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); - return ret; -} -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * enum { - * X509(0), - * RawPublicKey(2), - * (255) - * } CertificateType; - * - * struct { - * select (certificate_type) { - * case RawPublicKey: - * // From RFC 7250 ASN.1_subjectPublicKeyInfo - * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; - * - * case X509: - * opaque cert_data<1..2^24-1>; - * }; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert(ssl); - unsigned char *p = buf; - unsigned char *certificate_request_context = - ssl->handshake->certificate_request_context; - unsigned char certificate_request_context_len = - ssl->handshake->certificate_request_context_len; - unsigned char *p_certificate_list_len; - - - /* ... - * opaque certificate_request_context<0..2^8-1>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, certificate_request_context_len + 1); - *p++ = certificate_request_context_len; - if (certificate_request_context_len > 0) { - memcpy(p, certificate_request_context, certificate_request_context_len); - p += certificate_request_context_len; - } - - /* ... - * CertificateEntry certificate_list<0..2^24-1>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3); - p_certificate_list_len = p; - p += 3; - - MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", crt); - - while (crt != NULL) { - size_t cert_data_len = crt->raw.len; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, cert_data_len + 3 + 2); - MBEDTLS_PUT_UINT24_BE(cert_data_len, p, 0); - p += 3; - - memcpy(p, crt->raw.p, cert_data_len); - p += cert_data_len; - crt = crt->next; - - /* Currently, we don't have any certificate extensions defined. - * Hence, we are sending an empty extension with length zero. - */ - MBEDTLS_PUT_UINT16_BE(0, p, 0); - p += 2; - } - - MBEDTLS_PUT_UINT24_BE(p - p_certificate_list_len - 3, - p_certificate_list_len, 0); - - *out_len = p - buf; - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions); - - return 0; -} - -int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) -{ - int ret; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl, - buf, - buf + buf_len, - &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate")); - return ret; -} - -/* - * STATE HANDLING: Output Certificate Verify - */ -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg, - mbedtls_pk_context *key) -{ - mbedtls_pk_type_t pk_type = (mbedtls_pk_type_t) mbedtls_ssl_sig_from_pk(key); - size_t key_size = mbedtls_pk_get_bitlen(key); - - switch (pk_type) { - case MBEDTLS_SSL_SIG_ECDSA: - switch (key_size) { - case 256: - return - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - - case 384: - return - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - - case 521: - return - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - default: - break; - } - break; - - case MBEDTLS_SSL_SIG_RSA: - switch (sig_alg) { - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */ - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */ - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return 1; - - default: - break; - } - break; - - default: - break; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - mbedtls_pk_context *own_key; - - unsigned char handshake_hash[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t handshake_hash_len; - unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE]; - size_t verify_buffer_len; - - uint16_t *sig_alg = ssl->handshake->received_sig_algs; - size_t signature_len = 0; - - *out_len = 0; - - own_key = mbedtls_ssl_own_key(ssl); - if (own_key == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_ssl_get_handshake_transcript( - ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, - handshake_hash, sizeof(handshake_hash), &handshake_hash_len); - if (ret != 0) { - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "handshake hash", - handshake_hash, - handshake_hash_len); - - ssl_tls13_create_verify_structure(handshake_hash, handshake_hash_len, - verify_buffer, &verify_buffer_len, - ssl->conf->endpoint); - - /* - * struct { - * SignatureScheme algorithm; - * opaque signature<0..2^16-1>; - * } CertificateVerify; - */ - /* Check there is space for the algorithm identifier (2 bytes) and the - * signature length (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - psa_algorithm_t psa_algorithm = PSA_ALG_NONE; - unsigned char verify_hash[PSA_HASH_MAX_SIZE]; - size_t verify_hash_len; - - if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { - continue; - } - - if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) { - continue; - } - - if (!mbedtls_ssl_tls13_check_sig_alg_cert_key_match(*sig_alg, own_key)) { - continue; - } - - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - *sig_alg, &pk_type, &md_alg) != 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg); - status = psa_hash_compute(psa_algorithm, - verify_buffer, - verify_buffer_len, - verify_hash, sizeof(verify_hash), - &verify_hash_len); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - - if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, - md_alg, verify_hash, verify_hash_len, - p + 4, (size_t) (end - (p + 4)), &signature_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); - - /* The signature failed. This is possible if the private key - * was not suitable for the signature operation as purposely we - * did not check its suitability completely. Let's try with - * another signature algorithm. - */ - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature with %s", - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - - break; - } - - if (*sig_alg == MBEDTLS_TLS1_3_SIG_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no suitable signature algorithm")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_PUT_UINT16_BE(*sig_alg, p, 0); - MBEDTLS_PUT_UINT16_BE(signature_len, p, 2); - - *out_len = 4 + signature_len; - - return 0; -} - -int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = 0; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify")); - return ret; -} - -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * - * STATE HANDLING: Incoming Finished message. - */ -/* - * Implementation - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_preprocess_finished_message(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_calculate_verify_data( - ssl, - ssl->handshake->state_local.finished_in.digest, - sizeof(ssl->handshake->state_local.finished_in.digest), - &ssl->handshake->state_local.finished_in.digest_len, - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_calculate_verify_data", ret); - return ret; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_finished_message(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - /* - * struct { - * opaque verify_data[Hash.length]; - * } Finished; - */ - const unsigned char *expected_verify_data = - ssl->handshake->state_local.finished_in.digest; - size_t expected_verify_data_len = - ssl->handshake->state_local.finished_in.digest_len; - /* Structural validation */ - if ((size_t) (end - buf) != expected_verify_data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "verify_data (self-computed):", - expected_verify_data, - expected_verify_data_len); - MBEDTLS_SSL_DEBUG_BUF(4, "verify_data (received message):", buf, - expected_verify_data_len); - - /* Semantic validation */ - if (mbedtls_ct_memcmp(buf, - expected_verify_data, - expected_verify_data_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - return 0; -} - -int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished message")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); - - /* Preprocessing step: Compute handshake digest */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message( - ssl, buf, buf + buf_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished message")); - return ret; -} - -/* - * - * STATE HANDLING: Write and send Finished message. - * - */ -/* - * Implement - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) -{ - int ret; - - /* Compute transcript of handshake up to now. */ - ret = mbedtls_ssl_tls13_calculate_verify_data(ssl, - ssl->handshake->state_local.finished_out.digest, - sizeof(ssl->handshake->state_local.finished_out. - digest), - &ssl->handshake->state_local.finished_out.digest_len, - ssl->conf->endpoint); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calculate_verify_data failed", ret); - return ret; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_finished_message_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; - /* - * struct { - * opaque verify_data[Hash.length]; - * } Finished; - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, verify_data_len); - - memcpy(buf, ssl->handshake->state_local.finished_out.digest, - verify_data_len); - - *out_len = verify_data_len; - return 0; -} - -/* Main entry point: orchestrates the other functions */ -int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished message")); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_finished_message(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, - MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_finished_message_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_FINISHED, buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished message")); - return ret; -} - -void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - - MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup")); - - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to application keys for inbound traffic")); - mbedtls_ssl_set_inbound_transform(ssl, ssl->transform_application); - - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to application keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform(ssl, ssl->transform_application); - - /* - * Free the previous session and switch to the current one. - */ - if (ssl->session) { - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - } - ssl->session = ssl->session_negotiate; - ssl->session_negotiate = NULL; - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); -} - -/* - * - * STATE HANDLING: Write ChangeCipherSpec - * - */ -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen) -{ - ((void) ssl); - - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 1); - buf[0] = 1; - *olen = 1; - - return 0; -} - -int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); - - /* Only one CCS to send. */ - if (ssl->handshake->ccs_sent) { - ret = 0; - goto cleanup; - } - - /* Write CCS message */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body( - ssl, ssl->out_msg, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, - &ssl->out_msglen)); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; - - /* Dispatch message */ - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); - - ssl->handshake->ccs_sent = 1; - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); - return ret; -} - -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -/* Early Data Indication Extension - * - * struct { - * select ( Handshake.msg_type ) { - * case new_session_ticket: uint32 max_early_data_size; - * case client_hello: Empty; - * case encrypted_extensions: Empty; - * }; - * } EarlyDataIndication; - */ -#if defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, - int in_new_session_ticket, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - -#if defined(MBEDTLS_SSL_SRV_C) - const size_t needed = in_new_session_ticket ? 8 : 4; -#else - const size_t needed = 4; - ((void) in_new_session_ticket); -#endif - - *out_len = 0; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, needed); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); - MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2); - -#if defined(MBEDTLS_SSL_SRV_C) - if (in_new_session_ticket) { - MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->conf->max_early_data_size)); - } -#endif - - *out_len = needed; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); - - return 0; -} - -#if defined(MBEDTLS_SSL_SRV_C) -int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, - size_t early_data_len) -{ - /* - * This function should be called only while an handshake is in progress - * and thus a session under negotiation. Add a sanity check to detect a - * misuse. - */ - if (ssl->session_negotiate == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* RFC 8446 section 4.6.1 - * - * A server receiving more than max_early_data_size bytes of 0-RTT data - * SHOULD terminate the connection with an "unexpected_message" alert. - * Note that if it is still possible to send early_data_len bytes of early - * data, it means that early_data_len is smaller than max_early_data_size - * (type uint32_t) and can fit in an uint32_t. We use this further - * down. - */ - if (early_data_len > - (ssl->session_negotiate->max_early_data_size - - ssl->total_early_data_size)) { - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("EarlyData: Too much early data received, " - "%lu + %" MBEDTLS_PRINTF_SIZET " > %lu", - (unsigned long) ssl->total_early_data_size, - early_data_len, - (unsigned long) ssl->session_negotiate->max_early_data_size)); - - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * early_data_len has been checked to be less than max_early_data_size - * that is uint32_t. Its cast to an uint32_t below is thus safe. We need - * the cast to appease some compilers. - */ - ssl->total_early_data_size += (uint32_t) early_data_len; - - return 0; -} -#endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/* Reset SSL context and update hash for handling HRR. - * - * Replace Transcript-Hash(X) by - * Transcript-Hash( message_hash || - * 00 00 Hash.length || - * X ) - * A few states of the handshake are preserved, including: - * - session ID - * - session ticket - * - negotiated ciphersuite - */ -int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char hash_transcript[PSA_HASH_MAX_SIZE + 4]; - size_t hash_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR")); - - ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, - hash_transcript + 4, - PSA_HASH_MAX_SIZE, - &hash_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret); - return ret; - } - - hash_transcript[0] = MBEDTLS_SSL_HS_MESSAGE_HASH; - hash_transcript[1] = 0; - hash_transcript[2] = 0; - hash_transcript[3] = (unsigned char) hash_len; - - hash_len += 4; - - MBEDTLS_SSL_DEBUG_BUF(4, "Truncated handshake transcript", - hash_transcript, hash_len); - - /* Reset running hash and replace it with a hash of the transcript */ - ret = mbedtls_ssl_reset_checksum(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); - return ret; - } - ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - - return ret; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - -int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t buf_len) -{ - uint8_t *p = (uint8_t *) buf; - const uint8_t *end = buf + buf_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Get size of the TLS opaque key_exchange field of the KeyShareEntry struct. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check if key size is consistent with given buffer length. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len); - - /* Store peer's ECDH/FFDH public key. */ - if (peerkey_len > sizeof(handshake->xxdh_psa_peerkey)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %u > %" MBEDTLS_PRINTF_SIZET, - (unsigned) peerkey_len, - sizeof(handshake->xxdh_psa_peerkey))); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len); - handshake->xxdh_psa_peerkey_len = peerkey_len; - - return 0; -} - -#if defined(PSA_WANT_ALG_FFDH) -static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( - uint16_t tls_id, size_t *bits, psa_key_type_t *key_type) -{ - switch (tls_id) { -#if defined(PSA_WANT_DH_RFC7919_2048) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - *bits = 2048; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_2048 */ -#if defined(PSA_WANT_DH_RFC7919_3072) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - *bits = 3072; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_3072 */ -#if defined(PSA_WANT_DH_RFC7919_4096) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - *bits = 4096; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_4096 */ -#if defined(PSA_WANT_DH_RFC7919_6144) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - *bits = 6144; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_6144 */ -#if defined(PSA_WANT_DH_RFC7919_8192) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - *bits = 8192; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_8192 */ - default: - return PSA_ERROR_NOT_SUPPORTED; - } -} -#endif /* PSA_WANT_ALG_FFDH */ - -int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - psa_key_attributes_t key_attributes; - size_t own_pubkey_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t bits = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - psa_algorithm_t alg = PSA_ALG_NONE; - size_t buf_size = (size_t) (end - buf); - - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation.")); - - /* Convert EC's TLS ID to PSA key type. */ -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_get_psa_curve_info_from_tls_id( - named_group, &key_type, &bits) == PSA_SUCCESS) { - alg = PSA_ALG_ECDH; - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits, - &key_type) == PSA_SUCCESS) { - alg = PSA_ALG_FFDH; - } -#endif - - if (key_type == PSA_KEY_TYPE_NONE) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - if (buf_size < PSA_BITS_TO_BYTES(bits)) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - handshake->xxdh_psa_type = key_type; - ssl->handshake->xxdh_psa_bits = bits; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* Generate ECDH/FFDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); - return ret; - - } - - /* Export the public part of the ECDH/FFDH private key from PSA. */ - status = psa_export_public_key(handshake->xxdh_psa_privkey, - buf, buf_size, - &own_pubkey_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); - return ret; - } - - *out_len = own_pubkey_len; - - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -/* RFC 8446 section 4.2 - * - * If an implementation receives an extension which it recognizes and which is - * not specified for the message in which it appears, it MUST abort the handshake - * with an "illegal_parameter" alert. - * - */ -int mbedtls_ssl_tls13_check_received_extension( - mbedtls_ssl_context *ssl, - int hs_msg_type, - unsigned int received_extension_type, - uint32_t hs_msg_allowed_extensions_mask) -{ - uint32_t extension_mask = mbedtls_ssl_get_extension_mask( - received_extension_type); - - MBEDTLS_SSL_PRINT_EXT( - 3, hs_msg_type, received_extension_type, "received"); - - if ((extension_mask & hs_msg_allowed_extensions_mask) == 0) { - MBEDTLS_SSL_PRINT_EXT( - 3, hs_msg_type, received_extension_type, "is illegal"); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->handshake->received_extensions |= extension_mask; - /* - * If it is a message containing extension responses, check that we - * previously sent the extension. - */ - switch (hs_msg_type) { - case MBEDTLS_SSL_HS_SERVER_HELLO: - case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: - case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: - case MBEDTLS_SSL_HS_CERTIFICATE: - /* Check if the received extension is sent by peer message.*/ - if ((ssl->handshake->sent_extensions & extension_mask) != 0) { - return 0; - } - break; - default: - return 0; - } - - MBEDTLS_SSL_PRINT_EXT( - 3, hs_msg_type, received_extension_type, "is unsupported"); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; -} - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - -/* RFC 8449, section 4: - * - * The ExtensionData of the "record_size_limit" extension is - * RecordSizeLimit: - * uint16 RecordSizeLimit; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - uint16_t record_size_limit; - const size_t extension_data_len = end - buf; - - if (extension_data_len != - MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("record_size_limit extension has invalid length: %" - MBEDTLS_PRINTF_SIZET " Bytes", - extension_data_len)); - - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); - - MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - - /* RFC 8449, section 4: - * - * Endpoints MUST NOT send a "record_size_limit" extension with a value - * smaller than 64. An endpoint MUST treat receipt of a smaller value - * as a fatal error and generate an "illegal_parameter" alert. - */ - if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes", - record_size_limit)); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->session_negotiate->record_size_limit = record_size_limit; - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - *out_len = 0; - - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN, - "MBEDTLS_SSL_IN_CONTENT_LEN is less than the " - "minimum record size limit"); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, - p, 2); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4); - - *out_len = 6; - - MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %d Bytes", - MBEDTLS_SSL_IN_CONTENT_LEN)); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); - - return 0; -} - -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h deleted file mode 100644 index 73e0e304f..000000000 --- a/library/ssl_tls13_invasive.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_SSL_TLS13_INVASIVE_H -#define MBEDTLS_SSL_TLS13_INVASIVE_H - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "psa/crypto.h" - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); -#endif /* MBEDTLS_TEST_HOOKS */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c deleted file mode 100644 index 5128a4153..000000000 --- a/library/ssl_tls13_keys.c +++ /dev/null @@ -1,1883 +0,0 @@ -/* - * TLS 1.3 key schedule - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include -#include - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "ssl_tls13_keys.h" -#include "ssl_tls13_invasive.h" - -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" - -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - .name = string, - -struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = -{ - /* This seems to work in C, despite the string literal being one - * character too long due to the 0-termination. */ - MBEDTLS_SSL_TLS1_3_LABEL_LIST -}; - -#undef MBEDTLS_SSL_TLS1_3_LABEL - -/* - * This function creates a HkdfLabel structure used in the TLS 1.3 key schedule. - * - * The HkdfLabel is specified in RFC 8446 as follows: - * - * struct HkdfLabel { - * uint16 length; // Length of expanded key material - * opaque label<7..255>; // Always prefixed by "tls13 " - * opaque context<0..255>; // Usually a communication transcript hash - * }; - * - * Parameters: - * - desired_length: Length of expanded key material - * Even though the standard allows expansion to up to - * 2**16 Bytes, TLS 1.3 never uses expansion to more than - * 255 Bytes, so we require `desired_length` to be at most - * 255. This allows us to save a few Bytes of code by - * hardcoding the writing of the high bytes. - * - (label, label_len): label + label length, without "tls13 " prefix - * The label length MUST be less than or equal to - * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN - * It is the caller's responsibility to ensure this. - * All (label, label length) pairs used in TLS 1.3 - * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). - * - (ctx, ctx_len): context + context length - * The context length MUST be less than or equal to - * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN - * It is the caller's responsibility to ensure this. - * - dst: Target buffer for HkdfLabel structure, - * This MUST be a writable buffer of size - * at least SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN Bytes. - * - dst_len: Pointer at which to store the actual length of - * the HkdfLabel structure on success. - */ - -static const char tls13_label_prefix[6] = "tls13 "; - -#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ - (2 /* expansion length */ \ - + 1 /* label length */ \ - + label_len \ - + 1 /* context length */ \ - + context_len) - -#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ - SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ - sizeof(tls13_label_prefix) + \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) - -static void ssl_tls13_hkdf_encode_label( - size_t desired_length, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - unsigned char *dst, size_t *dst_len) -{ - size_t total_label_len = - sizeof(tls13_label_prefix) + label_len; - size_t total_hkdf_lbl_len = - SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, ctx_len); - - unsigned char *p = dst; - - /* Add the size of the expanded key material. - * We're hardcoding the high byte to 0 here assuming that we never use - * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ -#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 -#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \ - value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" -#endif - - *p++ = 0; - *p++ = MBEDTLS_BYTE_0(desired_length); - - /* Add label incl. prefix */ - *p++ = MBEDTLS_BYTE_0(total_label_len); - memcpy(p, tls13_label_prefix, sizeof(tls13_label_prefix)); - p += sizeof(tls13_label_prefix); - memcpy(p, label, label_len); - p += label_len; - - /* Add context value */ - *p++ = MBEDTLS_BYTE_0(ctx_len); - if (ctx_len != 0) { - memcpy(p, ctx, ctx_len); - } - - /* Return total length to the caller. */ - *dst_len = total_hkdf_lbl_len; -} - -int mbedtls_ssl_tls13_hkdf_expand_label( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - unsigned char *buf, size_t buf_len) -{ - unsigned char hkdf_label[SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN]; - size_t hkdf_label_len = 0; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t operation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if (label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) { - /* Should never happen since this is an internal - * function, and we know statically which labels - * are allowed. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (ctx_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) { - /* Should not happen, as above. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (buf_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) { - /* Should not happen, as above. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_tls13_hkdf_encode_label(buf_len, - label, label_len, - ctx, ctx_len, - hkdf_label, - &hkdf_label_len); - - status = psa_key_derivation_setup(&operation, PSA_ALG_HKDF_EXPAND(hash_alg)); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - secret, - secret_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_INFO, - hkdf_label, - hkdf_label_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_output_bytes(&operation, - buf, - buf_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - -cleanup: - abort_status = psa_key_derivation_abort(&operation); - status = (status == PSA_SUCCESS ? abort_status : status); - mbedtls_platform_zeroize(hkdf_label, hkdf_label_len); - return PSA_TO_MBEDTLS_ERR(status); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_make_traffic_key( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - unsigned char *key, size_t key_len, - unsigned char *iv, size_t iv_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_ssl_tls13_hkdf_expand_label( - hash_alg, - secret, secret_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key), - NULL, 0, - key, key_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_hkdf_expand_label( - hash_alg, - secret, secret_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv), - NULL, 0, - iv, iv_len); - return ret; -} - -/* - * The traffic keying material is generated from the following inputs: - * - * - One secret value per sender. - * - A purpose value indicating the specific value being generated - * - The desired lengths of key and IV. - * - * The expansion itself is based on HKDF: - * - * [sender]_write_key = HKDF-Expand-Label( Secret, "key", "", key_length ) - * [sender]_write_iv = HKDF-Expand-Label( Secret, "iv" , "", iv_length ) - * - * [sender] denotes the sending side and the Secret value is provided - * by the function caller. Note that we generate server and client side - * keys in a single function call. - */ -int mbedtls_ssl_tls13_make_traffic_keys( - psa_algorithm_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, size_t secret_len, - size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys) -{ - int ret = 0; - - ret = ssl_tls13_make_traffic_key( - hash_alg, client_secret, secret_len, - keys->client_write_key, key_len, - keys->client_write_iv, iv_len); - if (ret != 0) { - return ret; - } - - ret = ssl_tls13_make_traffic_key( - hash_alg, server_secret, secret_len, - keys->server_write_key, key_len, - keys->server_write_iv, iv_len); - if (ret != 0) { - return ret; - } - - keys->key_len = key_len; - keys->iv_len = iv_len; - - return 0; -} - -int mbedtls_ssl_tls13_derive_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - int ctx_hashed, - unsigned char *dstbuf, size_t dstbuf_len) -{ - int ret; - unsigned char hashed_context[PSA_HASH_MAX_SIZE]; - if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context, - PSA_HASH_LENGTH(hash_alg), &ctx_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - return ret; - } - } else { - if (ctx_len > sizeof(hashed_context)) { - /* This should never happen since this function is internal - * and the code sets `ctx_hashed` correctly. - * Let's double-check nonetheless to not run at the risk - * of getting a stack overflow. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(hashed_context, ctx, ctx_len); - } - - return mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, - secret, secret_len, - label, label_len, - hashed_context, ctx_len, - dstbuf, dstbuf_len); - -} - -int mbedtls_ssl_tls13_evolve_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new) -{ - int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hlen; - unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 }; - const unsigned char all_zeroes_input[MBEDTLS_TLS1_3_MD_MAX_SIZE] = { 0 }; - const unsigned char *l_input = NULL; - size_t l_input_len; - - psa_key_derivation_operation_t operation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - hlen = PSA_HASH_LENGTH(hash_alg); - - /* For non-initial runs, call Derive-Secret( ., "derived", "") - * on the old secret. */ - if (secret_old != NULL) { - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - secret_old, hlen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived), - NULL, 0, /* context */ - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - tmp_secret, hlen); - if (ret != 0) { - goto cleanup; - } - } - - ret = 0; - - if (input != NULL && input_len != 0) { - l_input = input; - l_input_len = input_len; - } else { - l_input = all_zeroes_input; - l_input_len = hlen; - } - - status = psa_key_derivation_setup(&operation, - PSA_ALG_HKDF_EXTRACT(hash_alg)); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SALT, - tmp_secret, - hlen); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - l_input, l_input_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_output_bytes(&operation, - secret_new, - PSA_HASH_LENGTH(hash_alg)); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - -cleanup: - abort_status = psa_key_derivation_abort(&operation); - status = (status == PSA_SUCCESS ? abort_status : status); - ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret); - mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret)); - return ret; -} - -int mbedtls_ssl_tls13_derive_early_secrets( - psa_algorithm_t hash_alg, - unsigned char const *early_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_early_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * 0 - * | - * v - * PSK -> HKDF-Extract = Early Secret - * | - * +-----> Derive-Secret(., "c e traffic", ClientHello) - * | = client_early_traffic_secret - * | - * +-----> Derive-Secret(., "e exp master", ClientHello) - * | = early_exporter_master_secret - * v - */ - - /* Create client_early_traffic_secret */ - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_e_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->client_early_traffic_secret, - hash_len); - if (ret != 0) { - return ret; - } - - /* Create early exporter */ - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(e_exp_master), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->early_exporter_master_secret, - hash_len); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_ssl_tls13_derive_handshake_secrets( - psa_algorithm_t hash_alg, - unsigned char const *handshake_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_handshake_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * - * Handshake Secret - * | - * +-----> Derive-Secret( ., "c hs traffic", - * | ClientHello...ServerHello ) - * | = client_handshake_traffic_secret - * | - * +-----> Derive-Secret( ., "s hs traffic", - * | ClientHello...ServerHello ) - * | = server_handshake_traffic_secret - * - */ - - /* - * Compute client_handshake_traffic_secret with - * Derive-Secret( ., "c hs traffic", ClientHello...ServerHello ) - */ - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - handshake_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_hs_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->client_handshake_traffic_secret, - hash_len); - if (ret != 0) { - return ret; - } - - /* - * Compute server_handshake_traffic_secret with - * Derive-Secret( ., "s hs traffic", ClientHello...ServerHello ) - */ - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - handshake_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_hs_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->server_handshake_traffic_secret, - hash_len); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_ssl_tls13_derive_application_secrets( - psa_algorithm_t hash_alg, - unsigned char const *application_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Generate {client,server}_application_traffic_secret_0 - * - * Master Secret - * | - * +-----> Derive-Secret( ., "c ap traffic", - * | ClientHello...server Finished ) - * | = client_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "s ap traffic", - * | ClientHello...Server Finished ) - * | = server_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "exp master", - * | ClientHello...server Finished) - * | = exporter_master_secret - * - */ - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_ap_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->client_application_traffic_secret_N, - hash_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_ap_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->server_application_traffic_secret_N, - hash_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exp_master), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->exporter_master_secret, - hash_len); - if (ret != 0) { - return ret; - } - - return 0; -} - -/* Generate resumption_master_secret for use with the ticket exchange. - * - * This is not integrated with mbedtls_ssl_tls13_derive_application_secrets() - * because it uses the transcript hash up to and including ClientFinished. */ -int mbedtls_ssl_tls13_derive_resumption_master_secret( - psa_algorithm_t hash_alg, - unsigned char const *application_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_master), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->resumption_master_secret, - hash_len); - - if (ret != 0) { - return ret; - } - - return 0; -} - -/** - * \brief Transition into application stage of TLS 1.3 key schedule. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Handshake -> Application transition. - * - * In the handshake stage, ssl_tls13_generate_application_keys() - * can be used to derive the handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in key schedule - * stage \c Handshake. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - (mbedtls_md_type_t) handshake->ciphersuite_info->mac); - - /* - * Compute MasterSecret - */ - ret = mbedtls_ssl_tls13_evolve_secret( - hash_alg, - handshake->tls13_master_secrets.handshake, - NULL, 0, - handshake->tls13_master_secrets.app); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF( - 4, "Master secret", - handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg)); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_calc_finished_core(psa_algorithm_t hash_alg, - unsigned char const *base_key, - unsigned char const *transcript, - unsigned char *dst, - size_t *dst_len) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_len = PSA_HASH_LENGTH(hash_alg); - unsigned char finished_key[PSA_MAC_MAX_SIZE]; - int ret; - psa_algorithm_t alg; - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* TLS 1.3 Finished message - * - * struct { - * opaque verify_data[Hash.length]; - * } Finished; - * - * verify_data = - * HMAC( finished_key, - * Hash( Handshake Context + - * Certificate* + - * CertificateVerify* ) - * ) - * - * finished_key = - * HKDF-Expand-Label( BaseKey, "finished", "", Hash.length ) - */ - - ret = mbedtls_ssl_tls13_hkdf_expand_label( - hash_alg, base_key, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(finished), - NULL, 0, - finished_key, hash_len); - if (ret != 0) { - goto exit; - } - - alg = PSA_ALG_HMAC(hash_alg); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - status = psa_import_key(&attributes, finished_key, hash_len, &key); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_compute(key, alg, transcript, hash_len, - dst, hash_len, dst_len); - ret = PSA_TO_MBEDTLS_ERR(status); - -exit: - - status = psa_destroy_key(key); - if (ret == 0) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - - mbedtls_platform_zeroize(finished_key, sizeof(finished_key)); - - return ret; -} - -int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *actual_len, - int from) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - - unsigned char *base_key = NULL; - size_t base_key_len = 0; - mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = - &ssl->handshake->tls13_hs_secrets; - - mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac; - - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( - (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac); - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data")); - - if (from == MBEDTLS_SSL_IS_CLIENT) { - base_key = tls13_hs_secrets->client_handshake_traffic_secret; - base_key_len = sizeof(tls13_hs_secrets->client_handshake_traffic_secret); - } else { - base_key = tls13_hs_secrets->server_handshake_traffic_secret; - base_key_len = sizeof(tls13_hs_secrets->server_handshake_traffic_secret); - } - - if (dst_len < hash_len) { - ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - goto exit; - } - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret); - goto exit; - } - MBEDTLS_SSL_DEBUG_BUF(4, "handshake hash", transcript, transcript_len); - - ret = ssl_tls13_calc_finished_core(hash_alg, base_key, - transcript, dst, actual_len); - if (ret != 0) { - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "verify_data for finished message", dst, hash_len); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_tls13_calculate_verify_data")); - -exit: - /* Erase handshake secrets */ - mbedtls_platform_zeroize(base_key, base_key_len); - mbedtls_platform_zeroize(transcript, sizeof(transcript)); - return ret; -} - -int mbedtls_ssl_tls13_create_psk_binder(mbedtls_ssl_context *ssl, - const psa_algorithm_t hash_alg, - unsigned char const *psk, size_t psk_len, - int psk_type, - unsigned char const *transcript, - unsigned char *result) -{ - int ret = 0; - unsigned char binder_key[PSA_MAC_MAX_SIZE]; - unsigned char early_secret[PSA_MAC_MAX_SIZE]; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - size_t actual_len; - -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for debug */ - ((void) ssl); -#endif - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * 0 - * | - * v - * PSK -> HKDF-Extract = Early Secret - * | - * +-----> Derive-Secret(., "ext binder" | "res binder", "") - * | = binder_key - * v - */ - - ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, - NULL, /* Old secret */ - psk, psk_len, /* Input */ - early_secret); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "mbedtls_ssl_tls13_create_psk_binder", - early_secret, hash_len); - - if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_binder), - NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - binder_key, hash_len); - MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'res binder'")); - } else { - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(ext_binder), - NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - binder_key, hash_len); - MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'ext binder'")); - } - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_secret", ret); - goto exit; - } - - /* - * The binding_value is computed in the same way as the Finished message - * but with the BaseKey being the binder_key. - */ - - ret = ssl_tls13_calc_finished_core(hash_alg, binder_key, transcript, - result, &actual_len); - if (ret != 0) { - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "psk binder", result, actual_len); - -exit: - - mbedtls_platform_zeroize(early_secret, sizeof(early_secret)); - mbedtls_platform_zeroize(binder_key, sizeof(binder_key)); - return ret; -} - -int mbedtls_ssl_tls13_populate_transform( - mbedtls_ssl_transform *transform, - int endpoint, int ciphersuite, - mbedtls_ssl_key_set const *traffic_keys, - mbedtls_ssl_context *ssl /* DEBUG ONLY */) -{ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - int ret; - mbedtls_cipher_info_t const *cipher_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - unsigned char const *key_enc; - unsigned char const *iv_enc; - unsigned char const *key_dec; - unsigned char const *iv_dec; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - size_t key_bits; - psa_status_t status = PSA_SUCCESS; -#endif - -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for those cases */ - (void) ssl; -#endif - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); - if (ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found", - ciphersuite)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); - if (cipher_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", - ciphersuite_info->cipher)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * Setup cipher contexts in target transform - */ - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - return ret; - } - - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - key_enc = traffic_keys->server_write_key; - key_dec = traffic_keys->client_write_key; - iv_enc = traffic_keys->server_write_iv; - iv_dec = traffic_keys->client_write_iv; - } else -#endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - key_enc = traffic_keys->client_write_key; - key_dec = traffic_keys->server_write_key; - iv_enc = traffic_keys->client_write_iv; - iv_dec = traffic_keys->server_write_iv; - } else -#endif /* MBEDTLS_SSL_CLI_C */ - { - /* should not happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len); - memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len); - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, - key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - return ret; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, - key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* - * Setup other fields in SSL transform - */ - - if ((ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG) != 0) { - transform->taglen = 8; - } else { - transform->taglen = 16; - } - - transform->ivlen = traffic_keys->iv_len; - transform->maclen = 0; - transform->fixed_ivlen = transform->ivlen; - transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - - /* We add the true record content type (1 Byte) to the plaintext and - * then pad to the configured granularity. The minimum length of the - * type-extended and padded plaintext is therefore the padding - * granularity. */ - transform->minlen = - transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* - * Setup psa keys and alg - */ - if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, - transform->taglen, - &alg, - &key_type, - &key_bits)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status)); - return PSA_TO_MBEDTLS_ERR(status); - } - - transform->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - if ((status = psa_import_key(&attributes, - key_enc, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_enc)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET( - 1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status)); - return PSA_TO_MBEDTLS_ERR(status); - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - if ((status = psa_import_key(&attributes, - key_dec, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_dec)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET( - 1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status)); - return PSA_TO_MBEDTLS_ERR(status); - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_get_cipher_key_info( - const mbedtls_ssl_ciphersuite_t *ciphersuite_info, - size_t *key_len, size_t *iv_len) -{ - psa_key_type_t key_type; - psa_algorithm_t alg; - size_t taglen; - size_t key_bits; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - if (ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG) { - taglen = 8; - } else { - taglen = 16; - } - - status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, taglen, - &alg, &key_type, &key_bits); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *key_len = PSA_BITS_TO_BYTES(key_bits); - - /* TLS 1.3 only have AEAD ciphers, IV length is unconditionally 12 bytes */ - *iv_len = 12; - - return 0; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * ssl_tls13_generate_early_key() generates the key necessary for protecting - * the early application data and handshake messages as described in section 7 - * of RFC 8446. - * - * NOTE: Only one key is generated, the key for the traffic from the client to - * the server. The TLS 1.3 specification does not define a secret and thus - * a key for server early traffic. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_type; - psa_algorithm_t hash_alg; - size_t hash_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - size_t key_len = 0; - size_t iv_len = 0; - mbedtls_ssl_tls13_early_secrets tls13_early_secrets; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key")); - - ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret); - goto cleanup; - } - - md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_len = PSA_HASH_LENGTH(hash_alg); - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, - sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_get_handshake_transcript", - ret); - goto cleanup; - } - - ret = mbedtls_ssl_tls13_derive_early_secrets( - hash_alg, handshake->tls13_master_secrets.early, - transcript, transcript_len, &tls13_early_secrets); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_derive_early_secrets", ret); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_BUF( - 4, "Client early traffic secret", - tls13_early_secrets.client_early_traffic_secret, hash_len); - - /* - * Export client handshake traffic secret - */ - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET, - tls13_early_secrets.client_early_traffic_secret, - hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */); - } - - ret = ssl_tls13_make_traffic_key( - hash_alg, - tls13_early_secrets.client_early_traffic_secret, - hash_len, traffic_keys->client_write_key, key_len, - traffic_keys->client_write_iv, iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_make_traffic_key", ret); - goto cleanup; - } - traffic_keys->key_len = key_len; - traffic_keys->iv_len = iv_len; - - MBEDTLS_SSL_DEBUG_BUF(4, "client early write_key", - traffic_keys->client_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "client early write_iv", - traffic_keys->client_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_early_key")); - -cleanup: - /* Erase early secrets and transcript */ - mbedtls_platform_zeroize( - &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets)); - mbedtls_platform_zeroize(transcript, sizeof(transcript)); - return ret; -} - -int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_earlydata = NULL; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Next evolution in key schedule: Establish early_data secret and - * key material. */ - ret = ssl_tls13_generate_early_key(ssl, &traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_generate_early_key", - ret); - goto cleanup; - } - - transform_earlydata = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - if (transform_earlydata == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( - transform_earlydata, - ssl->conf->endpoint, - handshake->ciphersuite_info->id, - &traffic_keys, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret); - goto cleanup; - } - handshake->transform_earlydata = transform_earlydata; - -cleanup: - mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys)); - if (ret != 0) { - mbedtls_free(transform_earlydata); - } - - return ret; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t hash_alg; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char *psk = NULL; - size_t psk_len = 0; - - if (handshake->ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher suite info not found")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_export_handshake_psk", - ret); - return ret; - } - } -#endif - - ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, NULL, psk, psk_len, - handshake->tls13_master_secrets.early); -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_free((void *) psk); -#endif - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "mbedtls_ssl_tls13_key_schedule_stage_early", - handshake->tls13_master_secrets.early, - PSA_HASH_LENGTH(hash_alg)); - return 0; -} - -/** - * \brief Compute TLS 1.3 handshake traffic keys. - * - * ssl_tls13_generate_handshake_keys() generates keys necessary for - * protecting the handshake messages, as described in Section 7 of - * RFC 8446. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Handshake, see - * ssl_tls13_key_schedule_stage_handshake(). - * \param traffic_keys The address at which to store the handshake traffic - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_type; - psa_algorithm_t hash_alg; - size_t hash_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - size_t key_len = 0; - size_t iv_len = 0; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - handshake->ciphersuite_info; - mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = - &handshake->tls13_hs_secrets; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_handshake_keys")); - - ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret); - return ret; - } - - md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_len = PSA_HASH_LENGTH(hash_alg); - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, - sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_get_handshake_transcript", - ret); - return ret; - } - - ret = mbedtls_ssl_tls13_derive_handshake_secrets( - hash_alg, handshake->tls13_master_secrets.handshake, - transcript, transcript_len, tls13_hs_secrets); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_handshake_secrets", - ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Client handshake traffic secret", - tls13_hs_secrets->client_handshake_traffic_secret, - hash_len); - MBEDTLS_SSL_DEBUG_BUF(4, "Server handshake traffic secret", - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len); - - /* - * Export client handshake traffic secret - */ - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - tls13_hs_secrets->client_handshake_traffic_secret, - hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */); - - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET, - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */); - } - - ret = mbedtls_ssl_tls13_make_traffic_keys( - hash_alg, - tls13_hs_secrets->client_handshake_traffic_secret, - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len, key_len, iv_len, traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret); - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "client_handshake write_key", - traffic_keys->client_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "server_handshake write_key", - traffic_keys->server_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "client_handshake write_iv", - traffic_keys->client_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "server_handshake write_iv", - traffic_keys->server_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_handshake_keys")); - -exit: - - return ret; -} - -/** - * \brief Transition into handshake stage of TLS 1.3 key schedule. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Early -> Handshake transition. - * - * In the handshake stage, ssl_tls13_generate_handshake_keys() - * can be used to derive the handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in key schedule - * stage \c Early. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - (mbedtls_md_type_t) handshake->ciphersuite_info->mac); - unsigned char *shared_secret = NULL; - size_t shared_secret_len = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - /* - * Compute ECDHE secret used to compute the handshake secret from which - * client_handshake_traffic_secret and server_handshake_traffic_secret - * are derived in the handshake secret derivation stage. - */ - if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { - if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) || - mbedtls_ssl_tls13_named_group_is_ffdh(handshake->offered_group_id)) { -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - psa_algorithm_t alg = - mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ? - PSA_ALG_ECDH : PSA_ALG_FFDH; - - /* Compute ECDH shared secret. */ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - - status = psa_get_key_attributes(handshake->xxdh_psa_privkey, - &key_attributes); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - - shared_secret_len = PSA_BITS_TO_BYTES( - psa_get_key_bits(&key_attributes)); - shared_secret = mbedtls_calloc(1, shared_secret_len); - if (shared_secret == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - status = psa_raw_key_agreement( - alg, handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len, - shared_secret, shared_secret_len, &shared_secret_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); - goto cleanup; - } - - status = psa_destroy_key(handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); - goto cleanup; - } - - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported.")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - - /* - * Compute the Handshake Secret - */ - ret = mbedtls_ssl_tls13_evolve_secret( - hash_alg, handshake->tls13_master_secrets.early, - shared_secret, shared_secret_len, - handshake->tls13_master_secrets.handshake); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Handshake secret", - handshake->tls13_master_secrets.handshake, - PSA_HASH_LENGTH(hash_alg)); - -cleanup: - if (shared_secret != NULL) { - mbedtls_zeroize_and_free(shared_secret, shared_secret_len); - } - - return ret; -} - -/** - * \brief Compute TLS 1.3 application traffic keys. - * - * ssl_tls13_generate_application_keys() generates application traffic - * keys, since any record following a 1-RTT Finished message MUST be - * encrypted under the application traffic key. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Application, see - * ssl_tls13_key_schedule_stage_application(). - * \param traffic_keys The address at which to store the application traffic - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_application_keys( - mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Address at which to store the application secrets */ - mbedtls_ssl_tls13_application_secrets * const app_secrets = - &ssl->session_negotiate->app_secrets; - - /* Holding the transcript up to and including the ServerFinished */ - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - - /* Variables relating to the hash for the chosen ciphersuite. */ - mbedtls_md_type_t md_type; - - psa_algorithm_t hash_alg; - size_t hash_len; - - /* Variables relating to the cipher for the chosen ciphersuite. */ - size_t key_len = 0, iv_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive application traffic keys")); - - /* Extract basic information about hash and ciphersuite */ - - ret = ssl_tls13_get_cipher_key_info(handshake->ciphersuite_info, - &key_len, &iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret); - goto cleanup; - } - - md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); - hash_len = PSA_HASH_LENGTH(hash_alg); - - /* Compute current handshake transcript. It's the caller's responsibility - * to call this at the right time, that is, after the ServerFinished. */ - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - goto cleanup; - } - - /* Compute application secrets from master secret and transcript hash. */ - - ret = mbedtls_ssl_tls13_derive_application_secrets( - hash_alg, handshake->tls13_master_secrets.app, - transcript, transcript_len, app_secrets); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_derive_application_secrets", ret); - goto cleanup; - } - - /* Derive first epoch of IV + Key for application traffic. */ - - ret = mbedtls_ssl_tls13_make_traffic_keys( - hash_alg, - app_secrets->client_application_traffic_secret_N, - app_secrets->server_application_traffic_secret_N, - hash_len, key_len, iv_len, traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Client application traffic secret", - app_secrets->client_application_traffic_secret_N, - hash_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "Server application traffic secret", - app_secrets->server_application_traffic_secret_N, - hash_len); - - /* - * Export client/server application traffic secret 0 - */ - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET, - app_secrets->client_application_traffic_secret_N, hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by - a new constant for TLS 1.3! */); - - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET, - app_secrets->server_application_traffic_secret_N, hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by - a new constant for TLS 1.3! */); - } - - MBEDTLS_SSL_DEBUG_BUF(4, "client application_write_key:", - traffic_keys->client_write_key, key_len); - MBEDTLS_SSL_DEBUG_BUF(4, "server application write key", - traffic_keys->server_write_key, key_len); - MBEDTLS_SSL_DEBUG_BUF(4, "client application write IV", - traffic_keys->client_write_iv, iv_len); - MBEDTLS_SSL_DEBUG_BUF(4, "server application write IV", - traffic_keys->server_write_iv, iv_len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive application traffic keys")); - -cleanup: - /* randbytes is not used again */ - mbedtls_platform_zeroize(ssl->handshake->randbytes, - sizeof(ssl->handshake->randbytes)); - - mbedtls_platform_zeroize(transcript, sizeof(transcript)); - return ret; -} - -int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_handshake = NULL; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Compute handshake secret */ - ret = ssl_tls13_key_schedule_stage_handshake(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_master_secret", ret); - goto cleanup; - } - - /* Next evolution in key schedule: Establish handshake secret and - * key material. */ - ret = ssl_tls13_generate_handshake_keys(ssl, &traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_generate_handshake_keys", - ret); - goto cleanup; - } - - transform_handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - if (transform_handshake == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( - transform_handshake, - ssl->conf->endpoint, - handshake->ciphersuite_info->id, - &traffic_keys, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret); - goto cleanup; - } - handshake->transform_handshake = transform_handshake; - -cleanup: - mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys)); - if (ret != 0) { - mbedtls_free(transform_handshake); - } - - return ret; -} - -int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_type; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret")); - - md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_derive_resumption_master_secret( - mbedtls_md_psa_alg_from_type(md_type), - handshake->tls13_master_secrets.app, - transcript, transcript_len, - &ssl->session_negotiate->app_secrets); - if (ret != 0) { - return ret; - } - - /* Erase master secrets */ - mbedtls_platform_zeroize(&handshake->tls13_master_secrets, - sizeof(handshake->tls13_master_secrets)); - - MBEDTLS_SSL_DEBUG_BUF( - 4, "Resumption master secret", - ssl->session_negotiate->app_secrets.resumption_master_secret, - PSA_HASH_LENGTH(mbedtls_md_psa_alg_from_type(md_type))); - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret")); - return 0; -} - -int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_application = NULL; - - ret = ssl_tls13_key_schedule_stage_application(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_key_schedule_stage_application", ret); - goto cleanup; - } - - ret = ssl_tls13_generate_application_keys(ssl, &traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_generate_application_keys", ret); - goto cleanup; - } - - transform_application = - mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - if (transform_application == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( - transform_application, - ssl->conf->endpoint, - ssl->handshake->ciphersuite_info->id, - &traffic_keys, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret); - goto cleanup; - } - - ssl->transform_application = transform_application; - -cleanup: - - mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys)); - if (ret != 0) { - mbedtls_free(transform_application); - } - return ret; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, - unsigned char **psk, - size_t *psk_len) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - *psk_len = 0; - *psk = NULL; - - if (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes)); - *psk = mbedtls_calloc(1, *psk_len); - if (*psk == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - status = psa_export_key(ssl->handshake->psk_opaque, - (uint8_t *) *psk, *psk_len, psk_len); - if (status != PSA_SUCCESS) { - mbedtls_free((void *) *psk); - *psk = NULL; - return PSA_TO_MBEDTLS_ERR(status); - } - return 0; -#else - *psk = ssl->handshake->psk; - *psk_len = ssl->handshake->psk_len; - if (*psk == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - return 0; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h deleted file mode 100644 index d3a4c6c99..000000000 --- a/library/ssl_tls13_keys.h +++ /dev/null @@ -1,651 +0,0 @@ -/* - * TLS 1.3 key schedule - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) -#define MBEDTLS_SSL_TLS1_3_KEYS_H - -/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at - * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union - * below. */ -#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished") \ - MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption") \ - MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd") \ - MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter") \ - MBEDTLS_SSL_TLS1_3_LABEL(key, "key") \ - MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv") \ - MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \ - MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master") \ - MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master") \ - MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder") \ - MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder") \ - MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived") \ - MBEDTLS_SSL_TLS1_3_LABEL(client_cv, "TLS 1.3, client CertificateVerify") \ - MBEDTLS_SSL_TLS1_3_LABEL(server_cv, "TLS 1.3, server CertificateVerify") - -#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 -#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1 - -#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0 -#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1 - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1]; - -union mbedtls_ssl_tls13_labels_union { - MBEDTLS_SSL_TLS1_3_LABEL_LIST -}; -struct mbedtls_ssl_tls13_labels_struct { - MBEDTLS_SSL_TLS1_3_LABEL_LIST -}; -#undef MBEDTLS_SSL_TLS1_3_LABEL - -extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; - -#define MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL) \ - sizeof(mbedtls_ssl_tls13_labels.LABEL) - -#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL) \ - mbedtls_ssl_tls13_labels.LABEL, \ - MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL) - -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ - sizeof(union mbedtls_ssl_tls13_labels_union) - -/* The maximum length of HKDF contexts used in the TLS 1.3 standard. - * Since contexts are always hashes of message transcripts, this can - * be approximated from above by the maximum hash size. */ -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ - PSA_HASH_MAX_SIZE - -/* Maximum desired length for expanded key material generated - * by HKDF-Expand-Label. - * - * Warning: If this ever needs to be increased, the implementation - * ssl_tls13_hkdf_encode_label() in ssl_tls13_keys.c needs to be - * adjusted since it currently assumes that HKDF key expansion - * is never used with more than 255 Bytes of output. */ -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 - -/** - * \brief The \c HKDF-Expand-Label function from - * the TLS 1.3 standard RFC 8446. - * - * - * HKDF-Expand-Label( Secret, Label, Context, Length ) = - * HKDF-Expand( Secret, HkdfLabel, Length ) - * - * - * \param hash_alg The identifier for the hash algorithm to use. - * \param secret The \c Secret argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length - * \p secret_len Bytes. - * \param secret_len The length of \p secret in Bytes. - * \param label The \c Label argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length - * \p label_len Bytes. - * \param label_len The length of \p label in Bytes. - * \param ctx The \c Context argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length \p ctx_len Bytes. - * \param ctx_len The length of \p context in Bytes. - * \param buf The destination buffer to hold the expanded secret. - * This must be a writable buffer of length \p buf_len Bytes. - * \param buf_len The desired size of the expanded secret in Bytes. - * - * \returns \c 0 on success. - * \return A negative error code on failure. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_hkdf_expand_label( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - unsigned char *buf, size_t buf_len); - -/** - * \brief This function is part of the TLS 1.3 key schedule. - * It extracts key and IV for the actual client/server traffic - * from the client/server traffic secrets. - * - * From RFC 8446: - * - * - * [sender]_write_key = HKDF-Expand-Label(Secret, "key", "", key_length) - * [sender]_write_iv = HKDF-Expand-Label(Secret, "iv", "", iv_length)* - * - * - * \param hash_alg The identifier for the hash algorithm to be used - * for the HKDF-based expansion of the secret. - * \param client_secret The client traffic secret. - * This must be a readable buffer of size - * \p secret_len Bytes - * \param server_secret The server traffic secret. - * This must be a readable buffer of size - * \p secret_len Bytes - * \param secret_len Length of the secrets \p client_secret and - * \p server_secret in Bytes. - * \param key_len The desired length of the key to be extracted in Bytes. - * \param iv_len The desired length of the IV to be extracted in Bytes. - * \param keys The address of the structure holding the generated - * keys and IVs. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_make_traffic_keys( - psa_algorithm_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, size_t secret_len, - size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys); - -/** - * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446. - * - * - * Derive-Secret( Secret, Label, Messages ) = - * HKDF-Expand-Label( Secret, Label, - * Hash( Messages ), - * Hash.Length ) ) - * - * - * \param hash_alg The identifier for the hash function used for the - * applications of HKDF. - * \param secret The \c Secret argument to the \c Derive-Secret function. - * This must be a readable buffer of length - * \p secret_len Bytes. - * \param secret_len The length of \p secret in Bytes. - * \param label The \c Label argument to the \c Derive-Secret function. - * This must be a readable buffer of length - * \p label_len Bytes. - * \param label_len The length of \p label in Bytes. - * \param ctx The hash of the \c Messages argument to the - * \c Derive-Secret function, or the \c Messages argument - * itself, depending on \p ctx_hashed. - * \param ctx_len The length of \p ctx in Bytes. - * \param ctx_hashed This indicates whether the \p ctx contains the hash of - * the \c Messages argument in the application of the - * \c Derive-Secret function - * (value MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED), or whether - * it is the content of \c Messages itself, in which case - * the function takes care of the hashing - * (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED). - * \param dstbuf The target buffer to write the output of - * \c Derive-Secret to. This must be a writable buffer of - * size \p dtsbuf_len Bytes. - * \param dstbuf_len The length of \p dstbuf in Bytes. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - int ctx_hashed, - unsigned char *dstbuf, size_t dstbuf_len); - -/** - * \brief Derive TLS 1.3 early data key material from early secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels. - * - * - * Early Secret - * | - * +-----> Derive-Secret(., "c e traffic", ClientHello) - * | = client_early_traffic_secret - * | - * +-----> Derive-Secret(., "e exp master", ClientHello) - * . = early_exporter_master_secret - * . - * . - * - * - * \note To obtain the actual key and IV for the early data traffic, - * the client secret derived by this function need to be - * further processed by mbedtls_ssl_tls13_make_traffic_keys(). - * - * \note The binder key, which is also generated from the early secret, - * is omitted here. Its calculation is part of the separate routine - * mbedtls_ssl_tls13_create_psk_binder(). - * - * \param hash_alg The hash algorithm associated with the PSK for which - * early data key material is being derived. - * \param early_secret The early secret from which the early data key material - * should be derived. This must be a readable buffer whose - * length is the digest size of the hash algorithm - * represented by \p md_size. - * \param transcript The transcript of the handshake so far, calculated with - * respect to \p hash_alg. This must be a readable buffer - * whose length is the digest size of the hash algorithm - * represented by \p md_size. - * \param derived The address of the structure in which to store - * the early data key material. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_early_secrets( - psa_algorithm_t hash_alg, - unsigned char const *early_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_early_secrets *derived); - -/** - * \brief Derive TLS 1.3 handshake key material from the handshake secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels from the standard. - * - * - * Handshake Secret - * | - * +-----> Derive-Secret( ., "c hs traffic", - * | ClientHello...ServerHello ) - * | = client_handshake_traffic_secret - * | - * +-----> Derive-Secret( ., "s hs traffic", - * . ClientHello...ServerHello ) - * . = server_handshake_traffic_secret - * . - * - * - * \note To obtain the actual key and IV for the encrypted handshake traffic, - * the client and server secret derived by this function need to be - * further processed by mbedtls_ssl_tls13_make_traffic_keys(). - * - * \param hash_alg The hash algorithm associated with the ciphersuite - * that's being used for the connection. - * \param handshake_secret The handshake secret from which the handshake key - * material should be derived. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param transcript The transcript of the handshake so far, calculated - * with respect to \p hash_alg. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param derived The address of the structure in which to - * store the handshake key material. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_handshake_secrets( - psa_algorithm_t hash_alg, - unsigned char const *handshake_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_handshake_secrets *derived); - -/** - * \brief Derive TLS 1.3 application key material from the master secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels from the standard. - * - * - * Master Secret - * | - * +-----> Derive-Secret( ., "c ap traffic", - * | ClientHello...server Finished ) - * | = client_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "s ap traffic", - * | ClientHello...Server Finished ) - * | = server_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "exp master", - * . ClientHello...server Finished) - * . = exporter_master_secret - * . - * - * - * \note To obtain the actual key and IV for the (0-th) application traffic, - * the client and server secret derived by this function need to be - * further processed by mbedtls_ssl_tls13_make_traffic_keys(). - * - * \param hash_alg The hash algorithm associated with the ciphersuite - * that's being used for the connection. - * \param master_secret The master secret from which the application key - * material should be derived. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param transcript The transcript of the handshake up to and including - * the ServerFinished message, calculated with respect - * to \p hash_alg. This must be a readable buffer whose - * length is the digest size of the hash algorithm - * represented by \p hash_alg. - * \param derived The address of the structure in which to - * store the application key material. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_application_secrets( - psa_algorithm_t hash_alg, - unsigned char const *master_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived); - -/** - * \brief Derive TLS 1.3 resumption master secret from the master secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels from the standard. - * - * \param hash_alg The hash algorithm used in the application for which - * key material is being derived. - * \param application_secret The application secret from which the resumption master - * secret should be derived. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param transcript The transcript of the handshake up to and including - * the ClientFinished message, calculated with respect - * to \p hash_alg. This must be a readable buffer whose - * length is the digest size of the hash algorithm - * represented by \p hash_alg. - * \param transcript_len The length of \p transcript in Bytes. - * \param derived The address of the structure in which to - * store the resumption master secret. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_resumption_master_secret( - psa_algorithm_t hash_alg, - unsigned char const *application_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived); - -/** - * \brief Compute the next secret in the TLS 1.3 key schedule - * - * The TLS 1.3 key schedule proceeds as follows to compute - * the three main secrets during the handshake: The early - * secret for early data, the handshake secret for all - * other encrypted handshake messages, and the master - * secret for all application traffic. - * - * - * 0 - * | - * v - * PSK -> HKDF-Extract = Early Secret - * | - * v - * Derive-Secret( ., "derived", "" ) - * | - * v - * (EC)DHE -> HKDF-Extract = Handshake Secret - * | - * v - * Derive-Secret( ., "derived", "" ) - * | - * v - * 0 -> HKDF-Extract = Master Secret - * - * - * Each of the three secrets in turn is the basis for further - * key derivations, such as the derivation of traffic keys and IVs; - * see e.g. mbedtls_ssl_tls13_make_traffic_keys(). - * - * This function implements one step in this evolution of secrets: - * - * - * old_secret - * | - * v - * Derive-Secret( ., "derived", "" ) - * | - * v - * input -> HKDF-Extract = new_secret - * - * - * \param hash_alg The identifier for the hash function used for the - * applications of HKDF. - * \param secret_old The address of the buffer holding the old secret - * on function entry. If not \c NULL, this must be a - * readable buffer whose size matches the output size - * of the hash function represented by \p hash_alg. - * If \c NULL, an all \c 0 array will be used instead. - * \param input The address of the buffer holding the additional - * input for the key derivation (e.g., the PSK or the - * ephemeral (EC)DH secret). If not \c NULL, this must be - * a readable buffer whose size \p input_len Bytes. - * If \c NULL, an all \c 0 array will be used instead. - * \param input_len The length of \p input in Bytes. - * \param secret_new The address of the buffer holding the new secret - * on function exit. This must be a writable buffer - * whose size matches the output size of the hash - * function represented by \p hash_alg. - * This may be the same as \p secret_old. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_evolve_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new); - -/** - * \brief Calculate a TLS 1.3 PSK binder. - * - * \param ssl The SSL context. This is used for debugging only and may - * be \c NULL if MBEDTLS_DEBUG_C is disabled. - * \param hash_alg The hash algorithm associated to the PSK \p psk. - * \param psk The buffer holding the PSK for which to create a binder. - * \param psk_len The size of \p psk in bytes. - * \param psk_type This indicates whether the PSK \p psk is externally - * provisioned (#MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL) or a - * resumption PSK (#MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION). - * \param transcript The handshake transcript up to the point where the - * PSK binder calculation happens. This must be readable, - * and its size must be equal to the digest size of - * the hash algorithm represented by \p hash_alg. - * \param result The address at which to store the PSK binder on success. - * This must be writable, and its size must be equal to the - * digest size of the hash algorithm represented by - * \p hash_alg. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_create_psk_binder(mbedtls_ssl_context *ssl, - const psa_algorithm_t hash_alg, - unsigned char const *psk, size_t psk_len, - int psk_type, - unsigned char const *transcript, - unsigned char *result); - -/** - * \bref Setup an SSL transform structure representing the - * record protection mechanism used by TLS 1.3 - * - * \param transform The SSL transform structure to be created. This must have - * been initialized through mbedtls_ssl_transform_init() and - * not used in any other way prior to calling this function. - * In particular, this function does not clean up the - * transform structure prior to installing the new keys. - * \param endpoint Indicates whether the transform is for the client - * (value #MBEDTLS_SSL_IS_CLIENT) or the server - * (value #MBEDTLS_SSL_IS_SERVER). - * \param ciphersuite The numerical identifier for the ciphersuite to use. - * This must be one of the identifiers listed in - * ssl_ciphersuites.h. - * \param traffic_keys The key material to use. No reference is stored in - * the SSL transform being generated, and the caller - * should destroy the key material afterwards. - * \param ssl (Debug-only) The SSL context to use for debug output - * in case of failure. This parameter is only needed if - * #MBEDTLS_DEBUG_C is set, and is ignored otherwise. - * - * \return \c 0 on success. In this case, \p transform is ready to - * be used with mbedtls_ssl_transform_decrypt() and - * mbedtls_ssl_transform_encrypt(). - * \return A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform, - int endpoint, - int ciphersuite, - mbedtls_ssl_key_set const *traffic_keys, - mbedtls_ssl_context *ssl); - -/* - * TLS 1.3 key schedule evolutions - * - * Early -> Handshake -> Application - * - * Small wrappers around mbedtls_ssl_tls13_evolve_secret(). - */ - -/** - * \brief Begin TLS 1.3 key schedule by calculating early secret. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Initial -> Early transition. - * - * \param ssl The SSL context to operate on. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl); - -/** - * \brief Compute TLS 1.3 resumption master secret. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Application, see - * mbedtls_ssl_tls13_key_schedule_stage_application(). - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl); - -/** - * \brief Calculate the verify_data value for the client or server TLS 1.3 - * Finished message. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Handshake, see - * mbedtls_ssl_tls13_key_schedule_stage_application(). - * \param dst The address at which to write the verify_data value. - * \param dst_len The size of \p dst in bytes. - * \param actual_len The address at which to store the amount of data - * actually written to \p dst upon success. - * \param which The message to calculate the `verify_data` for: - * - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message - * - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message - * - * \note Both client and server call this function twice, once to - * generate their own Finished message, and once to verify the - * peer's Finished message. - - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *actual_len, - int which); - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/** - * \brief Compute TLS 1.3 early transform - * - * \param ssl The SSL context to operate on. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - * - * \warning The function does not compute the early master secret. Call - * mbedtls_ssl_tls13_key_schedule_stage_early() before to - * call this function to generate the early master secret. - * \note For a client/server endpoint, the function computes only the - * encryption/decryption part of the transform as the decryption/ - * encryption part is not defined by the specification (no early - * traffic from the server to the client). - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/** - * \brief Compute TLS 1.3 handshake transform - * - * \param ssl The SSL context to operate on. The early secret must have been - * computed. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl); - -/** - * \brief Compute TLS 1.3 application transform - * - * \param ssl The SSL context to operate on. The early secret must have been - * computed. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/** - * \brief Export TLS 1.3 PSK from handshake context - * - * \param[in] ssl The SSL context to operate on. - * \param[out] psk PSK output pointer. - * \param[out] psk_len Length of PSK. - * - * \returns \c 0 if there is a configured PSK and it was exported - * successfully. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, - unsigned char **psk, - size_t *psk_len); -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c deleted file mode 100644 index ab27c94ef..000000000 --- a/library/ssl_tls13_server.c +++ /dev/null @@ -1,3601 +0,0 @@ -/* - * TLS 1.3 server-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" -#include "mbedtls/constant_time.h" -#include "mbedtls/oid.h" -#include "mbedtls/psa_util.h" - -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" - - -static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite( - mbedtls_ssl_context *ssl, - unsigned int cipher_suite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { - return NULL; - } - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); - if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, - ssl->tls_version, - ssl->tls_version) != 0)) { - return NULL; - } - return ciphersuite_info; -} - -static void ssl_tls13_select_ciphersuite( - mbedtls_ssl_context *ssl, - const unsigned char *cipher_suites, - const unsigned char *cipher_suites_end, - int psk_ciphersuite_id, - psa_algorithm_t psk_hash_alg, - const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info) -{ - *selected_ciphersuite_info = NULL; - - /* - * In a compliant ClientHello the byte-length of the list of ciphersuites - * is even and this function relies on this fact. This should have been - * checked in the main ClientHello parsing function. Double check here. - */ - if ((cipher_suites_end - cipher_suites) & 1) { - return; - } - - for (const unsigned char *p = cipher_suites; - p < cipher_suites_end; p += 2) { - /* - * "cipher_suites_end - p is even" is an invariant of the loop. As - * cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and it - * is thus safe to read two bytes. - */ - uint16_t id = MBEDTLS_GET_UINT16_BE(p, 0); - - const mbedtls_ssl_ciphersuite_t *info = - ssl_tls13_validate_peer_ciphersuite(ssl, id); - if (info == NULL) { - continue; - } - - /* - * If a valid PSK ciphersuite identifier has been passed in, we want - * an exact match. - */ - if (psk_ciphersuite_id != 0) { - if (id != psk_ciphersuite_id) { - continue; - } - } else if (psk_hash_alg != PSA_ALG_NONE) { - if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac) != - psk_hash_alg) { - continue; - } - } - - *selected_ciphersuite_info = info; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", - (unsigned) psk_ciphersuite_id, - (unsigned long) psk_hash_alg)); -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/* From RFC 8446: - * - * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; - * struct { - * PskKeyExchangeMode ke_modes<1..255>; - * } PskKeyExchangeModes; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t ke_modes_len; - int ke_modes = 0; - - /* Read ke_modes length (1 Byte) */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - ke_modes_len = *p++; - /* Currently, there are only two PSK modes, so even without looking - * at the content, something's wrong if the list has more than 2 items. */ - if (ke_modes_len > 2) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ke_modes_len); - - while (ke_modes_len-- != 0) { - switch (*p++) { - case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: - ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK KEX MODE")); - break; - case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: - ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK_EPHEMERAL KEX MODE")); - break; - default: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - } - - ssl->handshake->tls13_kex_modes = ke_modes; - return 0; -} - -/* - * Non-error return values of - * ssl_tls13_offered_psks_check_identity_match_ticket() and - * ssl_tls13_offered_psks_check_identity_match(). They are positive to - * not collide with error codes that are negative. Zero - * (SSL_TLS1_3_PSK_IDENTITY_MATCH) in case of success as it may be propagated - * up by the callers of this function as a generic success condition. - * - * The return value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE means - * that the pre-shared-key identity matches that of a ticket or an externally- - * provisioned pre-shared-key. We have thus been able to retrieve the - * attributes of the pre-shared-key but at least one of them does not meet - * some criteria and the pre-shared-key cannot be used. For example, a ticket - * is expired or its version is not TLS 1.3. Note eventually that the return - * value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE does not have - * anything to do with binder check. A binder check is done only when a - * suitable pre-shared-key has been selected and only for that selected - * pre-shared-key: if the binder check fails, we fail the handshake and we do - * not try to find another pre-shared-key for which the binder check would - * succeed as recommended by the specification. - */ -#define SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH 2 -#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1 -#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0 - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_offered_psks_check_identity_match_ticket( - mbedtls_ssl_context *ssl, - const unsigned char *identity, - size_t identity_len, - uint32_t obfuscated_ticket_age, - mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *ticket_buffer; -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t now; - mbedtls_ms_time_t server_age; - uint32_t client_age; - mbedtls_ms_time_t age_diff; -#endif - - ((void) obfuscated_ticket_age); - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> check_identity_match_ticket")); - - /* Ticket parser is not configured, Skip */ - if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { - return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - } - - /* We create a copy of the encrypted ticket since the ticket parsing - * function is allowed to use its input buffer as an output buffer - * (in-place decryption). We do, however, need the original buffer for - * computing the PSK binder value. - */ - ticket_buffer = mbedtls_calloc(1, identity_len); - if (ticket_buffer == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(ticket_buffer, identity, identity_len); - - ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, - session, - ticket_buffer, identity_len); - switch (ret) { - case 0: - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH; - break; - - case MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - break; - - case MBEDTLS_ERR_SSL_INVALID_MAC: - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); - ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - break; - - default: - MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret); - ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - } - - /* We delete the temporary buffer */ - mbedtls_free(ticket_buffer); - - if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { - goto exit; - } - - /* - * The identity matches that of a ticket. Now check that it has suitable - * attributes and bet it will not be the case. - */ - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - - if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); - goto exit; - } - -#if defined(MBEDTLS_HAVE_TIME) - now = mbedtls_ms_time(); - - if (now < session->ticket_creation_time) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Invalid ticket creation time ( now = %" MBEDTLS_PRINTF_MS_TIME - ", creation_time = %" MBEDTLS_PRINTF_MS_TIME " )", - now, session->ticket_creation_time)); - goto exit; - } - - server_age = now - session->ticket_creation_time; - - /* RFC 8446 section 4.6.1 - * - * Servers MUST NOT use any value greater than 604800 seconds (7 days). - * - * RFC 8446 section 4.2.11.1 - * - * Clients MUST NOT attempt to use tickets which have ages greater than - * the "ticket_lifetime" value which was provided with the ticket. - * - */ - if (server_age > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME * 1000) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age exceeds limitation ticket_age = %" MBEDTLS_PRINTF_MS_TIME, - server_age)); - goto exit; - } - - /* RFC 8446 section 4.2.10 - * - * For PSKs provisioned via NewSessionTicket, a server MUST validate that - * the ticket age for the selected PSK identity (computed by subtracting - * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is - * within a small tolerance of the time since the ticket was issued. - * - * NOTE: The typical accuracy of an RTC crystal is ±100 to ±20 parts per - * million (360 to 72 milliseconds per hour). Default tolerance - * window is 6s, thus in the worst case clients and servers must - * sync up their system time every 6000/360/2~=8 hours. - */ - client_age = obfuscated_ticket_age - session->ticket_age_add; - age_diff = server_age - (mbedtls_ms_time_t) client_age; - if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE || - age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age outside tolerance window ( diff = %" - MBEDTLS_PRINTF_MS_TIME ")", - age_diff)); - goto exit; - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * All good, we have found a suitable ticket. - */ - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH; - -exit: - if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { - mbedtls_ssl_session_free(session); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= check_identity_match_ticket")); - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_offered_psks_check_identity_match( - mbedtls_ssl_context *ssl, - const unsigned char *identity, - size_t identity_len, - uint32_t obfuscated_ticket_age, - int *psk_type, - mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ((void) session); - ((void) obfuscated_ticket_age); - *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; - - MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - ret = ssl_tls13_offered_psks_check_identity_match_ticket( - ssl, identity, identity_len, obfuscated_ticket_age, session); - if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH) { - *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; - ret = mbedtls_ssl_set_hs_psk(ssl, - session->resumption_key, - session->resumption_key_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Ticket-resumed PSK:", - session->resumption_key, - session->resumption_key_len); - MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u", - (unsigned) obfuscated_ticket_age)); - return SSL_TLS1_3_PSK_IDENTITY_MATCH; - } else if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE) { - return SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - /* Check identity with external configured function */ - if (ssl->conf->f_psk != NULL) { - if (ssl->conf->f_psk( - ssl->conf->p_psk, ssl, identity, identity_len) == 0) { - return SSL_TLS1_3_PSK_IDENTITY_MATCH; - } - return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - } - - MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len); - /* Check identity with pre-configured psk */ - if (ssl->conf->psk_identity != NULL && - identity_len == ssl->conf->psk_identity_len && - mbedtls_ct_memcmp(ssl->conf->psk_identity, - identity, identity_len) == 0) { - ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - return SSL_TLS1_3_PSK_IDENTITY_MATCH; - } - - return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; -} - -/* - * Non-error return values of ssl_tls13_offered_psks_check_binder_match(). - * They are positive to not collide with error codes that are negative. Zero - * (SSL_TLS1_3_BINDER_MATCH) in case of success as it may be propagated up - * by the callers of this function as a generic success condition. - */ -#define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1 -#define SSL_TLS1_3_BINDER_MATCH 0 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_offered_psks_check_binder_match( - mbedtls_ssl_context *ssl, - const unsigned char *binder, size_t binder_len, - int psk_type, psa_algorithm_t psk_hash_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - unsigned char transcript[PSA_HASH_MAX_SIZE]; - size_t transcript_len; - unsigned char *psk; - size_t psk_len; - unsigned char server_computed_binder[PSA_HASH_MAX_SIZE]; - - if (binder_len != PSA_HASH_LENGTH(psk_hash_alg)) { - return SSL_TLS1_3_BINDER_DOES_NOT_MATCH; - } - - /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), - transcript, sizeof(transcript), &transcript_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, - psk, psk_len, psk_type, - transcript, - server_computed_binder); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_free((void *) psk); -#endif - if (ret != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed.")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( computed ): ", - server_computed_binder, transcript_len); - MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len); - - if (mbedtls_ct_memcmp(server_computed_binder, - binder, - PSA_HASH_LENGTH(psk_hash_alg)) == 0) { - return SSL_TLS1_3_BINDER_MATCH; - } - - mbedtls_platform_zeroize(server_computed_binder, - sizeof(server_computed_binder)); - return SSL_TLS1_3_BINDER_DOES_NOT_MATCH; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src) -{ - dst->ticket_age_add = src->ticket_age_add; - dst->ticket_flags = src->ticket_flags; - dst->resumption_key_len = src->resumption_key_len; - if (src->resumption_key_len == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - dst->max_early_data_size = src->max_early_data_size; - -#if defined(MBEDTLS_SSL_ALPN) - int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_SSL_ALPN */ -#endif /* MBEDTLS_SSL_EARLY_DATA*/ - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -struct psk_attributes { - int type; - int key_exchange_mode; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; -}; -#define PSK_ATTRIBUTES_INIT { 0, 0, NULL } - -/* Parser for pre_shared_key extension in client hello - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * PskIdentity identities<7..2^16-1>; - * PskBinderEntry binders<33..2^16-1>; - * } OfferedPsks; - * - * struct { - * select (Handshake.msg_type) { - * case client_hello: OfferedPsks; - * .... - * }; - * } PreSharedKeyExtension; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - const unsigned char *pre_shared_key_ext, - const unsigned char *pre_shared_key_ext_end, - const unsigned char *ciphersuites, - const unsigned char *ciphersuites_end, - struct psk_attributes *psk) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *identities = pre_shared_key_ext; - const unsigned char *p_identity_len; - size_t identities_len; - const unsigned char *identities_end; - const unsigned char *binders; - const unsigned char *p_binder_len; - size_t binders_len; - const unsigned char *binders_end; - int matched_identity = -1; - int identity_id = -1; - - MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key extension", - pre_shared_key_ext, - pre_shared_key_ext_end - pre_shared_key_ext); - - /* identities_len 2 bytes - * identities_data >= 7 bytes - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(identities, pre_shared_key_ext_end, 7 + 2); - identities_len = MBEDTLS_GET_UINT16_BE(identities, 0); - p_identity_len = identities + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, pre_shared_key_ext_end, - identities_len); - identities_end = p_identity_len + identities_len; - - /* binders_len 2 bytes - * binders >= 33 bytes - */ - binders = identities_end; - MBEDTLS_SSL_CHK_BUF_READ_PTR(binders, pre_shared_key_ext_end, 33 + 2); - binders_len = MBEDTLS_GET_UINT16_BE(binders, 0); - p_binder_len = binders + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len); - binders_end = p_binder_len + binders_len; - - ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, - identities_end - pre_shared_key_ext); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - - while (p_identity_len < identities_end && p_binder_len < binders_end) { - const unsigned char *identity; - size_t identity_len; - uint32_t obfuscated_ticket_age; - const unsigned char *binder; - size_t binder_len; - int psk_ciphersuite_id; - psa_algorithm_t psk_hash_alg; - int allowed_key_exchange_modes; - - mbedtls_ssl_session session; - mbedtls_ssl_session_init(&session); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); - identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0); - identity = p_identity_len + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(identity, identities_end, identity_len + 4); - obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE(identity, identity_len); - p_identity_len += identity_len + 6; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, binders_end, 1 + 32); - binder_len = *p_binder_len; - binder = p_binder_len + 1; - MBEDTLS_SSL_CHK_BUF_READ_PTR(binder, binders_end, binder_len); - p_binder_len += binder_len + 1; - - identity_id++; - if (matched_identity != -1) { - continue; - } - - ret = ssl_tls13_offered_psks_check_identity_match( - ssl, identity, identity_len, obfuscated_ticket_age, - &psk->type, &session); - if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity")); - - switch (psk->type) { - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - psk_ciphersuite_id = 0; - psk_hash_alg = PSA_ALG_SHA_256; - allowed_key_exchange_modes = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - break; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - psk_ciphersuite_id = session.ciphersuite; - psk_hash_alg = PSA_ALG_NONE; - ssl->session_negotiate->ticket_flags = session.ticket_flags; - allowed_key_exchange_modes = - session.ticket_flags & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - break; -#endif - default: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - - if ((allowed_key_exchange_modes & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && - ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { - psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } else if ((allowed_key_exchange_modes & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && - ssl_tls13_key_exchange_is_psk_available(ssl)) { - psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } - - if (psk->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable PSK key exchange mode")); - continue; - } - - ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, - psk_ciphersuite_id, psk_hash_alg, - &psk->ciphersuite_info); - - if (psk->ciphersuite_info == NULL) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_session_free(&session); -#endif - /* - * We consider finding a ciphersuite suitable for the PSK as part - * of the validation of its binder. Thus if we do not find one, we - * abort the handshake with a decrypt_error alert. - */ - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ret = ssl_tls13_offered_psks_check_binder_match( - ssl, binder, binder_len, psk->type, - mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) psk->ciphersuite_info->mac)); - if (ret != SSL_TLS1_3_BINDER_MATCH) { - /* For security reasons, the handshake should be aborted when we - * fail to validate a binder value. See RFC 8446 section 4.2.11.2 - * and appendix E.6. */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_session_free(&session); -#endif - MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder.")); - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_offered_psks_check_binder_match", ret); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return ret; - } - - matched_identity = identity_id; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (psk->type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { - ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, - &session); - mbedtls_ssl_session_free(&session); - if (ret != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } - - if (p_identity_len != identities_end || p_binder_len != binders_end) { - MBEDTLS_SSL_DEBUG_MSG(3, ("pre_shared_key extension decode error")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Update the handshake transcript with the binder list. */ - ret = ssl->handshake->update_checksum( - ssl, identities_end, (size_t) (binders_end - identities_end)); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - if (matched_identity == -1) { - MBEDTLS_SSL_DEBUG_MSG(3, ("No usable PSK or ticket.")); - return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - - ssl->handshake->selected_identity = (uint16_t) matched_identity; - MBEDTLS_SSL_DEBUG_MSG(3, ("Pre shared key found")); - - return 0; -} - -/* - * struct { - * select ( Handshake.msg_type ) { - * .... - * case server_hello: - * uint16 selected_identity; - * } - * } PreSharedKeyExtension; - */ -static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen) -{ - unsigned char *p = (unsigned char *) buf; - - *olen = 0; - - int not_using_psk = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); -#else - not_using_psk = (ssl->handshake->psk == NULL); -#endif - if (not_using_psk) { - /* We shouldn't have called this extension writer unless we've - * chosen to use a PSK. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding pre_shared_key extension")); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0); - MBEDTLS_PUT_UINT16_BE(2, p, 2); - - MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); - - *olen = 6; - - MBEDTLS_SSL_DEBUG_MSG(4, ("sent selected_identity: %u", - ssl->handshake->selected_identity)); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); - - return 0; -} - -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -/* From RFC 8446: - * struct { - * ProtocolVersion versions<2..254>; - * } SupportedVersions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t versions_len; - const unsigned char *versions_end; - uint16_t tls_version; - int found_supported_version = 0; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - versions_len = p[0]; - p += 1; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, versions_len); - versions_end = p + versions_len; - while (p < versions_end) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, versions_end, 2); - tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); - p += 2; - - if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) { - found_supported_version = 1; - break; - } - - if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) && - mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { - found_supported_version = 1; - break; - } - } - - if (!found_supported_version) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No supported version found.")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("Negotiated version: [%04x]", - (unsigned int) tls_version)); - - return (int) tls_version; -} - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) -/* - * - * From RFC 8446: - * enum { - * ... (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t named_group_list_len; - const unsigned char *named_group_list_end; - - MBEDTLS_SSL_DEBUG_BUF(3, "supported_groups extension", p, end - buf); - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - named_group_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, named_group_list_len); - named_group_list_end = p + named_group_list_len; - ssl->handshake->hrr_selected_group = 0; - - while (p < named_group_list_end) { - uint16_t named_group; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, named_group_list_end, 2); - named_group = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_DEBUG_MSG(2, - ("got named group: %s(%04x)", - mbedtls_ssl_named_group_to_str(named_group), - named_group)); - - if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || - !mbedtls_ssl_named_group_is_supported(named_group) || - ssl->handshake->hrr_selected_group != 0) { - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(2, - ("add named group %s(%04x) into received list.", - mbedtls_ssl_named_group_to_str(named_group), - named_group)); - - ssl->handshake->hrr_selected_group = named_group; - } - - return 0; - -} -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - -#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* - * ssl_tls13_parse_key_shares_ext() verifies whether the information in the - * extension is correct and stores the first acceptable key share and its - * associated group. - * - * Possible return values are: - * - 0: Successful processing of the client provided key share extension. - * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by - * the client does not match a group supported by the server. A - * HelloRetryRequest will be needed. - * - A negative value for fatal errors. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char const *p = buf; - unsigned char const *client_shares_end; - size_t client_shares_len; - - /* From RFC 8446: - * - * struct { - * KeyShareEntry client_shares<0..2^16-1>; - * } KeyShareClientHello; - * - */ - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - client_shares_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, client_shares_len); - - ssl->handshake->offered_group_id = 0; - client_shares_end = p + client_shares_len; - - /* We try to find a suitable key share entry and copy it to the - * handshake context. Later, we have to find out whether we can do - * something with the provided key share or whether we have to - * dismiss it and send a HelloRetryRequest message. - */ - - while (p < client_shares_end) { - uint16_t group; - size_t key_exchange_len; - const unsigned char *key_exchange; - - /* - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, 4); - group = MBEDTLS_GET_UINT16_BE(p, 0); - key_exchange_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - key_exchange = p; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, key_exchange_len); - p += key_exchange_len; - - /* Continue parsing even if we have already found a match, - * for input validation purposes. - */ - if (!mbedtls_ssl_named_group_is_offered(ssl, group) || - !mbedtls_ssl_named_group_is_supported(group) || - ssl->handshake->offered_group_id != 0) { - continue; - } - - /* - * ECDHE and FFDHE groups are supported - */ - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || - mbedtls_ssl_tls13_named_group_is_ffdh(group)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH/FFDH group: %s (%04x)", - mbedtls_ssl_named_group_to_str(group), - group)); - ret = mbedtls_ssl_tls13_read_public_xxdhe_share( - ssl, key_exchange - 2, key_exchange_len + 2); - if (ret != 0) { - return ret; - } - - } else { - MBEDTLS_SSL_DEBUG_MSG(4, ("Unrecognized NamedGroup %u", - (unsigned) group)); - continue; - } - - ssl->handshake->offered_group_id = group; - } - - - if (ssl->handshake->offered_group_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no matching key share")); - return SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH; - } - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, - int exts_mask) -{ - int masked = ssl->handshake->received_extensions & exts_mask; - return masked == exts_mask; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( - mbedtls_ssl_context *ssl) -{ - return ssl_tls13_client_hello_has_exts( - ssl, - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | - MBEDTLS_SSL_EXT_MASK(SIG_ALG)); -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( - mbedtls_ssl_context *ssl) -{ - return ssl_tls13_client_hello_has_exts( - ssl, - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)); -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( - mbedtls_ssl_context *ssl) -{ - return ssl_tls13_client_hello_has_exts( - ssl, - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)); -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) - return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && - mbedtls_ssl_tls13_is_psk_supported(ssl) && - ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && - mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && - ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && - ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) -{ - switch (sig_alg) { - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - return PSA_ALG_ECDSA(PSA_ALG_SHA_256); - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - return PSA_ALG_ECDSA(PSA_ALG_SHA_384); - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - return PSA_ALG_ECDSA(PSA_ALG_SHA_512); - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - return PSA_ALG_RSA_PSS(PSA_ALG_SHA_384); - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256); - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384); - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512); - default: - return PSA_ALG_NONE; - } -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* - * Pick best ( private key, certificate chain ) pair based on the signature - * algorithms supported by the client. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_key_cert *key_cert, *key_cert_list; - const uint16_t *sig_alg = ssl->handshake->received_sig_algs; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_key_cert != NULL) { - key_cert_list = ssl->handshake->sni_key_cert; - } else -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - key_cert_list = ssl->conf->key_cert; - - if (key_cert_list == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate")); - return -1; - } - - for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { - if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { - continue; - } - - if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) { - continue; - } - - for (key_cert = key_cert_list; key_cert != NULL; - key_cert = key_cert->next) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = PSA_ALG_NONE; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate", - key_cert->cert); - - /* - * This avoids sending the client a cert it'll reject based on - * keyUsage or other extensions. - */ - if (mbedtls_x509_crt_check_key_usage( - key_cert->cert, MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0 || - mbedtls_x509_crt_check_extended_key_usage( - key_cert->cert, MBEDTLS_OID_SERVER_AUTH, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " - "(extended) key usage extension")); - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("ssl_tls13_pick_key_cert:" - "check signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str(*sig_alg), - *sig_alg)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - *sig_alg, &key_cert->cert->pk) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - && psa_alg != PSA_ALG_NONE && - mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, - PSA_KEY_USAGE_SIGN_HASH) == 1 -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ) { - ssl->handshake->key_cert = key_cert; - MBEDTLS_SSL_DEBUG_MSG(3, - ("ssl_tls13_pick_key_cert:" - "selected signature algorithm" - " %s [%04x]", - mbedtls_ssl_sig_alg_to_str(*sig_alg), - *sig_alg)); - MBEDTLS_SSL_DEBUG_CRT( - 3, "selected certificate (chain)", - ssl->handshake->key_cert->cert); - return 0; - } - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("ssl_tls13_pick_key_cert:" - "no suitable certificate found")); - return -1; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C && - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * - * STATE HANDLING: ClientHello - * - * There are three possible classes of outcomes when parsing the ClientHello: - * - * 1) The ClientHello was well-formed and matched the server's configuration. - * - * In this case, the server progresses to sending its ServerHello. - * - * 2) The ClientHello was well-formed but didn't match the server's - * configuration. - * - * For example, the client might not have offered a key share which - * the server supports, or the server might require a cookie. - * - * In this case, the server sends a HelloRetryRequest. - * - * 3) The ClientHello was ill-formed - * - * In this case, we abort the handshake. - * - */ - -/* - * Structure of this message: - * - * uint16 ProtocolVersion; - * opaque Random[32]; - * uint8 CipherSuite[2]; // Cryptographic suite selector - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id<0..32>; - * CipherSuite cipher_suites<2..2^16-2>; - * opaque legacy_compression_methods<1..2^8-1>; - * Extension extensions<8..2^16-1>; - * } ClientHello; - */ - -#define SSL_CLIENT_HELLO_OK 0 -#define SSL_CLIENT_HELLO_HRR_REQUIRED 1 -#define SSL_CLIENT_HELLO_TLS1_2 2 - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - const unsigned char *random; - size_t legacy_session_id_len; - const unsigned char *legacy_session_id; - size_t cipher_suites_len; - const unsigned char *cipher_suites; - const unsigned char *cipher_suites_end; - size_t extensions_len; - const unsigned char *extensions_end; - const unsigned char *supported_versions_data; - const unsigned char *supported_versions_data_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - int hrr_required = 0; - int no_usable_share_for_key_agreement = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - int got_psk = 0; - struct psk_attributes psk = PSK_ATTRIBUTES_INIT; - const unsigned char *pre_shared_key_ext = NULL; - const unsigned char *pre_shared_key_ext_end = NULL; -#endif - - /* - * ClientHello layout: - * 0 . 1 protocol version - * 2 . 33 random bytes - * 34 . 34 session id length ( 1 byte ) - * 35 . 34+x session id - * .. . .. ciphersuite list length ( 2 bytes ) - * .. . .. ciphersuite list - * .. . .. compression alg. list length ( 1 byte ) - * .. . .. compression alg. list - * .. . .. extensions length ( 2 bytes, optional ) - * .. . .. extensions ( optional ) - */ - - /* - * Minimal length ( with everything empty and extensions omitted ) is - * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can - * read at least up to session id length without worrying. - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 38); - - /* ... - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * ... - * with ProtocolVersion defined as: - * uint16 ProtocolVersion; - */ - if (mbedtls_ssl_read_version(p, ssl->conf->transport) != - MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - p += 2; - - /* ... - * Random random; - * ... - * with Random defined as: - * opaque Random[32]; - */ - random = p; - p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - - /* ... - * opaque legacy_session_id<0..32>; - * ... - */ - legacy_session_id_len = *(p++); - legacy_session_id = p; - - /* - * Check we have enough data for the legacy session identifier - * and the ciphersuite list length. - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_len + 2); - p += legacy_session_id_len; - - /* ... - * CipherSuite cipher_suites<2..2^16-2>; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; - */ - cipher_suites_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - cipher_suites = p; - - /* - * The length of the ciphersuite list has to be even. - */ - if (cipher_suites_len & 1) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Check we have enough data for the ciphersuite list, the legacy - * compression methods and the length of the extensions. - * - * cipher_suites cipher_suites_len bytes - * legacy_compression_methods length 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 1); - p += cipher_suites_len; - cipher_suites_end = p; - - /* Check if we have enough data for legacy_compression_methods - * and the length of the extensions (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p + 1, end, p[0] + 2); - - /* - * Search for the supported versions extension and parse it to determine - * if the client supports TLS 1.3. - */ - ret = mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - ssl, p + 1 + p[0], end, - &supported_versions_data, &supported_versions_data_end); - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, - ("mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts"), ret); - return ret; - } - - if (ret == 0) { - return SSL_CLIENT_HELLO_TLS1_2; - } - - if (ret == 1) { - ret = ssl_tls13_parse_supported_versions_ext(ssl, - supported_versions_data, - supported_versions_data_end); - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, - ("ssl_tls13_parse_supported_versions_ext"), ret); - return ret; - } - - /* - * The supported versions extension was parsed successfully as the - * value returned by ssl_tls13_parse_supported_versions_ext() is - * positive. The return value is then equal to - * MBEDTLS_SSL_VERSION_TLS1_2 or MBEDTLS_SSL_VERSION_TLS1_3, defining - * the TLS version to negotiate. - */ - if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) { - return SSL_CLIENT_HELLO_TLS1_2; - } - } - - /* - * We negotiate TLS 1.3. - */ - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - /* - * We are negotiating the version 1.3 of the protocol. Do what we have - * postponed: copy of the client random bytes, copy of the legacy session - * identifier and selection of the TLS 1.3 cipher suite. - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", - random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - memcpy(&handshake->randbytes[0], random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - - if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - ssl->session_negotiate->id_len = legacy_session_id_len; - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", - legacy_session_id, legacy_session_id_len); - memcpy(&ssl->session_negotiate->id[0], - legacy_session_id, legacy_session_id_len); - - /* - * Search for a matching ciphersuite - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, list of cipher suites", - cipher_suites, cipher_suites_len); - - ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, - 0, PSA_ALG_NONE, &handshake->ciphersuite_info); - - if (handshake->ciphersuite_info == NULL) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; - - MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s", - ((unsigned) handshake->ciphersuite_info->id), - handshake->ciphersuite_info->name)); - - /* ... - * opaque legacy_compression_methods<1..2^8-1>; - * ... - */ - if (p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - p += 2; - - /* ... - * Extension extensions<8..2^16-1>; - * ... - * with Extension defined as: - * struct { - * ExtensionType extension_type; - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", p, extensions_len); - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - const unsigned char *extension_data_end; - uint32_t allowed_exts = MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH; - - if (ssl->handshake->hello_retry_request_flag) { - /* Do not accept early data extension in 2nd ClientHello */ - allowed_exts &= ~MBEDTLS_SSL_EXT_MASK(EARLY_DATA); - } - - /* RFC 8446, section 4.2.11 - * - * The "pre_shared_key" extension MUST be the last extension in the - * ClientHello (this facilitates implementation as described below). - * Servers MUST check that it is the last extension and otherwise fail - * the handshake with an "illegal_parameter" alert. - */ - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("pre_shared_key is not last extension.")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - extension_data_end = p + extension_data_len; - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, - allowed_exts); - if (ret != 0) { - return ret; - } - - switch (extension_type) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension")); - ret = mbedtls_ssl_parse_server_name_ext(ssl, p, - extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_parse_servername_ext", ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension")); - - /* Supported Groups Extension - * - * When sent by the client, the "supported_groups" extension - * indicates the named groups which the client supports, - * ordered from most preferred to least preferred. - */ - ret = ssl_tls13_parse_supported_groups_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_supported_groups_ext", ret); - return ret; - } - - break; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - case MBEDTLS_TLS_EXT_KEY_SHARE: - MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); - - /* - * Key Share Extension - * - * When sent by the client, the "key_share" extension - * contains the endpoint's cryptographic parameters for - * ECDHE/DHE key establishment methods. - */ - ret = ssl_tls13_parse_key_shares_ext( - ssl, p, extension_data_end); - if (ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH) { - MBEDTLS_SSL_DEBUG_MSG(2, ("No usable share for key agreement.")); - no_usable_share_for_key_agreement = 1; - } - - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_key_shares_ext", ret); - return ret; - } - - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - /* Already parsed */ - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - MBEDTLS_SSL_DEBUG_MSG( - 3, ("found psk key exchange modes extension")); - - ret = ssl_tls13_parse_key_exchange_modes_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_key_exchange_modes_ext", ret); - return ret; - } - - break; -#endif - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension")); - if ((handshake->received_extensions & - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)) == 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* Delay processing of the PSK identity once we have - * found out which algorithms to use. We keep a pointer - * to the buffer and the size for later processing. - */ - pre_shared_key_ext = p; - pre_shared_key_ext_end = extension_data_end; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - break; - -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_parse_alpn_ext"), ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension")); - - ret = mbedtls_ssl_parse_sig_alg_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_parse_sig_alg_ext", ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: - MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension")); - - ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO, - handshake->received_extensions); - - ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, - p - buf); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret); - return ret; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* Update checksum with either - * - The entire content of the CH message, if no PSK extension is present - * - The content up to but excluding the PSK extension, if present. - * Always parse the pre-shared-key extension when present in the - * ClientHello even if some pre-requisites for PSK key exchange modes are - * not met. That way we always validate the syntax of the extension. - */ - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) { - ret = handshake->update_checksum(ssl, buf, - pre_shared_key_ext - buf); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - ret = ssl_tls13_parse_pre_shared_key_ext(ssl, - pre_shared_key_ext, - pre_shared_key_ext_end, - cipher_suites, - cipher_suites_end, - &psk); - if (ret == 0) { - got_psk = 1; - } else if (ret != MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_pre_shared_key_ext", ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - { - ret = handshake->update_checksum(ssl, buf, p - buf); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - } - - /* - * Determine the key exchange algorithm to use. - * There are three types of key exchanges supported in TLS 1.3: - * - (EC)DH with ECDSA, - * - (EC)DH with PSK, - * - plain PSK. - * - * The PSK-based key exchanges may additionally be used with 0-RTT. - * - * Our built-in order of preference is - * 1 ) (EC)DHE-PSK Mode ( psk_ephemeral ) - * 2 ) Certificate Mode ( ephemeral ) - * 3 ) Plain PSK Mode ( psk ) - */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (got_psk && (psk.key_exchange_mode == - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) { - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral")); - - } else -#endif - if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral")); - - } -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - else if (got_psk && (psk.key_exchange_mode == - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) { - handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk")); - } -#endif - else { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("ClientHello message misses mandatory extensions.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (handshake->key_exchange_mode & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL) { - handshake->ciphersuite_info = psk.ciphersuite_info; - ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; - - MBEDTLS_SSL_DEBUG_MSG(2, ("Select PSK ciphersuite: %04x - %s", - ((unsigned) psk.ciphersuite_info->id), - psk.ciphersuite_info->name)); - - if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { - handshake->resume = 1; - } - } -#endif - - if (handshake->key_exchange_mode != - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) { - hrr_required = (no_usable_share_for_key_agreement != 0); - } - - mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); - - return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("EarlyData: rejected, feature disabled in server configuration.")); - return -1; - } - - if (!handshake->resume) { - /* We currently support early data only in the case of PSKs established - via a NewSessionTicket message thus in the case of a session - resumption. */ - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, not a session resumption.")); - return -1; - } - - /* RFC 8446 4.2.10 - * - * In order to accept early data, the server MUST have accepted a PSK cipher - * suite and selected the first key offered in the client's "pre_shared_key" - * extension. In addition, it MUST verify that the following values are the - * same as those associated with the selected PSK: - * - The TLS version number - * - The selected cipher suite - * - The selected ALPN [RFC7301] protocol, if any - * - * NOTE: - * - The TLS version number is checked in - * ssl_tls13_offered_psks_check_identity_match_ticket(). - */ - - if (handshake->selected_identity != 0) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, the selected key in " - "`pre_shared_key` is not the first one.")); - return -1; - } - - if (handshake->ciphersuite_info->id != - ssl->session_negotiate->ciphersuite) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, the selected ciphersuite is not the one " - "of the selected pre-shared key.")); - return -1; - - } - - if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("EarlyData: rejected, early_data not allowed in ticket " - "permission bits.")); - return -1; - } - -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl); - size_t alpn_len; - - if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) { - return 0; - } - - if (alpn != NULL) { - alpn_len = strlen(alpn); - } - - if (alpn == NULL || - ssl->session_negotiate->ticket_alpn == NULL || - alpn_len != strlen(ssl->session_negotiate->ticket_alpn) || - (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, the selected ALPN is different " - "from the one associated with the pre-shared key.")); - return -1; - } -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/* Update the handshake state machine */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, - int hrr_required) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * Server certificate selection - */ - if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret); - return ret; - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl->handshake->sni_name = NULL; - ssl->handshake->sni_name_len = 0; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { - ssl->handshake->early_data_accepted = - (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); - - if (ssl->handshake->early_data_accepted) { - ret = mbedtls_ssl_tls13_compute_early_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_early_transform", ret); - return ret; - } - } else { - ssl->discard_early_data_record = - hrr_required ? - MBEDTLS_SSL_EARLY_DATA_DISCARD : - MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD; - } - } -#else - ((void) hrr_required); -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - return 0; -} - -/* - * Main entry point from the state machine; orchestrates the otherfunctions. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) -{ - - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf = NULL; - size_t buflen = 0; - int parse_client_hello_ret; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - &buf, &buflen)); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, - buf + buflen)); - parse_client_hello_ret = ret; /* Store positive return value of - * parse_client_hello, - * as negative error codes are handled - * by MBEDTLS_SSL_PROC_CHK_NEG. */ - - /* - * Version 1.2 of the protocol has to be used for the handshake. - * If TLS 1.2 is not supported, abort the handshake. Otherwise, set the - * ssl->keep_current_message flag for the ClientHello to be kept and parsed - * as a TLS 1.2 ClientHello. We also change ssl->tls_version to - * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step() - * will dispatch to the TLS 1.2 state machine. - */ - if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { - /* Check if server supports TLS 1.2 */ - if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("TLS 1.2 not supported.")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - ssl->keep_current_message = 1; - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - return 0; - } - - MBEDTLS_SSL_PROC_CHK( - ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == - SSL_CLIENT_HELLO_HRR_REQUIRED)); - - if (SSL_CLIENT_HELLO_OK == parse_client_hello_ret) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); - } - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_SERVER_HELLO - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *server_randbytes = - ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif /* MBEDTLS_HAVE_TIME */ - - return ret; -} - -/* - * ssl_tls13_write_server_hello_supported_versions_ext (): - * - * struct { - * ProtocolVersion selected_version; - * } SupportedVersions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_hello_supported_versions_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, write selected version")); - - /* Check if we have space to write the extension: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - selected_version (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, buf, 0); - - MBEDTLS_PUT_UINT16_BE(2, buf, 2); - - mbedtls_ssl_write_version(buf + 4, - ssl->conf->transport, - ssl->tls_version); - - MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [%04x]", - ssl->tls_version)); - - *out_len = 6; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); - - return 0; -} - - - -/* Generate and export a single key share. For hybrid KEMs, this can - * be called multiple times with the different components of the hybrid. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - *out_len = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || - mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { - ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - ssl, named_group, buf, end, out_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange", - ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - if (0 /* Other kinds of KEMs */) { - } else { - ((void) ssl); - ((void) named_group); - ((void) buf); - ((void) end); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return ret; -} - -/* - * ssl_tls13_write_key_share_ext - * - * Structure of key_share extension in ServerHello: - * - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - * struct { - * KeyShareEntry server_share; - * } KeyShareServerHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - uint16_t group = ssl->handshake->offered_group_id; - unsigned char *server_share = buf + 4; - size_t key_exchange_length; - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding key share extension")); - - MBEDTLS_SSL_DEBUG_MSG(2, ("server hello, write selected_group: %s (%04x)", - mbedtls_ssl_named_group_to_str(group), - group)); - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - group (2 bytes) - * - key_exchange_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, p, 0); - MBEDTLS_PUT_UINT16_BE(group, server_share, 0); - p += 8; - - /* When we introduce PQC-ECDHE hybrids, we'll want to call this - * function multiple times. */ - ret = ssl_tls13_generate_and_write_key_share( - ssl, group, server_share + 4, end, &key_exchange_length); - if (ret != 0) { - return ret; - } - p += key_exchange_length; - - MBEDTLS_PUT_UINT16_BE(key_exchange_length, server_share + 2, 0); - - MBEDTLS_PUT_UINT16_BE(p - server_share, buf, 2); - - *out_len = p - buf; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - uint16_t selected_group = ssl->handshake->hrr_selected_group; - /* key_share Extension - * - * struct { - * select (Handshake.msg_type) { - * ... - * case hello_retry_request: - * NamedGroup selected_group; - * ... - * }; - * } KeyShare; - */ - - *out_len = 0; - - /* - * For a pure PSK key exchange, there is no group to agree upon. The purpose - * of the HRR is then to transmit a cookie to force the client to demonstrate - * reachability at their apparent network address (primarily useful for DTLS). - */ - if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { - return 0; - } - - /* We should only send the key_share extension if the client's initial - * key share was not acceptable. */ - if (ssl->handshake->offered_group_id != 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("Skip key_share extension in HRR")); - return 0; - } - - if (selected_group == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no matching named group found")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Check if we have enough space: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - selected_group (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0); - MBEDTLS_PUT_UINT16_BE(2, buf, 2); - MBEDTLS_PUT_UINT16_BE(selected_group, buf, 4); - - MBEDTLS_SSL_DEBUG_MSG(3, - ("HRR selected_group: %s (%x)", - mbedtls_ssl_named_group_to_str(selected_group), - selected_group)); - - *out_len = 6; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); - - return 0; -} - -/* - * Structure of ServerHello message: - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id_echo<0..32>; - * CipherSuite cipher_suite; - * uint8 legacy_compression_method = 0; - * Extension extensions<6..2^16-1>; - * } ServerHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len, - int is_hrr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - unsigned char *p_extensions_len; - size_t output_len; - - *out_len = 0; - ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - /* ... - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * ... - * with ProtocolVersion defined as: - * uint16 ProtocolVersion; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(0x0303, p, 0); - p += 2; - - /* ... - * Random random; - * ... - * with Random defined as: - * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN]; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN); - if (is_hrr) { - memcpy(p, mbedtls_ssl_tls13_hello_retry_request_magic, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - } else { - memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - } - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", - p, MBEDTLS_SERVER_HELLO_RANDOM_LEN); - p += MBEDTLS_SERVER_HELLO_RANDOM_LEN; - - /* ... - * opaque legacy_session_id_echo<0..32>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); - *p++ = (unsigned char) ssl->session_negotiate->id_len; - if (ssl->session_negotiate->id_len > 0) { - memcpy(p, &ssl->session_negotiate->id[0], - ssl->session_negotiate->id_len); - p += ssl->session_negotiate->id_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - } - - /* ... - * CipherSuite cipher_suite; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, - ("server hello, chosen ciphersuite: %s ( id=%d )", - mbedtls_ssl_get_ciphersuite_name( - ssl->session_negotiate->ciphersuite), - ssl->session_negotiate->ciphersuite)); - - /* ... - * uint8 legacy_compression_method = 0; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1); - *p++ = MBEDTLS_SSL_COMPRESS_NULL; - - /* ... - * Extension extensions<6..2^16-1>; - * ... - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - - if ((ret = ssl_tls13_write_server_hello_supported_versions_ext( - ssl, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_write_server_hello_supported_versions_ext", ret); - return ret; - } - p += output_len; - - if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { - if (is_hrr) { - ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); - } else { - ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); - } - if (ret != 0) { - return ret; - } - p += output_len; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_server_pre_shared_key_ext", - ret); - return ret; - } - p += output_len; - } -#endif - - MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); - - MBEDTLS_SSL_DEBUG_BUF(4, "server hello extensions", - p_extensions_len, p - p_extensions_len); - - *out_len = p - buf; - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello", buf, *out_len); - - MBEDTLS_SSL_PRINT_EXTS( - 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : - MBEDTLS_SSL_HS_SERVER_HELLO, - ssl->handshake->sent_extensions); - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls13_compute_handshake_transform", - ret); - return ret; - } - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello")); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, - buf + buf_len, - &msg_len, - 0)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /* The server sends a dummy change_cipher_spec record immediately - * after its first handshake message. This may either be after - * a ServerHello or a HelloRetryRequest. - */ - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - return ret; -} - - -/* - * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (ssl->handshake->hello_retry_request_flag) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Too many HRRs")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* - * Create stateless transcript hash for HRR - */ - MBEDTLS_SSL_DEBUG_MSG(4, ("Reset transcript for HRR")); - ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_transcript_for_hrr", ret); - return ret; - } - mbedtls_ssl_session_reset_msg_layer(ssl, 0); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello retry request")); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, - buf + buf_len, - &msg_len, - 1)); - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); - - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, - msg_len)); - - ssl->handshake->hello_retry_request_flag = 1; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /* The server sends a dummy change_cipher_spec record immediately - * after its first handshake message. This may either be after - * a ServerHello or a HelloRetryRequest. - */ - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -cleanup: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello retry request")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS - */ - -/* - * struct { - * Extension extensions<0..2 ^ 16 - 1>; - * } EncryptedExtensions; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t extensions_len = 0; - unsigned char *p_extensions_len; - size_t output_len; - - *out_len = 0; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - - ((void) ssl); - ((void) ret); - ((void) output_len); - -#if defined(MBEDTLS_SSL_ALPN) - ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->early_data_accepted) { - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { - ret = mbedtls_ssl_tls13_write_record_size_limit_ext( - ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif - - extensions_len = (p - p_extensions_len) - 2; - MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); - - *out_len = p - buf; - - MBEDTLS_SSL_DEBUG_BUF(4, "encrypted extensions", buf, *out_len); - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - mbedtls_ssl_set_outbound_transform(ssl, - ssl->handshake->transform_handshake); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("switching to handshake transform for outbound data")); - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); - } -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); -#endif - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write encrypted extensions")); - return ret; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0 -#define SSL_CERTIFICATE_REQUEST_SKIP 1 -/* Coordination: - * Check whether a CertificateRequest message should be written. - * Returns a negative code on failure, or - * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST - * - SSL_CERTIFICATE_REQUEST_SKIP - * indicating if the writing of the CertificateRequest - * should be skipped or not. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) -{ - int authmode; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { - authmode = ssl->handshake->sni_authmode; - } else -#endif - authmode = ssl->conf->authmode; - - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return SSL_CERTIFICATE_REQUEST_SKIP; - } - - ssl->handshake->certificate_request_sent = 1; - - return SSL_CERTIFICATE_REQUEST_SEND_REQUEST; -} - -/* - * struct { - * opaque certificate_request_context<0..2^8-1>; - * Extension extensions<2..2^16-1>; - * } CertificateRequest; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t output_len = 0; - unsigned char *p_extensions_len; - - *out_len = 0; - - /* Check if we have enough space: - * - certificate_request_context (1 byte) - * - extensions length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3); - - /* - * Write certificate_request_context - */ - /* - * We use a zero length context for the normal handshake - * messages. For post-authentication handshake messages - * this request context would be set to a non-zero value. - */ - *p++ = 0x0; - - /* - * Write extensions - */ - /* The extensions must contain the signature_algorithms. */ - p_extensions_len = p; - p += 2; - ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - - p += output_len; - MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); - - *out_len = p - buf; - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); - - if (ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST) { - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - ret = 0; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if ((ssl_tls13_pick_key_cert(ssl) != 0) || - mbedtls_ssl_own_cert(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("No certificate available.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - ret = mbedtls_ssl_tls13_write_certificate(ssl); - if (ret != 0) { - return ret; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); - if (ret != 0) { - return ret; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * RFC 8446 section A.2 - * - * | Send ServerHello - * | K_send = handshake - * | Send EncryptedExtensions - * | [Send CertificateRequest] - * Can send | [Send Certificate + CertificateVerify] - * app data | Send Finished - * after --> | K_send = application - * here +--------+--------+ - * No 0-RTT | | 0-RTT - * | | - * K_recv = handshake | | K_recv = early data - * [Skip decrypt errors] | +------> WAIT_EOED -+ - * | | Recv | | Recv EndOfEarlyData - * | | early data | | K_recv = handshake - * | +------------+ | - * | | - * +> WAIT_FLIGHT2 <--------+ - * | - * +--------+--------+ - * No auth | | Client auth - * | | - * | v - * | WAIT_CERT - * | Recv | | Recv Certificate - * | empty | v - * | Certificate | WAIT_CV - * | | | Recv - * | v | CertificateVerify - * +-> WAIT_FINISHED <---+ - * | Recv Finished - * - * - * The following function handles the state changes after WAIT_FLIGHT2 in the - * above diagram. We are not going to receive early data related messages - * anymore, prepare to receive the first handshake message of the client - * second flight. - */ -static void ssl_tls13_prepare_for_handshake_second_flight( - mbedtls_ssl_context *ssl) -{ - if (ssl->handshake->certificate_request_sent) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate")); - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } -} - -/* - * Handler for MBEDTLS_SSL_SERVER_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_ssl_tls13_write_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_application_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->early_data_accepted) { - /* See RFC 8446 section A.2 for more information */ - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early keys for inbound traffic. " - "( K_recv = early data )")); - mbedtls_ssl_set_inbound_transform( - ssl, ssl->handshake->transform_earlydata); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - return 0; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to handshake keys for inbound traffic " - "( K_recv = handshake )")); - mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); - - ssl_tls13_prepare_for_handshake_second_flight(ssl); - - return 0; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA - */ -#define SSL_GOT_END_OF_EARLY_DATA 0 -#define SSL_GOT_EARLY_DATA 1 -/* Coordination: - * Deals with the ambiguity of not knowing if the next message is an - * EndOfEarlyData message or an application message containing early data. - * Returns a negative code on failure, or - * - SSL_GOT_END_OF_EARLY_DATA - * - SSL_GOT_EARLY_DATA - * indicating which message is received. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - ssl->keep_current_message = 1; - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Received an end_of_early_data message.")); - return SSL_GOT_END_OF_EARLY_DATA; - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - if (ssl->in_offt == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data")); - /* Set the reading pointer */ - ssl->in_offt = ssl->in_msg; - ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); - if (ret != 0) { - return ret; - } - } - return SSL_GOT_EARLY_DATA; - } - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - /* RFC 8446 section 4.5 - * - * struct {} EndOfEarlyData; - */ - if (buf != end) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - return 0; -} - -/* - * RFC 8446 section A.2 - * - * | Send ServerHello - * | K_send = handshake - * | Send EncryptedExtensions - * | [Send CertificateRequest] - * Can send | [Send Certificate + CertificateVerify] - * app data | Send Finished - * after --> | K_send = application - * here +--------+--------+ - * No 0-RTT | | 0-RTT - * | | - * K_recv = handshake | | K_recv = early data - * [Skip decrypt errors] | +------> WAIT_EOED -+ - * | | Recv | | Recv EndOfEarlyData - * | | early data | | K_recv = handshake - * | +------------+ | - * | | - * +> WAIT_FLIGHT2 <--------+ - * | - * +--------+--------+ - * No auth | | Client auth - * | | - * | v - * | WAIT_CERT - * | Recv | | Recv Certificate - * | empty | v - * | Certificate | WAIT_CV - * | | | Recv - * | v | CertificateVerify - * +-> WAIT_FINISHED <---+ - * | Recv Finished - * - * The function handles actions and state changes from 0-RTT to WAIT_FLIGHT2 in - * the above diagram. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_end_of_early_data")); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); - - if (ret == SSL_GOT_END_OF_EARLY_DATA) { - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( - ssl, buf, buf + buf_len)); - - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to handshake keys for inbound traffic" - "( K_recv = handshake )")); - mbedtls_ssl_set_inbound_transform( - ssl, ssl->handshake->transform_handshake); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, - buf, buf_len)); - - ssl_tls13_prepare_for_handshake_second_flight(ssl); - - } else if (ret == SSL_GOT_EARLY_DATA) { - ret = MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA; - goto cleanup; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - -cleanup: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_end_of_early_data")); - return ret; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/* - * Handler for MBEDTLS_SSL_CLIENT_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_ssl_tls13_process_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_resumption_master_secret", ret); - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - - mbedtls_ssl_tls13_handshake_wrapup(ssl); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/* TODO: Remove the check of SOME_PSK_ENABLED since SESSION_TICKETS requires - * SOME_PSK_ENABLED to be enabled. Here is just to make CI happy. It is - * expected to be resolved with issue#6395. - */ - /* Sent NewSessionTicket message only when client supports PSK */ - if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - } else -#endif - { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } - return 0; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* - * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - */ -#define SSL_NEW_SESSION_TICKET_SKIP 0 -#define SSL_NEW_SESSION_TICKET_WRITE 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) -{ - /* Check whether the use of session tickets is enabled */ - if (ssl->conf->f_ticket_write == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled," - " callback is not set")); - return SSL_NEW_SESSION_TICKET_SKIP; - } - if (ssl->conf->new_session_tickets_count == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled," - " configured count is zero")); - return SSL_NEW_SESSION_TICKET_SKIP; - } - - if (ssl->handshake->new_session_tickets_count == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: all tickets have " - "been sent.")); - return SSL_NEW_SESSION_TICKET_SKIP; - } - - return SSL_NEW_SESSION_TICKET_WRITE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, - unsigned char *ticket_nonce, - size_t ticket_nonce_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session *session = ssl->session; - mbedtls_ssl_ciphersuite_t *ciphersuite_info; - psa_algorithm_t psa_hash_alg; - int hash_length; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg")); - - /* Set ticket_flags depends on the advertised psk key exchange mode */ - mbedtls_ssl_tls13_session_clear_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_ssl_tls13_session_set_ticket_flags( - session, ssl->handshake->tls13_kex_modes); -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->conf->max_early_data_size > 0) { - mbedtls_ssl_tls13_session_set_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - session->max_early_data_size = ssl->conf->max_early_data_size; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - if (session->ticket_alpn == NULL) { - ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen); - if (ret != 0) { - return ret; - } - } -#endif - - /* Generate ticket_age_add */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, - (unsigned char *) &session->ticket_age_add, - sizeof(session->ticket_age_add)) != 0)) { - MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u", - (unsigned int) session->ticket_age_add)); - - /* Generate ticket_nonce */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:", - ticket_nonce, ticket_nonce_size); - - ciphersuite_info = - (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; - psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_length = PSA_HASH_LENGTH(psa_hash_alg); - if (hash_length == -1 || - (size_t) hash_length > sizeof(session->resumption_key)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* In this code the psk key length equals the length of the hash */ - session->resumption_key_len = hash_length; - session->ciphersuite = ciphersuite_info->id; - - /* Compute resumption key - * - * HKDF-Expand-Label( resumption_master_secret, - * "resumption", ticket_nonce, Hash.length ) - */ - ret = mbedtls_ssl_tls13_hkdf_expand_label( - psa_hash_alg, - session->app_secrets.resumption_master_secret, - hash_length, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption), - ticket_nonce, - ticket_nonce_size, - session->resumption_key, - hash_length); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(2, - "Creating the ticket-resumed PSK failed", - ret); - return ret; - } - MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK", - session->resumption_key, - session->resumption_key_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret", - session->app_secrets.resumption_master_secret, - hash_length); - - return 0; -} - -/* This function creates a NewSessionTicket message in the following format: - * - * struct { - * uint32 ticket_lifetime; - * uint32 ticket_age_add; - * opaque ticket_nonce<0..255>; - * opaque ticket<1..2^16-1>; - * Extension extensions<0..2^16-2>; - * } NewSessionTicket; - * - * The ticket inside the NewSessionTicket message is an encrypted container - * carrying the necessary information so that the server is later able to - * re-start the communication. - * - * The following fields are placed inside the ticket by the - * f_ticket_write() function: - * - * - creation time (ticket_creation_time) - * - flags (ticket_flags) - * - age add (ticket_age_add) - * - key (resumption_key) - * - key length (resumption_key_len) - * - ciphersuite (ciphersuite) - * - max_early_data_size (max_early_data_size) - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len, - unsigned char *ticket_nonce, - size_t ticket_nonce_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - mbedtls_ssl_session *session = ssl->session; - size_t ticket_len; - uint32_t ticket_lifetime; - unsigned char *p_extensions_len; - - *out_len = 0; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); - - /* - * ticket_lifetime 4 bytes - * ticket_age_add 4 bytes - * ticket_nonce 1 + ticket_nonce_size bytes - * ticket >=2 bytes - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + 4 + 1 + ticket_nonce_size + 2); - - /* Generate ticket and ticket_lifetime */ -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation_time = mbedtls_ms_time(); -#endif - ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, - session, - p + 9 + ticket_nonce_size + 2, - end, - &ticket_len, - &ticket_lifetime); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "write_ticket", ret); - return ret; - } - - /* RFC 8446 section 4.6.1 - * - * ticket_lifetime: Indicates the lifetime in seconds as a 32-bit - * unsigned integer in network byte order from the time of ticket - * issuance. Servers MUST NOT use any value greater than - * 604800 seconds (7 days) ... - */ - if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Ticket lifetime (%u) is greater than 7 days.", - (unsigned int) ticket_lifetime)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0); - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", - (unsigned int) ticket_lifetime)); - - /* Write ticket_age_add */ - MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 4); - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u", - (unsigned int) session->ticket_age_add)); - - /* Write ticket_nonce */ - p[8] = (unsigned char) ticket_nonce_size; - if (ticket_nonce_size > 0) { - memcpy(p + 9, ticket_nonce, ticket_nonce_size); - } - p += 9 + ticket_nonce_size; - - /* Write ticket */ - MBEDTLS_PUT_UINT16_BE(ticket_len, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_BUF(4, "ticket", p, ticket_len); - p += ticket_len; - - /* Ticket Extensions - * - * Extension extensions<0..2^16-2>; - */ - ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_tls13_session_ticket_allow_early_data(session)) { - size_t output_len; - - if ((ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 1, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); - return ret; - } - p += output_len; - } else { - MBEDTLS_SSL_DEBUG_MSG( - 4, ("early_data not allowed, " - "skip early_data extension in NewSessionTicket")); - } - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); - - *out_len = p - buf; - MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); - - return 0; -} - -/* - * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - */ -static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); - - if (ret == SSL_NEW_SESSION_TICKET_WRITE) { - unsigned char ticket_nonce[MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH]; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket( - ssl, ticket_nonce, sizeof(ticket_nonce))); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body( - ssl, buf, buf + buf_len, &msg_len, - ticket_nonce, sizeof(ticket_nonce))); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - - /* Limit session tickets count to one when resumption connection. - * - * See document of mbedtls_ssl_conf_new_session_tickets. - */ - if (ssl->handshake->resume == 1) { - ssl->handshake->new_session_tickets_count = 0; - } else { - ssl->handshake->new_session_tickets_count--; - } - - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } - -cleanup: - - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -/* - * TLS 1.3 State Machine -- server side - */ -int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)", - mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), - ssl->state)); - - switch (ssl->state) { - /* start state */ - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - ret = 0; - break; - - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_tls13_process_client_hello(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_process_client_hello", ret); - } - break; - - case MBEDTLS_SSL_HELLO_RETRY_REQUEST: - ret = ssl_tls13_write_hello_retry_request(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_hello_retry_request", ret); - return ret; - } - break; - - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_tls13_write_server_hello(ssl); - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - ret = ssl_tls13_write_encrypted_extensions(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_encrypted_extensions", ret); - return ret; - } - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_tls13_write_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = ssl_tls13_write_server_certificate(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_tls13_write_certificate_verify(ssl); - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - /* - * Injection of dummy-CCS's for middlebox compatibility - */ -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - } - break; - - case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret != 0) { - break; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - break; -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = ssl_tls13_write_server_finished(ssl); - break; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_tls13_process_end_of_early_data(ssl); - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = ssl_tls13_process_client_finished(ssl); - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - ret = ssl_tls13_handshake_wrapup(ssl); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_tls13_process_certificate(ssl); - if (ret == 0) { - if (ssl->session_negotiate->peer_cert != NULL) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - } - break; - - case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: - ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: - ret = ssl_tls13_write_new_session_ticket(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_write_new_session_ticket ", - ret); - } - break; - case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: - /* This state is necessary to do the flush of the New Session - * Ticket message written in MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - * as part of ssl_prepare_handshake_step. - */ - ret = 0; - - if (ssl->handshake->new_session_tickets_count == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } else { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - } - break; - -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - return ret; -} - -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/timing.c b/library/timing.c deleted file mode 100644 index 1ed88639e..000000000 --- a/library/timing.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Portable interface to the CPU cycle counter - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_TIMING_C) - -#include "mbedtls/timing.h" - -#if !defined(MBEDTLS_TIMING_ALT) - -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) -#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h" -#endif - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the - * platform matches the ifdefs above, it will be used. */ -#include -#include -struct _hr_time { - struct timeval start; -}; -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -/** - * \brief Return the elapsed time in milliseconds - * - * \warning May change without notice - * - * \param val points to a timer structure - * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. - * - * \return Elapsed time since the previous reset in ms. When - * restarting, this is always 0. - * - * \note To initialize a timer, call this function with reset=1. - * - * Determining the elapsed time and resetting the timer is not - * atomic on all platforms, so after the sequence - * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = - * get_timer(0) }` the value time1+time2 is only approximately - * the delay since the first reset. - */ -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) -{ - struct _hr_time *t = (struct _hr_time *) val; - - if (reset) { - QueryPerformanceCounter(&t->start); - return 0; - } else { - unsigned long delta; - LARGE_INTEGER now, hfreq; - QueryPerformanceCounter(&now); - QueryPerformanceFrequency(&hfreq); - delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul - / hfreq.QuadPart); - return delta; - } -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) -{ - struct _hr_time *t = (struct _hr_time *) val; - - if (reset) { - gettimeofday(&t->start, NULL); - return 0; - } else { - unsigned long delta; - struct timeval now; - gettimeofday(&now, NULL); - delta = (now.tv_sec - t->start.tv_sec) * 1000ul - + (now.tv_usec - t->start.tv_usec) / 1000; - return delta; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -/* - * Set delays to watch - */ -void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms) -{ - mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - - ctx->int_ms = int_ms; - ctx->fin_ms = fin_ms; - - if (fin_ms != 0) { - (void) mbedtls_timing_get_timer(&ctx->timer, 1); - } -} - -/* - * Get number of delays expired - */ -int mbedtls_timing_get_delay(void *data) -{ - mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - unsigned long elapsed_ms; - - if (ctx->fin_ms == 0) { - return -1; - } - - elapsed_ms = mbedtls_timing_get_timer(&ctx->timer, 0); - - if (elapsed_ms >= ctx->fin_ms) { - return 2; - } - - if (elapsed_ms >= ctx->int_ms) { - return 1; - } - - return 0; -} - -/* - * Get the final delay. - */ -uint32_t mbedtls_timing_get_final_delay( - const mbedtls_timing_delay_context *data) -{ - return data->fin_ms; -} -#endif /* !MBEDTLS_TIMING_ALT */ -#endif /* MBEDTLS_TIMING_C */ diff --git a/library/version.c b/library/version.c deleted file mode 100644 index 2cd947da7..000000000 --- a/library/version.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Version information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_VERSION_C) - -#include "mbedtls/version.h" -#include - -unsigned int mbedtls_version_get_number(void) -{ - return MBEDTLS_VERSION_NUMBER; -} - -void mbedtls_version_get_string(char *string) -{ - memcpy(string, MBEDTLS_VERSION_STRING, - sizeof(MBEDTLS_VERSION_STRING)); -} - -void mbedtls_version_get_string_full(char *string) -{ - memcpy(string, MBEDTLS_VERSION_STRING_FULL, - sizeof(MBEDTLS_VERSION_STRING_FULL)); -} - -#endif /* MBEDTLS_VERSION_C */ diff --git a/library/x509.c b/library/x509.c deleted file mode 100644 index 0571687da..000000000 --- a/library/x509.c +++ /dev/null @@ -1,1844 +0,0 @@ -/* - * X.509 common functions for parsing and verification - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_USE_C) - -#include "mbedtls/asn1.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" - -#include -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/asn1write.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#if defined(MBEDTLS_HAVE_TIME_DATE) -#include "mbedtls/platform_util.h" -#include -#endif - -#define CHECK(code) \ - do { \ - if ((ret = (code)) != 0) { \ - return ret; \ - } \ - } while (0) - -#define CHECK_RANGE(min, max, val) \ - do { \ - if ((val) < (min) || (val) > (max)) { \ - return ret; \ - } \ - } while (0) - -/* - * CertificateSerialNumber ::= INTEGER - */ -int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && - **p != MBEDTLS_ASN1_INTEGER) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - serial->tag = *(*p)++; - - if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret); - } - - serial->p = *p; - *p += serial->len; - - return 0; -} - -/* Get an algorithm identifier without parameters (eg for signatures) - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - */ -int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - return 0; -} - -/* - * Parse an algorithm identifier with (optional) parameters - */ -int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - return 0; -} - -/* - * Convert md type to string - */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - -static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) -{ - switch (md_alg) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return "MD5"; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return "SHA1"; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return "SHA224"; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return "SHA256"; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return "SHA384"; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return "SHA512"; -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - case MBEDTLS_MD_RIPEMD160: - return "RIPEMD160"; -#endif - case MBEDTLS_MD_NONE: - return NULL; - default: - return NULL; - } -} - -#endif /* !defined(MBEDTLS_X509_REMOVE_INFO) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -/* - * HashAlgorithm ::= AlgorithmIdentifier - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * - * For HashAlgorithm, parameters MUST be NULL or absent. - */ -static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p; - const unsigned char *end; - mbedtls_x509_buf md_oid; - size_t len; - - /* Make sure we got a SEQUENCE and setup bounds */ - if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - p = alg->p; - end = p + alg->len; - - if (p >= end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - /* Parse md_oid */ - md_oid.tag = *p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - md_oid.p = p; - p += md_oid.len; - - /* Get md_alg from md_oid */ - if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - /* Make sure params is absent of NULL */ - if (p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * RSASSA-PSS-params ::= SEQUENCE { - * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, - * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier, - * saltLength [2] INTEGER DEFAULT 20, - * trailerField [3] INTEGER DEFAULT 1 } - * -- Note that the tags in this Sequence are explicit. - * - * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value - * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other - * option. Enforce this at parsing time. - */ -int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p; - const unsigned char *end, *end2; - size_t len; - mbedtls_x509_buf alg_id, alg_params; - - /* First set everything to defaults */ - *md_alg = MBEDTLS_MD_SHA1; - *mgf_md = MBEDTLS_MD_SHA1; - *salt_len = 20; - - /* Make sure params is a SEQUENCE and setup bounds */ - if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - p = (unsigned char *) params->p; - end = p + params->len; - - if (p == end) { - return 0; - } - - /* - * HashAlgorithm - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 0)) == 0) { - end2 = p + len; - - /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */ - if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) { - return ret; - } - - if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p == end) { - return 0; - } - - /* - * MaskGenAlgorithm - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 1)) == 0) { - end2 = p + len; - - /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */ - if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) { - return ret; - } - - /* Only MFG1 is recognised for now */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, - MBEDTLS_ERR_OID_NOT_FOUND); - } - - /* Parse HashAlgorithm */ - if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) { - return ret; - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p == end) { - return 0; - } - - /* - * salt_len - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 2)) == 0) { - end2 = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p == end) { - return 0; - } - - /* - * trailer_field (if present, must be 1) - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 3)) == 0) { - int trailer_field; - - end2 = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - if (trailer_field != 1) { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -/* - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - */ -static int x509_get_attr_type_value(unsigned char **p, - const unsigned char *end, - mbedtls_x509_name *cur) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - mbedtls_x509_buf *oid; - mbedtls_x509_buf *val; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - } - - end = *p + len; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - oid = &cur->oid; - oid->tag = **p; - - if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - } - - oid->p = *p; - *p += oid->len; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && - **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && - **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && - **p != MBEDTLS_ASN1_BIT_STRING) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - val = &cur->val; - val->tag = *(*p)++; - - if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - } - - val->p = *p; - *p += val->len; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - cur->next = NULL; - - return 0; -} - -/* - * Name ::= CHOICE { -- only one possibility for now -- - * rdnSequence RDNSequence } - * - * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - * - * RelativeDistinguishedName ::= - * SET OF AttributeTypeAndValue - * - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - * - * The data structure is optimized for the common case where each RDN has only - * one element, which is represented as a list of AttributeTypeAndValue. - * For the general case we still use a flat list, but we mark elements of the - * same set so that they are "merged" together in the functions that consume - * this list, eg mbedtls_x509_dn_gets(). - * - * On success, this function may allocate a linked list starting at cur->next - * that must later be free'd by the caller using mbedtls_free(). In error - * cases, this function frees all allocated memory internally and the caller - * has no freeing responsibilities. - */ -int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t set_len; - const unsigned char *end_set; - mbedtls_x509_name *head = cur; - - /* don't use recursion, we'd risk stack overflow if not optimized */ - while (1) { - /* - * parse SET - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - goto error; - } - - end_set = *p + set_len; - - while (1) { - if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) { - goto error; - } - - if (*p == end_set) { - break; - } - - /* Mark this item as being no the only one in a set */ - cur->next_merged = 1; - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - - if (cur->next == NULL) { - ret = MBEDTLS_ERR_X509_ALLOC_FAILED; - goto error; - } - - cur = cur->next; - } - - /* - * continue until end of SEQUENCE is reached - */ - if (*p == end) { - return 0; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - - if (cur->next == NULL) { - ret = MBEDTLS_ERR_X509_ALLOC_FAILED; - goto error; - } - - cur = cur->next; - } - -error: - /* Skip the first element as we did not allocate it */ - mbedtls_asn1_free_named_data_list_shallow(head->next); - head->next = NULL; - - return ret; -} - -static int x509_date_is_valid(const mbedtls_x509_time *t) -{ - unsigned int month_days; - unsigned int year; - switch (t->mon) { - case 1: case 3: case 5: case 7: case 8: case 10: case 12: - month_days = 31; - break; - case 4: case 6: case 9: case 11: - month_days = 30; - break; - case 2: - year = (unsigned int) t->year; - month_days = ((year & 3) || (!(year % 100) - && (year % 400))) - ? 28 : 29; - break; - default: - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - if ((unsigned int) (t->day - 1) >= month_days || /* (1 - days in month) */ - /* (unsigned int) (t->mon - 1) >= 12 || */ /* (1 - 12) checked above */ - (unsigned int) t->year > 9999 || /* (0 - 9999) */ - (unsigned int) t->hour > 23 || /* (0 - 23) */ - (unsigned int) t->min > 59 || /* (0 - 59) */ - (unsigned int) t->sec > 59) { /* (0 - 59) */ - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - return 0; -} - -static int x509_parse2_int(const unsigned char *p) -{ - uint32_t d1 = p[0] - '0'; - uint32_t d2 = p[1] - '0'; - return (d1 < 10 && d2 < 10) ? (int) (d1 * 10 + d2) : -1; -} - -/* - * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) - * field. - */ -static int x509_parse_time(const unsigned char *p, mbedtls_x509_time *tm, - size_t yearlen) -{ - int x; - - /* - * Parse year, month, day, hour, minute, second - */ - tm->year = x509_parse2_int(p); - if (tm->year < 0) { - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - if (4 == yearlen) { - x = tm->year * 100; - p += 2; - tm->year = x509_parse2_int(p); - if (tm->year < 0) { - return MBEDTLS_ERR_X509_INVALID_DATE; - } - } else { - x = (tm->year < 50) ? 2000 : 1900; - } - tm->year += x; - - tm->mon = x509_parse2_int(p + 2); - tm->day = x509_parse2_int(p + 4); - tm->hour = x509_parse2_int(p + 6); - tm->min = x509_parse2_int(p + 8); - tm->sec = x509_parse2_int(p + 10); - - return x509_date_is_valid(tm); -} - -/* - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - */ -int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, - mbedtls_x509_time *tm) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len, year_len; - unsigned char tag; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - tag = **p; - - if (tag == MBEDTLS_ASN1_UTC_TIME) { - year_len = 2; - } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) { - year_len = 4; - } else { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - (*p)++; - ret = mbedtls_asn1_get_len(p, end, &len); - - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); - } - - /* len is 12 or 14 depending on year_len, plus optional trailing 'Z' */ - if (len != year_len + 10 && - !(len == year_len + 11 && (*p)[(len - 1)] == 'Z')) { - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - (*p) += len; - return x509_parse_time(*p - len, tm, year_len); -} - -int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - int tag_type; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - tag_type = **p; - - if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret); - } - - sig->tag = tag_type; - sig->len = len; - sig->p = *p; - - *p += len; - - return 0; -} - -/* - * Get signature algorithm from alg OID and optional parameters - */ -int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (*sig_opts != NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); - } - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { - mbedtls_pk_rsassa_pss_options *pss_opts; - - pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); - if (pss_opts == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - ret = mbedtls_x509_get_rsassa_pss_params(sig_params, - md_alg, - &pss_opts->mgf1_hash_id, - &pss_opts->expected_salt_len); - if (ret != 0) { - mbedtls_free(pss_opts); - return ret; - } - - *sig_opts = (void *) pss_opts; - } else -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - { - /* Make sure parameters are absent or NULL */ - if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || - sig_params->len != 0) { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - } - - return 0; -} - -/* - * X.509 Extensions (No parsing of extensions, pointer should - * be either manually updated or extensions should be parsed!) - */ -int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Extension structure use EXPLICIT tagging. That is, the actual - * `Extensions` structure is wrapped by a tag-length pair using - * the respective context-specific tag. */ - ret = mbedtls_asn1_get_tag(p, end, &ext->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; - ext->p = *p; - end = *p + ext->len; - - /* - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (end != *p + len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -static char nibble_to_hex_digit(int i) -{ - return (i < 10) ? (i + '0') : (i - 10 + 'A'); -} - -/* Return the x.y.z.... style numeric string for the given OID */ -int mbedtls_oid_get_numeric_string(char *buf, size_t size, - const mbedtls_asn1_buf *oid) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - char *p = buf; - size_t n = size; - unsigned int value = 0; - - if (size > INT_MAX) { - /* Avoid overflow computing return value */ - return MBEDTLS_ERR_ASN1_INVALID_LENGTH; - } - - if (oid->len <= 0) { - /* OID must not be empty */ - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - for (size_t i = 0; i < oid->len; i++) { - /* Prevent overflow in value. */ - if (value > (UINT_MAX >> 7)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - if ((value == 0) && ((oid->p[i]) == 0x80)) { - /* Overlong encoding is not allowed */ - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - - value <<= 7; - value |= oid->p[i] & 0x7F; - - if (!(oid->p[i] & 0x80)) { - /* Last byte */ - if (n == size) { - int component1; - unsigned int component2; - /* First subidentifier contains first two OID components */ - if (value >= 80) { - component1 = '2'; - component2 = value - 80; - } else if (value >= 40) { - component1 = '1'; - component2 = value - 40; - } else { - component1 = '0'; - component2 = value; - } - ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); - } else { - ret = mbedtls_snprintf(p, n, ".%u", value); - } - if (ret < 2 || (size_t) ret >= n) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; - } - n -= (size_t) ret; - p += ret; - value = 0; - } - } - - if (value != 0) { - /* Unterminated subidentifier */ - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - return (int) (size - n); -} - -/* - * Store the name in printable form into buf; no more - * than size characters will be written - */ -int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start; - /* 6 is enough as our asn1 write functions only write one byte for the tag and at most five bytes for the length*/ - unsigned char asn1_tag_len_buf[6]; - unsigned char *asn1_len_p; - unsigned char c, merge = 0; - const mbedtls_x509_name *name; - const char *short_name = NULL; - char lowbits, highbits; - char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - int print_hexstring; - - memset(s, 0, sizeof(s)); - - name = dn; - p = buf; - n = size; - - while (name != NULL) { - if (!name->oid.p) { - name = name->next; - continue; - } - - if (name != dn) { - ret = mbedtls_snprintf(p, n, merge ? " + " : ", "); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) && - (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) && - (name->val.tag != MBEDTLS_ASN1_IA5_STRING); - - if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { - ret = mbedtls_snprintf(p, n, "%s=", short_name); - } else { - if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) { - n -= ret; - p += ret; - ret = mbedtls_snprintf(p, n, "="); - print_hexstring = 1; - } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } else { - ret = mbedtls_snprintf(p, n, "\?\?="); - } - } - MBEDTLS_X509_SAFE_SNPRINTF; - - if (print_hexstring) { - s[0] = '#'; - - asn1_len_p = asn1_tag_len_buf + sizeof(asn1_tag_len_buf); - if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - asn1_len_size = ret; - if ((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - asn1_tag_size = ret; - asn1_tag_len_buf_start = sizeof(asn1_tag_len_buf) - asn1_len_size - asn1_tag_size; - for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - c = asn1_tag_len_buf[asn1_tag_len_buf_start+i]; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[j++] = nibble_to_hex_digit(highbits); - s[j++] = nibble_to_hex_digit(lowbits); - } - for (i = 0; i < name->val.len; i++) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - c = name->val.p[i]; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[j++] = nibble_to_hex_digit(highbits); - s[j++] = nibble_to_hex_digit(lowbits); - } - } else { - for (i = 0, j = 0; i < name->val.len; i++, j++) { - if (j >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - c = name->val.p[i]; - // Special characters requiring escaping, RFC 4514 Section 2.4 - if (c == '\0') { - return MBEDTLS_ERR_X509_INVALID_NAME; - } else { - if (strchr(",=+<>;\"\\", c) || - ((i == 0) && strchr("# ", c)) || - ((i == name->val.len-1) && (c == ' '))) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - s[j++] = '\\'; - } - } - if (c < 32 || c >= 127) { - if (j + 3 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - s[j++] = '\\'; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[j++] = nibble_to_hex_digit(highbits); - s[j] = nibble_to_hex_digit(lowbits); - } else { - s[j] = c; - } - } - } - s[j] = '\0'; - ret = mbedtls_snprintf(p, n, "%s", s); - MBEDTLS_X509_SAFE_SNPRINTF; - - merge = name->next_merged; - name = name->next; - } - - return (int) (size - n); -} - -/* - * Store the serial in printable form into buf; no more - * than size characters will be written - */ -int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, n, nr; - char *p; - - p = buf; - n = size; - - nr = (serial->len <= 32) - ? serial->len : 28; - - for (i = 0; i < nr; i++) { - if (i == 0 && nr > 1 && serial->p[i] == 0x0) { - continue; - } - - ret = mbedtls_snprintf(p, n, "%02X%s", - serial->p[i], (i < nr - 1) ? ":" : ""); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - if (nr != serial->len) { - ret = mbedtls_snprintf(p, n, "...."); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -} - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Helper for writing signature algorithms - */ -int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - char *p = buf; - size_t n = size; - const char *desc = NULL; - - ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc); - if (ret != 0) { - ret = mbedtls_snprintf(p, n, "???"); - } else { - ret = mbedtls_snprintf(p, n, "%s", desc); - } - MBEDTLS_X509_SAFE_SNPRINTF; - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - const mbedtls_pk_rsassa_pss_options *pss_opts; - - pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; - - const char *name = md_type_to_string(md_alg); - const char *mgf_name = md_type_to_string(pss_opts->mgf1_hash_id); - - ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)", - name ? name : "???", - mgf_name ? mgf_name : "???", - (unsigned int) pss_opts->expected_salt_len); - MBEDTLS_X509_SAFE_SNPRINTF; - } -#else - ((void) pk_alg); - ((void) md_alg); - ((void) sig_opts); -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Helper for writing "RSA key size", "EC key size", etc - */ -int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name) -{ - char *p = buf; - size_t n = buf_size; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_snprintf(p, n, "%s key size", name); - MBEDTLS_X509_SAFE_SNPRINTF; - - return 0; -} - -int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, - const mbedtls_x509_time *t2) -{ - int x; - - x = (((t1->year << 9) | (t1->mon << 5) | (t1->day)) - - ((t2->year << 9) | (t2->mon << 5) | (t2->day))); - if (x != 0) { - return x; - } - - x = (((t1->hour << 12) | (t1->min << 6) | (t1->sec)) - - ((t2->hour << 12) | (t2->min << 6) | (t2->sec))); - return x; -} - -#if defined(MBEDTLS_HAVE_TIME_DATE) -int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now) -{ - struct tm tm; - - if (mbedtls_platform_gmtime_r(&tt, &tm) == NULL) { - return -1; - } - - now->year = tm.tm_year + 1900; - now->mon = tm.tm_mon + 1; - now->day = tm.tm_mday; - now->hour = tm.tm_hour; - now->min = tm.tm_min; - now->sec = tm.tm_sec; - return 0; -} - -static int x509_get_current_time(mbedtls_x509_time *now) -{ - return mbedtls_x509_time_gmtime(mbedtls_time(NULL), now); -} - -int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) -{ - mbedtls_x509_time now; - - if (x509_get_current_time(&now) != 0) { - return 1; - } - - return mbedtls_x509_time_cmp(to, &now) < 0; -} - -int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) -{ - mbedtls_x509_time now; - - if (x509_get_current_time(&now) != 0) { - return 1; - } - - return mbedtls_x509_time_cmp(from, &now) > 0; -} - -#else /* MBEDTLS_HAVE_TIME_DATE */ - -int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) -{ - ((void) to); - return 0; -} - -int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) -{ - ((void) from); - return 0; -} -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -/* Common functions for parsing CRT and CSR. */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) -/* - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * HardwareModuleName ::= SEQUENCE { - * hwType OBJECT IDENTIFIER, - * hwSerialNum OCTET STRING } - * - * NOTE: we currently only parse and use otherName of type HwModuleName, - * as defined in RFC 4108. - */ -static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, - mbedtls_x509_san_other_name *other_name) -{ - int ret = 0; - size_t len; - unsigned char *p = subject_alt_name->p; - const unsigned char *end = p + subject_alt_name->len; - mbedtls_x509_buf cur_oid; - - if ((subject_alt_name->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != - (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { - /* - * The given subject alternative name is not of type "othername". - */ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - cur_oid.tag = MBEDTLS_ASN1_OID; - cur_oid.p = p; - cur_oid.len = len; - - /* - * Only HwModuleName is currently supported. - */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - other_name->type_id = cur_oid; - - p += len; - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (end != p + len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (end != p + len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; - other_name->value.hardware_module_name.oid.p = p; - other_name->value.hardware_module_name.oid.len = len; - - p += len; - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; - other_name->value.hardware_module_name.val.p = p; - other_name->value.hardware_module_name.val.len = len; - p += len; - if (p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - return 0; -} - -/* Check mbedtls_x509_get_subject_alt_name for detailed description. - * - * In some cases while parsing subject alternative names the sequence tag is optional - * (e.g. CertSerialNumber). This function is designed to handle such case. - */ -int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tag_len; - mbedtls_asn1_sequence *cur = subject_alt_name; - - while (*p < end) { - mbedtls_x509_subject_alternative_name tmp_san_name; - mbedtls_x509_buf tmp_san_buf; - memset(&tmp_san_name, 0, sizeof(tmp_san_name)); - - tmp_san_buf.tag = **p; - (*p)++; - - if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - tmp_san_buf.p = *p; - tmp_san_buf.len = tag_len; - - if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != - MBEDTLS_ASN1_CONTEXT_SPECIFIC) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - /* - * Check that the SAN is structured correctly by parsing it. - * The SAN structure is discarded afterwards. - */ - ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name); - /* - * In case the extension is malformed, return an error, - * and clear the allocated sequences. - */ - if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - mbedtls_asn1_sequence_free(subject_alt_name->next); - subject_alt_name->next = NULL; - return ret; - } - - mbedtls_x509_free_subject_alt_name(&tmp_san_name); - /* Allocate and assign next pointer */ - if (cur->buf.p != NULL) { - if (cur->next != NULL) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - - if (cur->next == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED); - } - - cur = cur->next; - } - - cur->buf = tmp_san_buf; - *p += tmp_san_buf.len; - } - - /* Set final sequence entry's next pointer to NULL */ - cur->next = NULL; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * SubjectAltName ::= GeneralNames - * - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * We list all types, but use the following GeneralName types from RFC 5280: - * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" - * of type "otherName", as defined in RFC 4108. - */ -int mbedtls_x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Get main sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return mbedtls_x509_get_subject_alt_name_ext(p, end, subject_alt_name); -} - -int mbedtls_x509_get_ns_cert_type(unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_bitstring bs = { 0, 0, NULL }; - - if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* A bitstring with no flags set is still technically valid, as it will mean - that the certificate has no designated purpose at the time of creation. */ - if (bs.len == 0) { - *ns_cert_type = 0; - return 0; - } - - if (bs.len != 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH); - } - - /* Get actual bitstring */ - *ns_cert_type = *bs.p; - return 0; -} - -int mbedtls_x509_get_key_usage(unsigned char **p, - const unsigned char *end, - unsigned int *key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_x509_bitstring bs = { 0, 0, NULL }; - - if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* A bitstring with no flags set is still technically valid, as it will mean - that the certificate has no designated purpose at the time of creation. */ - if (bs.len == 0) { - *key_usage = 0; - return 0; - } - - /* Get actual bitstring */ - *key_usage = 0; - for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) { - *key_usage |= (unsigned int) bs.p[i] << (8*i); - } - - return 0; -} - -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch (san_buf->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK)) { - /* - * otherName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): - { - mbedtls_x509_san_other_name other_name; - - ret = x509_get_other_name(san_buf, &other_name); - if (ret != 0) { - return ret; - } - - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy(&san->san.other_name, - &other_name, sizeof(other_name)); - - } - break; - /* - * uniformResourceIdentifier - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - - } - break; - /* - * dNSName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_DNS_NAME; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - } - break; - /* - * IP address - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_IP_ADDRESS; - // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported - if (san_buf->len == 4 || san_buf->len == 16) { - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - } else { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - } - break; - /* - * rfc822Name - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_RFC822_NAME; - memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); - } - break; - /* - * directoryName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DIRECTORY_NAME): - { - size_t name_len; - unsigned char *p = san_buf->p; - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - - ret = mbedtls_asn1_get_tag(&p, p + san_buf->len, &name_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - - if (ret != 0) { - return ret; - } - - if ((ret = mbedtls_x509_get_name(&p, p + name_len, - &san->san.directory_name)) != 0) { - return ret; - } - } - break; - /* - * Type not supported - */ - default: - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - return 0; -} - -void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san) -{ - if (san->type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_asn1_free_named_data_list_shallow(san->san.directory_name.next); - } -} - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = subject_alt_name; - mbedtls_x509_subject_alternative_name san; - int parse_ret; - - while (cur != NULL) { - memset(&san, 0, sizeof(san)); - parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); - if (parse_ret != 0) { - if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } else { - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - cur = cur->next; - continue; - } - - switch (san.type) { - /* - * otherName - */ - case MBEDTLS_X509_SAN_OTHER_NAME: - { - mbedtls_x509_san_other_name *other_name = &san.san.other_name; - - ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->type_id) == 0) { - ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = - mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_oid_get_numeric_string(p, - n, - &other_name->value.hardware_module_name.oid); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = - mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) { - ret = mbedtls_snprintf(p, - n, - "%02X", - other_name->value.hardware_module_name.val.p[i]); - MBEDTLS_X509_SAFE_SNPRINTF; - } - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - } - break; - /* - * uniformResourceIdentifier - */ - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - { - ret = mbedtls_snprintf(p, n, "\n%s uniformResourceIdentifier : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } - break; - /* - * dNSName - * RFC822 Name - */ - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_RFC822_NAME: - { - const char *dns_name = "dNSName"; - const char *rfc822_name = "rfc822Name"; - - ret = mbedtls_snprintf(p, n, - "\n%s %s : ", - prefix, - san.type == - MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } - break; - /* - * iPAddress - */ - case MBEDTLS_X509_SAN_IP_ADDRESS: - { - ret = mbedtls_snprintf(p, n, "\n%s %s : ", - prefix, "iPAddress"); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - unsigned char *ip = san.san.unstructured_name.p; - // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported - if (san.san.unstructured_name.len == 4) { - ret = mbedtls_snprintf(p, n, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); - MBEDTLS_X509_SAFE_SNPRINTF; - } else if (san.san.unstructured_name.len == 16) { - ret = mbedtls_snprintf(p, n, - "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", - ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], - ip[7], ip[8], ip[9], ip[10], ip[11], ip[12], ip[13], - ip[14], ip[15]); - MBEDTLS_X509_SAFE_SNPRINTF; - } else { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - } - break; - /* - * directoryName - */ - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - { - ret = mbedtls_snprintf(p, n, "\n%s directoryName : ", prefix); - if (ret < 0 || (size_t) ret >= n) { - mbedtls_x509_free_subject_alt_name(&san); - } - - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name); - - if (ret < 0) { - mbedtls_x509_free_subject_alt_name(&san); - if (n > 0) { - *p = '\0'; - } - return ret; - } - - p += ret; - n -= ret; - } - break; - /* - * Type not supported, skip item. - */ - default: - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - break; - } - - /* So far memory is freed only in the case of directoryName - * parsing succeeding, as mbedtls_x509_get_name allocates memory. */ - mbedtls_x509_free_subject_alt_name(&san); - cur = cur->next; - } - - *p = '\0'; - - *size = n; - *buf = p; - - return 0; -} - -#define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) - -#define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -int mbedtls_x509_info_cert_type(char **buf, size_t *size, - unsigned char ns_cert_type) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n = *size; - char *p = *buf; - const char *sep = ""; - - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); - - *size = n; - *buf = p; - - return 0; -} - -#define KEY_USAGE(code, name) \ - do { \ - if ((key_usage) & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -int mbedtls_x509_info_key_usage(char **buf, size_t *size, - unsigned int key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n = *size; - char *p = *buf; - const char *sep = ""; - - KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); - KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); - KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); - KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); - KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); - KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); - - *size = n; - *buf = p; - - return 0; -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ -#endif /* MBEDTLS_X509_USE_C */ diff --git a/library/x509_create.c b/library/x509_create.c deleted file mode 100644 index 48ac080cb..000000000 --- a/library/x509_create.c +++ /dev/null @@ -1,738 +0,0 @@ -/* - * X.509 base functions for creating certificates / CSRs - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CREATE_C) - -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" - -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/asn1.h" - -/* Structure linking OIDs for X.509 DN AttributeTypes to their - * string representations and default string encodings used by Mbed TLS. */ -typedef struct { - const char *name; /* String representation of AttributeType, e.g. - * "CN" or "emailAddress". */ - size_t name_len; /* Length of 'name', without trailing 0 byte. */ - const char *oid; /* String representation of OID of AttributeType, - * as per RFC 5280, Appendix A.1. encoded as per - * X.690 */ - int default_tag; /* The default character encoding used for the - * given attribute type, e.g. - * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ -} x509_attr_descriptor_t; - -#define ADD_STRLEN(s) s, sizeof(s) - 1 - -/* X.509 DN attributes from RFC 5280, Appendix A.1. */ -static const x509_attr_descriptor_t x509_attrs[] = -{ - { ADD_STRLEN("CN"), - MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("commonName"), - MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("C"), - MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("countryName"), - MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("O"), - MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("organizationName"), - MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("L"), - MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("locality"), - MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("R"), - MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN("OU"), - MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("organizationalUnitName"), - MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("ST"), - MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("stateOrProvinceName"), - MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("emailAddress"), - MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN("serialNumber"), - MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("postalAddress"), - MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("postalCode"), - MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("dnQualifier"), - MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("title"), - MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("surName"), - MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("SN"), - MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("givenName"), - MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("GN"), - MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("initials"), - MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("pseudonym"), - MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("generationQualifier"), - MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("domainComponent"), - MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN("DC"), - MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { NULL, 0, NULL, MBEDTLS_ASN1_NULL } -}; - -static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, size_t name_len) -{ - const x509_attr_descriptor_t *cur; - - for (cur = x509_attrs; cur->name != NULL; cur++) { - if (cur->name_len == name_len && - strncmp(cur->name, name, name_len) == 0) { - break; - } - } - - if (cur->name == NULL) { - return NULL; - } - - return cur; -} - -static int hex_to_int(char c) -{ - return ('0' <= c && c <= '9') ? (c - '0') : - ('a' <= c && c <= 'f') ? (c - 'a' + 10) : - ('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1; -} - -static int hexpair_to_int(const char *hexpair) -{ - int n1 = hex_to_int(*hexpair); - int n2 = hex_to_int(*(hexpair + 1)); - - if (n1 != -1 && n2 != -1) { - return (n1 << 4) | n2; - } else { - return -1; - } -} - -static int parse_attribute_value_string(const char *s, - int len, - unsigned char *data, - size_t *data_len) -{ - const char *c; - const char *end = s + len; - unsigned char *d = data; - int n; - - for (c = s; c < end; c++) { - if (*c == '\\') { - c++; - - /* Check for valid escaped characters as per RFC 4514 Section 3 */ - if (c + 1 < end && (n = hexpair_to_int(c)) != -1) { - if (n == 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - *(d++) = n; - c++; - } else if (c < end && strchr(" ,=+<>#;\"\\", *c)) { - *(d++) = *c; - } else { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - } else { - *(d++) = *c; - } - - if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - } - *data_len = (size_t) (d - data); - return 0; -} - -/** Parse a hexstring containing a DER-encoded string. - * - * \param s A string of \p len bytes hexadecimal digits. - * \param len Number of bytes to read from \p s. - * \param data Output buffer of size \p data_size. - * On success, it contains the payload that's DER-encoded - * in the input (content without the tag and length). - * If the DER tag is a string tag, the payload is guaranteed - * not to contain null bytes. - * \param data_size Length of the \p data buffer. - * \param data_len On success, the length of the parsed string. - * It is guaranteed to be less than - * #MBEDTLS_X509_MAX_DN_NAME_SIZE. - * \param tag The ASN.1 tag that the payload in \p data is encoded in. - * - * \retval 0 on success. - * \retval #MBEDTLS_ERR_X509_INVALID_NAME if \p s does not contain - * a valid hexstring, - * or if the decoded hexstring is not valid DER, - * or if the payload does not fit in \p data, - * or if the payload is more than - * #MBEDTLS_X509_MAX_DN_NAME_SIZE bytes, - * of if \p *tag is an ASN.1 string tag and the payload - * contains a null byte. - * \retval #MBEDTLS_ERR_X509_ALLOC_FAILED on low memory. - */ -static int parse_attribute_value_hex_der_encoded(const char *s, - size_t len, - unsigned char *data, - size_t data_size, - size_t *data_len, - int *tag) -{ - /* Step 1: preliminary length checks. */ - /* Each byte is encoded by exactly two hexadecimal digits. */ - if (len % 2 != 0) { - /* Odd number of hex digits */ - return MBEDTLS_ERR_X509_INVALID_NAME; - } - size_t const der_length = len / 2; - if (der_length > MBEDTLS_X509_MAX_DN_NAME_SIZE + 4) { - /* The payload would be more than MBEDTLS_X509_MAX_DN_NAME_SIZE - * (after subtracting the ASN.1 tag and length). Reject this early - * to avoid allocating a large intermediate buffer. */ - return MBEDTLS_ERR_X509_INVALID_NAME; - } - if (der_length < 1) { - /* Avoid empty-buffer shenanigans. A valid DER encoding is never - * empty. */ - return MBEDTLS_ERR_X509_INVALID_NAME; - } - - /* Step 2: Decode the hex string into an intermediate buffer. */ - unsigned char *der = mbedtls_calloc(1, der_length); - if (der == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - /* Beyond this point, der needs to be freed on exit. */ - for (size_t i = 0; i < der_length; i++) { - int c = hexpair_to_int(s + 2 * i); - if (c < 0) { - goto error; - } - der[i] = c; - } - - /* Step 3: decode the DER. */ - /* We've checked that der_length >= 1 above. */ - *tag = der[0]; - { - unsigned char *p = der + 1; - if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { - goto error; - } - /* Now p points to the first byte of the payload inside der, - * and *data_len is the length of the payload. */ - - /* Step 4: payload validation */ - if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { - goto error; - } - /* Strings must not contain null bytes. */ - if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { - for (size_t i = 0; i < *data_len; i++) { - if (p[i] == 0) { - goto error; - } - } - } - - /* Step 5: output the payload. */ - if (*data_len > data_size) { - goto error; - } - memcpy(data, p, *data_len); - } - mbedtls_free(der); - - return 0; - -error: - mbedtls_free(der); - return MBEDTLS_ERR_X509_INVALID_NAME; -} - -static int oid_parse_number(unsigned int *num, const char **p, const char *bound) -{ - int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - - *num = 0; - - while (*p < bound && **p >= '0' && **p <= '9') { - ret = 0; - if (*num > (UINT_MAX / 10)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - *num *= 10; - *num += **p - '0'; - (*p)++; - } - return ret; -} - -static size_t oid_subidentifier_num_bytes(unsigned int value) -{ - size_t num_bytes = 0; - - do { - value >>= 7; - num_bytes++; - } while (value != 0); - - return num_bytes; -} - -static int oid_subidentifier_encode_into(unsigned char **p, - unsigned char *bound, - unsigned int value) -{ - size_t num_bytes = oid_subidentifier_num_bytes(value); - - if ((size_t) (bound - *p) < num_bytes) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; - } - (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); - value >>= 7; - - for (size_t i = 2; i <= num_bytes; i++) { - (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f); - value >>= 7; - } - *p += num_bytes; - - return 0; -} - -/* Return the OID for the given x.y.z.... style numeric string */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, - const char *oid_str, size_t size) -{ - int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = oid_str; - const char *str_bound = oid_str + size; - unsigned int val = 0; - unsigned int component1, component2; - size_t encoded_len; - unsigned char *resized_mem; - - /* Count the number of dots to get a worst-case allocation size. */ - size_t num_dots = 0; - for (size_t i = 0; i < size; i++) { - if (oid_str[i] == '.') { - num_dots++; - } - } - /* Allocate maximum possible required memory: - * There are (num_dots + 1) integer components, but the first 2 share the - * same subidentifier, so we only need num_dots subidentifiers maximum. */ - if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - /* Each byte can store 7 bits, calculate number of bytes for a - * subidentifier: - * - * bytes = ceil(subidentifer_size * 8 / 7) - */ - size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) - + 1; - size_t max_possible_bytes = num_dots * bytes_per_subidentifier; - oid->p = mbedtls_calloc(max_possible_bytes, 1); - if (oid->p == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - unsigned char *out_ptr = oid->p; - unsigned char *out_bound = oid->p + max_possible_bytes; - - ret = oid_parse_number(&component1, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if (component1 > 2) { - /* First component can't be > 2 */ - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - if (str_ptr >= str_bound || *str_ptr != '.') { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - str_ptr++; - - ret = oid_parse_number(&component2, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if ((component1 < 2) && (component2 > 39)) { - /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - if (str_ptr < str_bound) { - if (*str_ptr == '.') { - str_ptr++; - } else { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - } - - if (component2 > (UINT_MAX - (component1 * 40))) { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, - (component1 * 40) + component2); - if (ret != 0) { - goto error; - } - - while (str_ptr < str_bound) { - ret = oid_parse_number(&val, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if (str_ptr < str_bound) { - if (*str_ptr == '.') { - str_ptr++; - } else { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - } - - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); - if (ret != 0) { - goto error; - } - } - - encoded_len = (size_t) (out_ptr - oid->p); - resized_mem = mbedtls_calloc(encoded_len, 1); - if (resized_mem == NULL) { - ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; - goto error; - } - memcpy(resized_mem, oid->p, encoded_len); - mbedtls_free(oid->p); - oid->p = resized_mem; - oid->len = encoded_len; - - oid->tag = MBEDTLS_ASN1_OID; - - return 0; - -error: - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; -} - -int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) -{ - int ret = MBEDTLS_ERR_X509_INVALID_NAME; - int parse_ret = 0; - const char *s = name, *c = s; - const char *end = s + strlen(s); - mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = MBEDTLS_ASN1_NULL }; - const x509_attr_descriptor_t *attr_descr = NULL; - int in_attr_type = 1; - int tag; - int numericoid = 0; - unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - size_t data_len = 0; - - /* Clear existing chain if present */ - mbedtls_asn1_free_named_data_list(head); - - while (c <= end) { - if (in_attr_type && *c == '=') { - if ((attr_descr = x509_attr_descr_from_name(s, (size_t) (c - s))) == NULL) { - if ((mbedtls_oid_from_numeric_string(&oid, s, (size_t) (c - s))) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } else { - numericoid = 1; - } - } else { - oid.len = strlen(attr_descr->oid); - oid.p = mbedtls_calloc(1, oid.len); - memcpy(oid.p, attr_descr->oid, oid.len); - numericoid = 0; - } - - s = c + 1; - in_attr_type = 0; - } - - if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { - if (s == c) { - mbedtls_free(oid.p); - return MBEDTLS_ERR_X509_INVALID_NAME; - } else if (*s == '#') { - /* We know that c >= s (loop invariant) and c != s (in this - * else branch), hence c - s - 1 >= 0. */ - parse_ret = parse_attribute_value_hex_der_encoded( - s + 1, (size_t) (c - s) - 1, - data, sizeof(data), &data_len, &tag); - if (parse_ret != 0) { - mbedtls_free(oid.p); - return parse_ret; - } - } else { - if (numericoid) { - mbedtls_free(oid.p); - return MBEDTLS_ERR_X509_INVALID_NAME; - } else { - if ((parse_ret = - parse_attribute_value_string(s, (int) (c - s), data, - &data_len)) != 0) { - mbedtls_free(oid.p); - return parse_ret; - } - tag = attr_descr->default_tag; - } - } - - mbedtls_asn1_named_data *cur = - mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len, - (unsigned char *) data, - data_len); - mbedtls_free(oid.p); - oid.p = NULL; - if (cur == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - // set tagType - cur->val.tag = tag; - - while (c < end && *(c + 1) == ' ') { - c++; - } - - s = c + 1; - in_attr_type = 1; - - /* Successfully parsed one name, update ret to success */ - ret = 0; - } - c++; - } - if (oid.p != NULL) { - mbedtls_free(oid.p); - } - return ret; -} - -/* The first byte of the value in the mbedtls_asn1_named_data structure is reserved - * to store the critical boolean for us - */ -int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, size_t val_len) -{ - mbedtls_asn1_named_data *cur; - - if (val_len > (SIZE_MAX - 1)) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len, - NULL, val_len + 1)) == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - cur->val.p[0] = critical; - memcpy(cur->val.p + 1, val, val_len); - - return 0; -} - -/* - * RelativeDistinguishedName ::= - * SET OF AttributeTypeAndValue - * - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - */ -static int x509_write_name(unsigned char **p, - unsigned char *start, - mbedtls_asn1_named_data *cur_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - const char *oid = (const char *) cur_name->oid.p; - size_t oid_len = cur_name->oid.len; - const unsigned char *name = cur_name->val.p; - size_t name_len = cur_name->val.len; - - // Write correct string tag and value - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tagged_string(p, start, - cur_name->val.tag, - (const char *) name, - name_len)); - // Write OID - // - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, - oid_len)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SET)); - - return (int) len; -} - -int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_asn1_named_data *cur = first; - - while (cur != NULL) { - MBEDTLS_ASN1_CHK_ADD(len, x509_write_name(p, start, cur)); - cur = cur->next; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int write_null_par; - size_t len = 0; - - if (*p < start || (size_t) (*p - start) < size) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - len = size; - (*p) -= len; - memcpy(*p, sig, len); - - if (*p - start < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = 0; - len += 1; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); - - // Write OID - // - if (pk_alg == MBEDTLS_PK_ECDSA) { - /* - * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature - * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and - * https://www.rfc-editor.org/rfc/rfc5758#section-3. - */ - write_null_par = 0; - } else { - write_null_par = 1; - } - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, - 0, write_null_par)); - - return (int) len; -} - -static int x509_write_extension(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *ext) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->val.p + 1, - ext->val.len - 1)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->val.len - 1)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - - if (ext->val.p[0] != 0) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(p, start, 1)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->oid.p, - ext->oid.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->oid.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -/* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING - * -- contains the DER encoding of an ASN.1 value - * -- corresponding to the extension type identified - * -- by extnID - * } - */ -int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_asn1_named_data *cur_ext = first; - - while (cur_ext != NULL) { - MBEDTLS_ASN1_CHK_ADD(len, x509_write_extension(p, start, cur_ext)); - cur_ext = cur_ext->next; - } - - return (int) len; -} - -#endif /* MBEDTLS_X509_CREATE_C */ diff --git a/library/x509_crl.c b/library/x509_crl.c deleted file mode 100644 index e67fde721..000000000 --- a/library/x509_crl.c +++ /dev/null @@ -1,712 +0,0 @@ -/* - * X.509 Certificate Revocation List (CRL) parsing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - -#include "mbedtls/x509_crl.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_HAVE_TIME) -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#include -#else -#include -#endif -#endif - -#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) -#include -#endif - -/* - * Version ::= INTEGER { v1(0), v2(1) } - */ -static int x509_crl_get_version(unsigned char **p, - const unsigned char *end, - int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - *ver = 0; - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); - } - - return 0; -} - -/* - * X.509 CRL v2 extensions - * - * We currently don't parse any extension's content, but we do check that the - * list of extensions is well-formed and abort on critical extensions (that - * are unsupported as we don't support any extension so far) - */ -static int x509_get_crl_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (*p == end) { - return 0; - } - - /* - * crlExtensions [0] EXPLICIT Extensions OPTIONAL - * -- if present, version MUST be v2 - */ - if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) { - return ret; - } - - end = ext->p + ext->len; - - while (*p < end) { - /* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - */ - int is_critical = 0; - const unsigned char *end_ext_data; - size_t len; - - /* Get enclosing sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_data = *p + len; - - /* Get OID (currently ignored) */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - *p += len; - - /* Get optional critical */ - if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, - &is_critical)) != 0 && - (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Data should be octet string type */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Ignore data so far and just check its length */ - *p += len; - if (*p != end_ext_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Abort on (unsupported) critical extensions */ - if (is_critical) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * X.509 CRL v2 entry extensions (no extensions parsed yet.) - */ -static int x509_get_crl_entry_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - /* OPTIONAL */ - if (end <= *p) { - return 0; - } - - ext->tag = **p; - ext->p = *p; - - /* - * Get CRL-entry extension sequence header - * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - ext->p = NULL; - return 0; - } - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end = *p + ext->len; - - if (end != *p + ext->len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - while (*p < end) { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - *p += len; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * X.509 CRL Entries - */ -static int x509_get_entries(unsigned char **p, - const unsigned char *end, - mbedtls_x509_crl_entry *entry) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t entry_len; - mbedtls_x509_crl_entry *cur_entry = entry; - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } - - return ret; - } - - end = *p + entry_len; - - while (*p < end) { - size_t len2; - const unsigned char *end2; - - cur_entry->raw.tag = **p; - if ((ret = mbedtls_asn1_get_tag(p, end, &len2, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { - return ret; - } - - cur_entry->raw.p = *p; - cur_entry->raw.len = len2; - end2 = *p + len2; - - if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) { - return ret; - } - - if ((ret = mbedtls_x509_get_time(p, end2, - &cur_entry->revocation_date)) != 0) { - return ret; - } - - if ((ret = x509_get_crl_entry_ext(p, end2, - &cur_entry->entry_ext)) != 0) { - return ret; - } - - if (*p < end) { - cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry)); - - if (cur_entry->next == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - cur_entry = cur_entry->next; - } - } - - return 0; -} - -/* - * Parse one CRLs in DER format and append it to the chained list - */ -int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *p = NULL, *end = NULL; - mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - mbedtls_x509_crl *crl = chain; - - /* - * Check for valid input - */ - if (crl == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); - - /* - * Add new CRL on the end of the chain if needed. - */ - while (crl->version != 0 && crl->next != NULL) { - crl = crl->next; - } - - if (crl->version != 0 && crl->next == NULL) { - crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl)); - - if (crl->next == NULL) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - mbedtls_x509_crl_init(crl->next); - crl = crl->next; - } - - /* - * Copy raw DER-encoded CRL - */ - if (buflen == 0) { - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - p = mbedtls_calloc(1, buflen); - if (p == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - memcpy(p, buf, buflen); - - crl->raw.p = p; - crl->raw.len = buflen; - - end = p + buflen; - - /* - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - if (len != (size_t) (end - p)) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * TBSCertList ::= SEQUENCE { - */ - crl->tbs.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = p + len; - crl->tbs.len = (size_t) (end - crl->tbs.p); - - /* - * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } - * -- if present, MUST be v2 - * - * signature AlgorithmIdentifier - */ - if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 || - (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if (crl->version < 0 || crl->version > 1) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_UNKNOWN_VERSION; - } - - crl->version++; - - if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1, - &crl->sig_md, &crl->sig_pk, - &crl->sig_opts)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; - } - - /* - * issuer Name - */ - crl->issuer_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p); - - /* - * thisUpdate Time - * nextUpdate Time OPTIONAL - */ - if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) { - if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) && - ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA))) { - mbedtls_x509_crl_free(crl); - return ret; - } - } - - /* - * revokedCertificates SEQUENCE OF SEQUENCE { - * userCertificate CertificateSerialNumber, - * revocationDate Time, - * crlEntryExtensions Extensions OPTIONAL - * -- if present, MUST be v2 - * } OPTIONAL - */ - if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - /* - * crlExtensions EXPLICIT Extensions OPTIONAL - * -- if present, MUST be v2 - */ - if (crl->version == 2) { - ret = x509_get_crl_ext(&p, end, &crl->crl_ext); - - if (ret != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - } - - if (p != end) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - end = crl->raw.p + crl->raw.len; - - /* - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING - */ - if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if (crl->sig_oid.len != sig_oid2.len || - memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 || - sig_params1.len != sig_params2.len || - (sig_params1.len != 0 && - memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_SIG_MISMATCH; - } - - if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if (p != end) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse one or more CRLs and add them to the chained list - */ -int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) -{ -#if defined(MBEDTLS_PEM_PARSE_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t use_len = 0; - mbedtls_pem_context pem; - int is_pem = 0; - - if (chain == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - do { - mbedtls_pem_init(&pem); - - // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated - // string - if (buflen == 0 || buf[buflen - 1] != '\0') { - ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - } else { - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len); - } - - if (ret == 0) { - /* - * Was PEM encoded - */ - is_pem = 1; - - buflen -= use_len; - buf += use_len; - - if ((ret = mbedtls_x509_crl_parse_der(chain, - pem.buf, pem.buflen)) != 0) { - mbedtls_pem_free(&pem); - return ret; - } - } else if (is_pem) { - mbedtls_pem_free(&pem); - return ret; - } - - mbedtls_pem_free(&pem); - } - /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. - * And a valid CRL cannot be less than 1 byte anyway. */ - while (is_pem && buflen > 1); - - if (is_pem) { - return 0; - } else -#endif /* MBEDTLS_PEM_PARSE_C */ - return mbedtls_x509_crl_parse_der(chain, buf, buflen); -} - -#if defined(MBEDTLS_FS_IO) -/* - * Load one or more CRLs and add them to the chained list - */ -int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_x509_crl_parse(chain, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Return an informational string about the certificate. - */ -#define BEFORE_COLON 14 -#define BC "14" -/* - * Return an informational string about the CRL. - */ -int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - char *p; - const mbedtls_x509_crl_entry *entry; - - p = buf; - n = size; - - ret = mbedtls_snprintf(p, n, "%sCRL version : %d", - prefix, crl->version); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &crl->issuer); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sthis update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->this_update.year, crl->this_update.mon, - crl->this_update.day, crl->this_update.hour, - crl->this_update.min, crl->this_update.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%snext update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->next_update.year, crl->next_update.mon, - crl->next_update.day, crl->next_update.hour, - crl->next_update.min, crl->next_update.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - entry = &crl->entry; - - ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:", - prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - while (entry != NULL && entry->raw.len != 0) { - ret = mbedtls_snprintf(p, n, "\n%sserial number: ", - prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_serial_gets(p, n, &entry->serial); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, " revocation date: " \ - "%04d-%02d-%02d %02d:%02d:%02d", - entry->revocation_date.year, entry->revocation_date.mon, - entry->revocation_date.day, entry->revocation_date.hour, - entry->revocation_date.min, entry->revocation_date.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - entry = entry->next; - } - - ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, - crl->sig_opts); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Initialize a CRL chain - */ -void mbedtls_x509_crl_init(mbedtls_x509_crl *crl) -{ - memset(crl, 0, sizeof(mbedtls_x509_crl)); -} - -/* - * Unallocate all CRL data - */ -void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) -{ - mbedtls_x509_crl *crl_cur = crl; - mbedtls_x509_crl *crl_prv; - mbedtls_x509_crl_entry *entry_cur; - mbedtls_x509_crl_entry *entry_prv; - - while (crl_cur != NULL) { -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(crl_cur->sig_opts); -#endif - - mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next); - - entry_cur = crl_cur->entry.next; - while (entry_cur != NULL) { - entry_prv = entry_cur; - entry_cur = entry_cur->next; - mbedtls_zeroize_and_free(entry_prv, - sizeof(mbedtls_x509_crl_entry)); - } - - if (crl_cur->raw.p != NULL) { - mbedtls_zeroize_and_free(crl_cur->raw.p, crl_cur->raw.len); - } - - crl_prv = crl_cur; - crl_cur = crl_cur->next; - - mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl)); - if (crl_prv != crl) { - mbedtls_free(crl_prv); - } - } -} - -#endif /* MBEDTLS_X509_CRL_PARSE_C */ diff --git a/library/x509_crt.c b/library/x509_crt.c deleted file mode 100644 index d72e2fb8a..000000000 --- a/library/x509_crt.c +++ /dev/null @@ -1,3302 +0,0 @@ -/* - * X.509 certificate parsing and verification - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - * - * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#include "mbedtls/x509_crt.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#include "psa_util_internal.h" -#include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "pk_internal.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#include -#endif -#endif - -#if defined(MBEDTLS_FS_IO) -#include -#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) -#include -#include -#if defined(__MBED__) -#include -#else -#include -#endif /* __MBED__ */ -#include -#endif /* !_WIN32 || EFIX64 || EFI32 */ -#endif - -/* - * Item in a verification chain: cert and flags for it - */ -typedef struct { - mbedtls_x509_crt *crt; - uint32_t flags; -} x509_crt_verify_chain_item; - -/* - * Max size of verification chain: end-entity + intermediates + trusted root - */ -#define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) - -/* Default profile. Do not remove items unless there are serious security - * concerns. */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = -{ - /* Hashes from SHA-256 and above. Note that this selection - * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFF, /* Any PK alg */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - /* Curves at or above 128-bit security level. Note that this selection - * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | - 0, -#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 0, -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 2048, -}; - -/* Next-generation profile. Currently identical to the default, but may - * be tightened at any time. */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = -{ - /* Hashes from SHA-256 and above. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFF, /* Any PK alg */ -#if defined(MBEDTLS_ECP_C) - /* Curves at or above 128-bit security level. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), -#else - 0, -#endif - 2048, -}; - -/* - * NSA Suite B Profile - */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = -{ - /* Only SHA-256 and 384 */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), - /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - /* Only NIST P-256 and P-384 */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), -#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 0, -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 0, -}; - -/* - * Empty / all-forbidden profile - */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none = -{ - 0, - 0, - 0, - (uint32_t) -1, -}; - -/* - * Check md_alg against profile - * Return 0 if md_alg is acceptable for this profile, -1 otherwise - */ -static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, - mbedtls_md_type_t md_alg) -{ - if (md_alg == MBEDTLS_MD_NONE) { - return -1; - } - - if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { - return 0; - } - - return -1; -} - -/* - * Check pk_alg against profile - * Return 0 if pk_alg is acceptable for this profile, -1 otherwise - */ -static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg) -{ - if (pk_alg == MBEDTLS_PK_NONE) { - return -1; - } - - if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { - return 0; - } - - return -1; -} - -/* - * Check key against profile - * Return 0 if pk is acceptable for this profile, -1 otherwise - */ -static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, - const mbedtls_pk_context *pk) -{ - const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); - -#if defined(MBEDTLS_RSA_C) - if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { - if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { - return 0; - } - - return -1; - } -#endif /* MBEDTLS_RSA_C */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (pk_alg == MBEDTLS_PK_ECDSA || - pk_alg == MBEDTLS_PK_ECKEY || - pk_alg == MBEDTLS_PK_ECKEY_DH) { - const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); - - if (gid == MBEDTLS_ECP_DP_NONE) { - return -1; - } - - if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { - return 0; - } - - return -1; - } -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - - return -1; -} - -/* - * Like memcmp, but case-insensitive and always returns -1 if different - */ -static int x509_memcasecmp(const void *s1, const void *s2, size_t len) -{ - size_t i; - unsigned char diff; - const unsigned char *n1 = s1, *n2 = s2; - - for (i = 0; i < len; i++) { - diff = n1[i] ^ n2[i]; - - if (diff == 0) { - continue; - } - - if (diff == 32 && - ((n1[i] >= 'a' && n1[i] <= 'z') || - (n1[i] >= 'A' && n1[i] <= 'Z'))) { - continue; - } - - return -1; - } - - return 0; -} - -/* - * Return 0 if name matches wildcard, -1 otherwise - */ -static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) -{ - size_t i; - size_t cn_idx = 0, cn_len = strlen(cn); - - /* We can't have a match if there is no wildcard to match */ - if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { - return -1; - } - - for (i = 0; i < cn_len; ++i) { - if (cn[i] == '.') { - cn_idx = i; - break; - } - } - - if (cn_idx == 0) { - return -1; - } - - if (cn_len - cn_idx == name->len - 1 && - x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { - return 0; - } - - return -1; -} - -/* - * Compare two X.509 strings, case-insensitive, and allowing for some encoding - * variations (but not all). - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) -{ - if (a->tag == b->tag && - a->len == b->len && - memcmp(a->p, b->p, b->len) == 0) { - return 0; - } - - if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && - (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && - a->len == b->len && - x509_memcasecmp(a->p, b->p, b->len) == 0) { - return 0; - } - - return -1; -} - -/* - * Compare two X.509 Names (aka rdnSequence). - * - * See RFC 5280 section 7.1, though we don't implement the whole algorithm: - * we sometimes return unequal when the full algorithm would return equal, - * but never the other way. (In particular, we don't do Unicode normalisation - * or space folding.) - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) -{ - /* Avoid recursion, it might not be optimised by the compiler */ - while (a != NULL || b != NULL) { - if (a == NULL || b == NULL) { - return -1; - } - - /* type */ - if (a->oid.tag != b->oid.tag || - a->oid.len != b->oid.len || - memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { - return -1; - } - - /* value */ - if (x509_string_cmp(&a->val, &b->val) != 0) { - return -1; - } - - /* structure of the list of sets */ - if (a->next_merged != b->next_merged) { - return -1; - } - - a = a->next; - b = b->next; - } - - /* a == NULL == b */ - return 0; -} - -/* - * Reset (init or clear) a verify_chain - */ -static void x509_crt_verify_chain_reset( - mbedtls_x509_crt_verify_chain *ver_chain) -{ - size_t i; - - for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { - ver_chain->items[i].crt = NULL; - ver_chain->items[i].flags = (uint32_t) -1; - } - - ver_chain->len = 0; - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - ver_chain->trust_ca_cb_result = NULL; -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} - -/* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - */ -static int x509_get_version(unsigned char **p, - const unsigned char *end, - int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 0)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - *ver = 0; - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = *p + len; - - if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - */ -static int x509_get_dates(unsigned char **p, - const unsigned char *end, - mbedtls_x509_time *from, - mbedtls_x509_time *to) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); - } - - end = *p + len; - - if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { - return ret; - } - - if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { - return ret; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * X.509 v2/v3 unique identifier (not parsed) - */ -static int x509_get_uid(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *uid, int n) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (*p == end) { - return 0; - } - - uid->tag = **p; - - if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - n)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - uid->p = *p; - *p += uid->len; - - return 0; -} - -static int x509_get_basic_constraints(unsigned char **p, - const unsigned char *end, - int *ca_istrue, - int *max_pathlen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* - * BasicConstraints ::= SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL } - */ - *ca_istrue = 0; /* DEFAULT FALSE */ - *max_pathlen = 0; /* endless */ - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - ret = mbedtls_asn1_get_int(p, end, ca_istrue); - } - - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*ca_istrue != 0) { - *ca_istrue = 1; - } - } - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer - * overflow, which is an undefined behavior. */ - if (*max_pathlen == INT_MAX) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH); - } - - (*max_pathlen)++; - - return 0; -} - -/* - * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - * - * KeyPurposeId ::= OBJECT IDENTIFIER - */ -static int x509_get_ext_key_usage(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *ext_key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Sequence length must be >= 1 */ - if (ext_key_usage->buf.p == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH); - } - - return 0; -} - -/* - * SubjectKeyIdentifier ::= KeyIdentifier - * - * KeyIdentifier ::= OCTET STRING - */ -static int x509_get_subject_key_id(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *subject_key_id) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0u; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - subject_key_id->len = len; - subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; - subject_key_id->p = *p; - *p += len; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - * - * KeyIdentifier ::= OCTET STRING - */ -static int x509_get_authority_key_id(unsigned char **p, - unsigned char *end, - mbedtls_x509_authority *authority_key_id) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0u; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC); - - /* KeyIdentifier is an OPTIONAL field */ - if (ret == 0) { - authority_key_id->keyIdentifier.len = len; - authority_key_id->keyIdentifier.p = *p; - /* Setting tag of the keyIdentfier intentionally to 0x04. - * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), - * its tag with the content is the payload of on OCTET STRING primitive */ - authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; - - *p += len; - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p < end) { - /* Getting authorityCertIssuer using the required specific class tag [1] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 1)) != 0) { - /* authorityCertIssuer and authorityCertSerialNumber MUST both - be present or both be absent. At this point we expect to have both. */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - /* "end" also includes the CertSerialNumber field so "len" shall be used */ - ret = mbedtls_x509_get_subject_alt_name_ext(p, - (*p+len), - &authority_key_id->authorityCertIssuer); - if (ret != 0) { - return ret; - } - - /* Getting authorityCertSerialNumber using the required specific class tag [2] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - authority_key_id->authorityCertSerialNumber.len = len; - authority_key_id->authorityCertSerialNumber.p = *p; - authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; - *p += len; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } - * - * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * CertPolicyId ::= OBJECT IDENTIFIER - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * -- policyQualifierIds for Internet policy qualifiers - * - * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } - * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } - * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } - * - * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) - * - * Qualifier ::= CHOICE { - * cPSuri CPSuri, - * userNotice UserNotice } - * - * CPSuri ::= IA5String - * - * UserNotice ::= SEQUENCE { - * noticeRef NoticeReference OPTIONAL, - * explicitText DisplayText OPTIONAL } - * - * NoticeReference ::= SEQUENCE { - * organization DisplayText, - * noticeNumbers SEQUENCE OF INTEGER } - * - * DisplayText ::= CHOICE { - * ia5String IA5String (SIZE (1..200)), - * visibleString VisibleString (SIZE (1..200)), - * bmpString BMPString (SIZE (1..200)), - * utf8String UTF8String (SIZE (1..200)) } - * - * NOTE: we only parse and use anyPolicy without qualifiers at this point - * as defined in RFC 5280. - */ -static int x509_get_certificate_policies(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *certificate_policies) -{ - int ret, parse_ret = 0; - size_t len; - mbedtls_asn1_buf *buf; - mbedtls_asn1_sequence *cur = certificate_policies; - - /* Get main sequence tag */ - ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Cannot be an empty sequence. - */ - if (len == 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - while (*p < end) { - mbedtls_x509_buf policy_oid; - const unsigned char *policy_end; - - /* - * Get the policy sequence - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - policy_end = *p + len; - - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - policy_oid.tag = MBEDTLS_ASN1_OID; - policy_oid.len = len; - policy_oid.p = *p; - - /* - * Only AnyPolicy is currently supported when enforcing policy. - */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { - /* - * Set the parsing return code but continue parsing, in case this - * extension is critical. - */ - parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - /* Allocate and assign next pointer */ - if (cur->buf.p != NULL) { - if (cur->next != NULL) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - - if (cur->next == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED); - } - - cur = cur->next; - } - - buf = &(cur->buf); - buf->tag = policy_oid.tag; - buf->p = policy_oid.p; - buf->len = policy_oid.len; - - *p += len; - - /* - * If there is an optional qualifier, then *p < policy_end - * Check the Qualifier len to verify it doesn't exceed policy_end. - */ - if (*p < policy_end) { - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - /* - * Skip the optional policy qualifiers. - */ - *p += len; - } - - if (*p != policy_end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } - - /* Set final sequence entry's next pointer to NULL */ - cur->next = NULL; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return parse_ret; -} - -/* - * X.509 v3 extensions - * - */ -static int x509_get_crt_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_crt *crt, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { - return ret; - } - - end = crt->v3_ext.p + crt->v3_ext.len; - while (*p < end) { - /* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - */ - mbedtls_x509_buf extn_oid = { 0, 0, NULL }; - int is_critical = 0; /* DEFAULT FALSE */ - int ext_type = 0; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_data = *p + len; - - /* Get extension ID */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - extn_oid.tag = MBEDTLS_ASN1_OID; - extn_oid.p = *p; - *p += extn_oid.len; - - /* Get optional critical */ - if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && - (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Data should be octet string type */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - start_ext_octet = *p; - end_ext_octet = *p + len; - - if (end_ext_octet != end_ext_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Detect supported extensions - */ - ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); - - if (ret != 0) { - /* Give the callback (if any) a chance to handle the extension */ - if (cb != NULL) { - ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); - if (ret != 0 && is_critical) { - return ret; - } - *p = end_ext_octet; - continue; - } - - /* No parser found, skip extension */ - *p = end_ext_octet; - - if (is_critical) { - /* Data is marked as critical: fail */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - continue; - } - - /* Forbid repeated extensions */ - if ((crt->ext_types & ext_type) != 0) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - crt->ext_types |= ext_type; - - switch (ext_type) { - case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: - /* Parse basic constraints */ - if ((ret = x509_get_basic_constraints(p, end_ext_octet, - &crt->ca_istrue, &crt->max_pathlen)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, - &crt->key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: - /* Parse extended key usage */ - if ((ret = x509_get_ext_key_usage(p, end_ext_octet, - &crt->ext_key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: - /* Parse subject key identifier */ - if ((ret = x509_get_subject_key_id(p, end_ext_data, - &crt->subject_key_id)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: - /* Parse authority key identifier */ - if ((ret = x509_get_authority_key_id(p, end_ext_octet, - &crt->authority_key_id)) != 0) { - return ret; - } - break; - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name - * SubjectAltName ::= GeneralNames - */ - if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, - &crt->subject_alt_names)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, - &crt->ns_cert_type)) != 0) { - return ret; - } - break; - - case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: - /* Parse certificate policies type */ - if ((ret = x509_get_certificate_policies(p, end_ext_octet, - &crt->certificate_policies)) != 0) { - /* Give the callback (if any) a chance to handle the extension - * if it contains unsupported policies */ - if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && - cb(p_ctx, crt, &extn_oid, is_critical, - start_ext_octet, end_ext_octet) == 0) { - break; - } - - if (is_critical) { - return ret; - } else - /* - * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we - * cannot interpret or enforce the policy. However, it is up to - * the user to choose how to enforce the policies, - * unless the extension is critical. - */ - if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - return ret; - } - } - break; - - default: - /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ - if (is_critical) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } else { - *p = end_ext_octet; - } - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse and fill a single X.509 certificate in DER format - */ -static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *p, *end, *crt_end; - mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - - memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); - - /* - * Check for valid input - */ - if (crt == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - /* Use the original buffer until we figure out actual length. */ - p = (unsigned char *) buf; - len = buflen; - end = p + len; - - /* - * Certificate ::= SEQUENCE { - * tbsCertificate TBSCertificate, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - end = crt_end = p + len; - crt->raw.len = (size_t) (crt_end - buf); - if (make_copy != 0) { - /* Create and populate a new buffer for the raw field. */ - crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); - if (crt->raw.p == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - memcpy(crt->raw.p, buf, crt->raw.len); - crt->own_buffer = 1; - - p += crt->raw.len - len; - end = crt_end = p + len; - } else { - crt->raw.p = (unsigned char *) buf; - crt->own_buffer = 0; - } - - /* - * TBSCertificate ::= SEQUENCE { - */ - crt->tbs.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = p + len; - crt->tbs.len = (size_t) (end - crt->tbs.p); - - /* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - * - * CertificateSerialNumber ::= INTEGER - * - * signature AlgorithmIdentifier - */ - if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || - (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || - (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, - &sig_params1)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - if (crt->version < 0 || crt->version > 2) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERR_X509_UNKNOWN_VERSION; - } - - crt->version++; - - if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, - &crt->sig_md, &crt->sig_pk, - &crt->sig_opts)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - /* - * issuer Name - */ - crt->issuer_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); - - /* - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - * - */ - if ((ret = x509_get_dates(&p, end, &crt->valid_from, - &crt->valid_to)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - /* - * subject Name - */ - crt->subject_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); - - /* - * SubjectPublicKeyInfo - */ - crt->pk_raw.p = p; - if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); - - /* - * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - * -- If present, version shall be v2 or v3 - * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - * -- If present, version shall be v2 or v3 - * extensions [3] EXPLICIT Extensions OPTIONAL - * -- If present, version shall be v3 - */ - if (crt->version == 2 || crt->version == 3) { - ret = x509_get_uid(&p, end, &crt->issuer_id, 1); - if (ret != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - } - - if (crt->version == 2 || crt->version == 3) { - ret = x509_get_uid(&p, end, &crt->subject_id, 2); - if (ret != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - } - - if (crt->version == 3) { - ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); - if (ret != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - } - - if (p != end) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - end = crt_end; - - /* - * } - * -- end of TBSCertificate - * - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING - */ - if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - if (crt->sig_oid.len != sig_oid2.len || - memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || - sig_params1.tag != sig_params2.tag || - sig_params1.len != sig_params2.len || - (sig_params1.len != 0 && - memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERR_X509_SIG_MISMATCH; - } - - if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - if (p != end) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse one X.509 certificate in DER format from a buffer and add them to a - * chained list - */ -static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *crt = chain, *prev = NULL; - - /* - * Check for valid input - */ - if (crt == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - while (crt->version != 0 && crt->next != NULL) { - prev = crt; - crt = crt->next; - } - - /* - * Add new certificate on the end of the chain if needed. - */ - if (crt->version != 0 && crt->next == NULL) { - crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - - if (crt->next == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - prev = crt; - mbedtls_x509_crt_init(crt->next); - crt = crt->next; - } - - ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); - if (ret != 0) { - if (prev) { - prev->next = NULL; - } - - if (crt != chain) { - mbedtls_free(crt); - } - - return ret; - } - - return 0; -} - -int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen) -{ - return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL); -} - -int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx); -} - -int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen) -{ - return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); -} - -/* - * Parse one or more PEM certificates from a buffer and add them to the chained - * list - */ -int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen) -{ -#if defined(MBEDTLS_PEM_PARSE_C) - int success = 0, first_error = 0, total_failed = 0; - int buf_format = MBEDTLS_X509_FORMAT_DER; -#endif - - /* - * Check for valid input - */ - if (chain == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - /* - * Determine buffer content. Buffer contains either one DER certificate or - * one or more PEM certificates. - */ -#if defined(MBEDTLS_PEM_PARSE_C) - if (buflen != 0 && buf[buflen - 1] == '\0' && - strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { - buf_format = MBEDTLS_X509_FORMAT_PEM; - } - - if (buf_format == MBEDTLS_X509_FORMAT_DER) { - return mbedtls_x509_crt_parse_der(chain, buf, buflen); - } -#else - return mbedtls_x509_crt_parse_der(chain, buf, buflen); -#endif - -#if defined(MBEDTLS_PEM_PARSE_C) - if (buf_format == MBEDTLS_X509_FORMAT_PEM) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pem_context pem; - - /* 1 rather than 0 since the terminating NULL byte is counted in */ - while (buflen > 1) { - size_t use_len; - mbedtls_pem_init(&pem); - - /* If we get there, we know the string is null-terminated */ - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN CERTIFICATE-----", - "-----END CERTIFICATE-----", - buf, NULL, 0, &use_len); - - if (ret == 0) { - /* - * Was PEM encoded - */ - buflen -= use_len; - buf += use_len; - } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { - return ret; - } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { - mbedtls_pem_free(&pem); - - /* - * PEM header and footer were found - */ - buflen -= use_len; - buf += use_len; - - if (first_error == 0) { - first_error = ret; - } - - total_failed++; - continue; - } else { - break; - } - - ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); - - mbedtls_pem_free(&pem); - - if (ret != 0) { - /* - * Quit parsing on a memory error - */ - if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { - return ret; - } - - if (first_error == 0) { - first_error = ret; - } - - total_failed++; - continue; - } - - success = 1; - } - } - - if (success) { - return total_failed; - } else if (first_error) { - return first_error; - } else { - return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; - } -#endif /* MBEDTLS_PEM_PARSE_C */ -} - -#if defined(MBEDTLS_FS_IO) -/* - * Load one or more certificates and add them to the chained list - */ -int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_x509_crt_parse(chain, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} - -int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) -{ - int ret = 0; -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - int w_ret; - WCHAR szDir[MAX_PATH]; - char filename[MAX_PATH]; - char *p; - size_t len = strlen(path); - - WIN32_FIND_DATAW file_data; - HANDLE hFind; - - if (len > MAX_PATH - 3) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - memset(szDir, 0, sizeof(szDir)); - memset(filename, 0, MAX_PATH); - memcpy(filename, path, len); - filename[len++] = '\\'; - p = filename + len; - filename[len++] = '*'; - - /* - * Note this function uses the code page CP_ACP which is the system default - * ANSI codepage. The input string is always described in BYTES and the - * output length is described in WCHARs. - */ - w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, - MAX_PATH - 3); - if (w_ret == 0) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - hFind = FindFirstFileW(szDir, &file_data); - if (hFind == INVALID_HANDLE_VALUE) { - return MBEDTLS_ERR_X509_FILE_IO_ERROR; - } - - len = MAX_PATH - len; - do { - memset(p, 0, len); - - if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { - continue; - } - w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, - -1, p, (int) len, NULL, NULL); - if (w_ret == 0) { - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - goto cleanup; - } - - w_ret = mbedtls_x509_crt_parse_file(chain, filename); - if (w_ret < 0) { - ret++; - } else { - ret += w_ret; - } - } while (FindNextFileW(hFind, &file_data) != 0); - - if (GetLastError() != ERROR_NO_MORE_FILES) { - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - } - -cleanup: - FindClose(hFind); -#else /* _WIN32 */ - int t_ret; - int snp_ret; - struct stat sb; - struct dirent *entry; - char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; - DIR *dir = opendir(path); - - if (dir == NULL) { - return MBEDTLS_ERR_X509_FILE_IO_ERROR; - } - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { - closedir(dir); - return ret; - } -#endif /* MBEDTLS_THREADING_C */ - - memset(&sb, 0, sizeof(sb)); - - while ((entry = readdir(dir)) != NULL) { - snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name), - "%s/%s", path, entry->d_name); - - if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) { - ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - goto cleanup; - } else if (stat(entry_name, &sb) == -1) { - if (errno == ENOENT) { - /* Broken symbolic link - ignore this entry. - stat(2) will return this error for either (a) a dangling - symlink or (b) a missing file. - Given that we have just obtained the filename from readdir, - assume that it does exist and therefore treat this as a - dangling symlink. */ - continue; - } else { - /* Some other file error; report the error. */ - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - goto cleanup; - } - } - - if (!S_ISREG(sb.st_mode)) { - continue; - } - - // Ignore parse errors - // - t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); - if (t_ret < 0) { - ret++; - } else { - ret += t_ret; - } - } - -cleanup: - closedir(dir); - -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif /* MBEDTLS_THREADING_C */ - -#endif /* _WIN32 */ - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) - -#define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -#define KEY_USAGE(code, name) \ - do { \ - if (key_usage & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -static int x509_info_ext_key_usage(char **buf, size_t *size, - const mbedtls_x509_sequence *extended_key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *desc; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = extended_key_usage; - const char *sep = ""; - - while (cur != NULL) { - if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { - desc = "???"; - } - - ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); - MBEDTLS_X509_SAFE_SNPRINTF; - - sep = ", "; - - cur = cur->next; - } - - *size = n; - *buf = p; - - return 0; -} - -static int x509_info_cert_policies(char **buf, size_t *size, - const mbedtls_x509_sequence *certificate_policies) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *desc; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = certificate_policies; - const char *sep = ""; - - while (cur != NULL) { - if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { - desc = "???"; - } - - ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); - MBEDTLS_X509_SAFE_SNPRINTF; - - sep = ", "; - - cur = cur->next; - } - - *size = n; - *buf = p; - - return 0; -} - -/* - * Return an informational string about the certificate. - */ -#define BEFORE_COLON 18 -#define BC "18" -int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - char *p; - char key_size_str[BEFORE_COLON]; - - p = buf; - n = size; - - if (NULL == crt) { - ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - return (int) (size - n); - } - - ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", - prefix, crt->version); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf(p, n, "%sserial number : ", - prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_serial_gets(p, n, &crt->serial); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &crt->subject); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_from.year, crt->valid_from.mon, - crt->valid_from.day, crt->valid_from.hour, - crt->valid_from.min, crt->valid_from.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_to.year, crt->valid_to.mon, - crt->valid_to.day, crt->valid_to.hour, - crt->valid_to.min, crt->valid_to.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, - crt->sig_md, crt->sig_opts); - MBEDTLS_X509_SAFE_SNPRINTF; - - /* Key size */ - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, - mbedtls_pk_get_name(&crt->pk))) != 0) { - return ret; - } - - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&crt->pk)); - MBEDTLS_X509_SAFE_SNPRINTF; - - /* - * Optional extensions - */ - - if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { - ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, - crt->ca_istrue ? "true" : "false"); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (crt->max_pathlen > 0) { - ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); - MBEDTLS_X509_SAFE_SNPRINTF; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, - &crt->subject_alt_names, - prefix)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { - ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { - ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { - ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = x509_info_ext_key_usage(&p, &n, - &crt->ext_key_usage)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { - ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = x509_info_cert_policies(&p, &n, - &crt->certificate_policies)) != 0) { - return ret; - } - } - - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - return (int) (size - n); -} - -struct x509_crt_verify_string { - int code; - const char *string; -}; - -#define X509_CRT_ERROR_INFO(err, err_str, info) { err, info }, -static const struct x509_crt_verify_string x509_crt_verify_strings[] = { - MBEDTLS_X509_CRT_ERROR_INFO_LIST - { 0, NULL } -}; -#undef X509_CRT_ERROR_INFO - -int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const struct x509_crt_verify_string *cur; - char *p = buf; - size_t n = size; - - for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { - if ((flags & cur->code) == 0) { - continue; - } - - ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); - MBEDTLS_X509_SAFE_SNPRINTF; - flags ^= cur->code; - } - - if (flags != 0) { - ret = mbedtls_snprintf(p, n, "%sUnknown reason " - "(this should not happen)\n", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, - unsigned int usage) -{ - unsigned int usage_must, usage_may; - unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY - | MBEDTLS_X509_KU_DECIPHER_ONLY; - - if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { - return 0; - } - - usage_must = usage & ~may_mask; - - if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - usage_may = usage & may_mask; - - if (((crt->key_usage & may_mask) | usage_may) != usage_may) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - return 0; -} - -int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len) -{ - const mbedtls_x509_sequence *cur; - - /* Extension is not mandatory, absent means no restriction */ - if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { - return 0; - } - - /* - * Look for the requested usage (or wildcard ANY) in our list - */ - for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { - const mbedtls_x509_buf *cur_oid = &cur->buf; - - if (cur_oid->len == usage_len && - memcmp(cur_oid->p, usage_oid, usage_len) == 0) { - return 0; - } - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) { - return 0; - } - } - - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; -} - -#if defined(MBEDTLS_X509_CRL_PARSE_C) -/* - * Return 1 if the certificate is revoked, or 0 otherwise. - */ -int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) -{ - const mbedtls_x509_crl_entry *cur = &crl->entry; - - while (cur != NULL && cur->serial.len != 0) { - if (crt->serial.len == cur->serial.len && - memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { - return 1; - } - - cur = cur->next; - } - - return 0; -} - -/* - * Check that the given certificate is not revoked according to the CRL. - * Skip validation if no CRL for the given CA is present. - */ -static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, - mbedtls_x509_crl *crl_list, - const mbedtls_x509_crt_profile *profile, - const mbedtls_x509_time *now) -{ - int flags = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_algorithm; -#else - const mbedtls_md_info_t *md_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - size_t hash_length; - - if (ca == NULL) { - return flags; - } - - while (crl_list != NULL) { - if (crl_list->version == 0 || - x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { - crl_list = crl_list->next; - continue; - } - - /* - * Check if the CA is configured to sign CRLs - */ - if (mbedtls_x509_crt_check_key_usage(ca, - MBEDTLS_X509_KU_CRL_SIGN) != 0) { - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } - - /* - * Check if CRL is correctly signed by the trusted CA - */ - if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { - flags |= MBEDTLS_X509_BADCRL_BAD_MD; - } - - if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { - flags |= MBEDTLS_X509_BADCRL_BAD_PK; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); - if (psa_hash_compute(psa_algorithm, - crl_list->tbs.p, - crl_list->tbs.len, - hash, - sizeof(hash), - &hash_length) != PSA_SUCCESS) { - /* Note: this can't happen except after an internal error */ - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } -#else - md_info = mbedtls_md_info_from_type(crl_list->sig_md); - hash_length = mbedtls_md_get_size(md_info); - if (mbedtls_md(md_info, - crl_list->tbs.p, - crl_list->tbs.len, - hash) != 0) { - /* Note: this can't happen except after an internal error */ - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (x509_profile_check_key(profile, &ca->pk) != 0) { - flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - - if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, - crl_list->sig_md, hash, hash_length, - crl_list->sig.p, crl_list->sig.len) != 0) { - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } - -#if defined(MBEDTLS_HAVE_TIME_DATE) - /* - * Check for validity of CRL (Do not drop out) - */ - if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { - flags |= MBEDTLS_X509_BADCRL_EXPIRED; - } - - if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { - flags |= MBEDTLS_X509_BADCRL_FUTURE; - } -#else - ((void) now); -#endif - - /* - * Check if certificate is revoked - */ - if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { - flags |= MBEDTLS_X509_BADCERT_REVOKED; - break; - } - - crl_list = crl_list->next; - } - - return flags; -} -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -/* - * Check the signature of a certificate by its parent - */ -static int x509_crt_check_signature(const mbedtls_x509_crt *child, - mbedtls_x509_crt *parent, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - size_t hash_len; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type(child->sig_md); - hash_len = mbedtls_md_get_size(md_info); - - /* Note: hash errors can happen only after an internal error */ - if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { - return -1; - } -#else - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - status = psa_hash_compute(hash_alg, - child->tbs.p, - child->tbs.len, - hash, - sizeof(hash), - &hash_len); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { - return -1; - } - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { - return mbedtls_pk_verify_restartable(&parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len, &rs_ctx->pk); - } -#else - (void) rs_ctx; -#endif - - return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len); -} - -/* - * Check if 'parent' is a suitable parent (signing CA) for 'child'. - * Return 0 if yes, -1 if not. - * - * top means parent is a locally-trusted certificate - */ -static int x509_crt_check_parent(const mbedtls_x509_crt *child, - const mbedtls_x509_crt *parent, - int top) -{ - int need_ca_bit; - - /* Parent must be the issuer */ - if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { - return -1; - } - - /* Parent must have the basicConstraints CA bit set as a general rule */ - need_ca_bit = 1; - - /* Exception: v1/v2 certificates that are locally trusted. */ - if (top && parent->version < 3) { - need_ca_bit = 0; - } - - if (need_ca_bit && !parent->ca_istrue) { - return -1; - } - - if (need_ca_bit && - mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { - return -1; - } - - return 0; -} - -/* - * Find a suitable parent for child in candidates, or return NULL. - * - * Here suitable is defined as: - * 1. subject name matches child's issuer - * 2. if necessary, the CA bit is set and key usage allows signing certs - * 3. for trusted roots, the signature is correct - * (for intermediates, the signature is checked and the result reported) - * 4. pathlen constraints are satisfied - * - * If there's a suitable candidate which is also time-valid, return the first - * such. Otherwise, return the first suitable candidate (or NULL if there is - * none). - * - * The rationale for this rule is that someone could have a list of trusted - * roots with two versions on the same root with different validity periods. - * (At least one user reported having such a list and wanted it to just work.) - * The reason we don't just require time-validity is that generally there is - * only one version, and if it's expired we want the flags to state that - * rather than NOT_TRUSTED, as would be the case if we required it here. - * - * The rationale for rule 3 (signature for trusted roots) is that users might - * have two versions of the same CA with different keys in their list, and the - * way we select the correct one is by checking the signature (as we don't - * rely on key identifier extensions). (This is one way users might choose to - * handle key rollover, another relies on self-issued certs, see [SIRO].) - * - * Arguments: - * - [in] child: certificate for which we're looking for a parent - * - [in] candidates: chained list of potential parents - * - [out] r_parent: parent found (or NULL) - * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 - * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top - * of the chain, 0 otherwise - * - [in] path_cnt: number of intermediates seen so far - * - [in] self_cnt: number of self-signed intermediates seen so far - * (will never be greater than path_cnt) - * - [in-out] rs_ctx: context for restarting operations - * - * Return value: - * - 0 on success - * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise - */ -static int x509_crt_find_parent_in( - mbedtls_x509_crt *child, - mbedtls_x509_crt *candidates, - mbedtls_x509_crt **r_parent, - int *r_signature_is_good, - int top, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx, - const mbedtls_x509_time *now) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *parent, *fallback_parent; - int signature_is_good = 0, fallback_signature_is_good; - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - /* did we have something in progress? */ - if (rs_ctx != NULL && rs_ctx->parent != NULL) { - /* restore saved state */ - parent = rs_ctx->parent; - fallback_parent = rs_ctx->fallback_parent; - fallback_signature_is_good = rs_ctx->fallback_signature_is_good; - - /* clear saved state */ - rs_ctx->parent = NULL; - rs_ctx->fallback_parent = NULL; - rs_ctx->fallback_signature_is_good = 0; - - /* resume where we left */ - goto check_signature; - } -#endif - - fallback_parent = NULL; - fallback_signature_is_good = 0; - - for (parent = candidates; parent != NULL; parent = parent->next) { - /* basic parenting skills (name, CA bit, key usage) */ - if (x509_crt_check_parent(child, parent, top) != 0) { - continue; - } - - /* +1 because stored max_pathlen is 1 higher that the actual value */ - if (parent->max_pathlen > 0 && - (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { - continue; - } - - /* Signature */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -check_signature: -#endif - ret = x509_crt_check_signature(child, parent, rs_ctx); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - /* save state */ - rs_ctx->parent = parent; - rs_ctx->fallback_parent = fallback_parent; - rs_ctx->fallback_signature_is_good = fallback_signature_is_good; - - return ret; - } -#else - (void) ret; -#endif - - signature_is_good = ret == 0; - if (top && !signature_is_good) { - continue; - } - -#if defined(MBEDTLS_HAVE_TIME_DATE) - /* optional time check */ - if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ - mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ - if (fallback_parent == NULL) { - fallback_parent = parent; - fallback_signature_is_good = signature_is_good; - } - - continue; - } -#else - ((void) now); -#endif - - *r_parent = parent; - *r_signature_is_good = signature_is_good; - - break; - } - - if (parent == NULL) { - *r_parent = fallback_parent; - *r_signature_is_good = fallback_signature_is_good; - } - - return 0; -} - -/* - * Find a parent in trusted CAs or the provided chain, or return NULL. - * - * Searches in trusted CAs first, and return the first suitable parent found - * (see find_parent_in() for definition of suitable). - * - * Arguments: - * - [in] child: certificate for which we're looking for a parent, followed - * by a chain of possible intermediates - * - [in] trust_ca: list of locally trusted certificates - * - [out] parent: parent found (or NULL) - * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 - * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 - * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) - * - [in] self_cnt: number of self-signed certs in the chain so far - * (will always be no greater than path_cnt) - * - [in-out] rs_ctx: context for restarting operations - * - * Return value: - * - 0 on success - * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise - */ -static int x509_crt_find_parent( - mbedtls_x509_crt *child, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crt **parent, - int *parent_is_trusted, - int *signature_is_good, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx, - const mbedtls_x509_time *now) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *search_list; - - *parent_is_trusted = 1; - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - /* restore then clear saved state if we have some stored */ - if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { - *parent_is_trusted = rs_ctx->parent_is_trusted; - rs_ctx->parent_is_trusted = -1; - } -#endif - - while (1) { - search_list = *parent_is_trusted ? trust_ca : child->next; - - ret = x509_crt_find_parent_in(child, search_list, - parent, signature_is_good, - *parent_is_trusted, - path_cnt, self_cnt, rs_ctx, now); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - /* save state */ - rs_ctx->parent_is_trusted = *parent_is_trusted; - return ret; - } -#else - (void) ret; -#endif - - /* stop here if found or already in second iteration */ - if (*parent != NULL || *parent_is_trusted == 0) { - break; - } - - /* prepare second iteration */ - *parent_is_trusted = 0; - } - - /* extra precaution against mistakes in the caller */ - if (*parent == NULL) { - *parent_is_trusted = 0; - *signature_is_good = 0; - } - - return 0; -} - -/* - * Check if an end-entity certificate is locally trusted - * - * Currently we require such certificates to be self-signed (actually only - * check for self-issued as self-signatures are not checked) - */ -static int x509_crt_check_ee_locally_trusted( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca) -{ - mbedtls_x509_crt *cur; - - /* must be self-issued */ - if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { - return -1; - } - - /* look for an exact match with trusted cert */ - for (cur = trust_ca; cur != NULL; cur = cur->next) { - if (crt->raw.len == cur->raw.len && - memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { - return 0; - } - } - - /* too bad */ - return -1; -} - -/* - * Build and verify a certificate chain - * - * Given a peer-provided list of certificates EE, C1, ..., Cn and - * a list of trusted certs R1, ... Rp, try to build and verify a chain - * EE, Ci1, ... Ciq [, Rj] - * such that every cert in the chain is a child of the next one, - * jumping to a trusted root as early as possible. - * - * Verify that chain and return it with flags for all issues found. - * - * Special cases: - * - EE == Rj -> return a one-element list containing it - * - EE, Ci1, ..., Ciq cannot be continued with a trusted root - * -> return that chain with NOT_TRUSTED set on Ciq - * - * Tests for (aspects of) this function should include at least: - * - trusted EE - * - EE -> trusted root - * - EE -> intermediate CA -> trusted root - * - if relevant: EE untrusted - * - if relevant: EE -> intermediate, untrusted - * with the aspect under test checked at each relevant level (EE, int, root). - * For some aspects longer chains are required, but usually length 2 is - * enough (but length 1 is not in general). - * - * Arguments: - * - [in] crt: the cert list EE, C1, ..., Cn - * - [in] trust_ca: the trusted list R1, ..., Rp - * - [in] ca_crl, profile: as in verify_with_profile() - * - [out] ver_chain: the built and verified chain - * Only valid when return value is 0, may contain garbage otherwise! - * Restart note: need not be the same when calling again to resume. - * - [in-out] rs_ctx: context for restarting operations - * - * Return value: - * - non-zero if the chain could not be fully built and examined - * - 0 is the chain was successfully built and examined, - * even if it was found to be invalid - */ -static int x509_crt_verify_chain( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - mbedtls_x509_crt_verify_chain *ver_chain, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - /* Don't initialize any of those variables here, so that the compiler can - * catch potential issues with jumping ahead when restarting */ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - uint32_t *flags; - mbedtls_x509_crt_verify_chain_item *cur; - mbedtls_x509_crt *child; - mbedtls_x509_crt *parent; - int parent_is_trusted; - int child_is_trusted; - int signature_is_good; - unsigned self_cnt; - mbedtls_x509_crt *cur_trust_ca = NULL; - mbedtls_x509_time now; - -#if defined(MBEDTLS_HAVE_TIME_DATE) - if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { - return MBEDTLS_ERR_X509_FATAL_ERROR; - } -#endif - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - /* resume if we had an operation in progress */ - if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { - /* restore saved state */ - *ver_chain = rs_ctx->ver_chain; /* struct copy */ - self_cnt = rs_ctx->self_cnt; - - /* restore derived state */ - cur = &ver_chain->items[ver_chain->len - 1]; - child = cur->crt; - flags = &cur->flags; - - goto find_parent; - } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - - child = crt; - self_cnt = 0; - parent_is_trusted = 0; - child_is_trusted = 0; - - while (1) { - /* Add certificate to the verification chain */ - cur = &ver_chain->items[ver_chain->len]; - cur->crt = child; - cur->flags = 0; - ver_chain->len++; - flags = &cur->flags; - -#if defined(MBEDTLS_HAVE_TIME_DATE) - /* Check time-validity (all certificates) */ - if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { - *flags |= MBEDTLS_X509_BADCERT_EXPIRED; - } - - if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { - *flags |= MBEDTLS_X509_BADCERT_FUTURE; - } -#endif - - /* Stop here for trusted roots (but not for trusted EE certs) */ - if (child_is_trusted) { - return 0; - } - - /* Check signature algorithm: MD & PK algs */ - if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { - *flags |= MBEDTLS_X509_BADCERT_BAD_MD; - } - - if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { - *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - } - - /* Special case: EE certs that are locally trusted */ - if (ver_chain->len == 1 && - x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { - return 0; - } - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -find_parent: -#endif - - /* Obtain list of potential trusted signers from CA callback, - * or use statically provided list. */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (f_ca_cb != NULL) { - mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); - mbedtls_free(ver_chain->trust_ca_cb_result); - ver_chain->trust_ca_cb_result = NULL; - - ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); - if (ret != 0) { - return MBEDTLS_ERR_X509_FATAL_ERROR; - } - - cur_trust_ca = ver_chain->trust_ca_cb_result; - } else -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - { - ((void) f_ca_cb); - ((void) p_ca_cb); - cur_trust_ca = trust_ca; - } - - /* Look for a parent in trusted CAs or up the chain */ - ret = x509_crt_find_parent(child, cur_trust_ca, &parent, - &parent_is_trusted, &signature_is_good, - ver_chain->len - 1, self_cnt, rs_ctx, - &now); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - /* save state */ - rs_ctx->in_progress = x509_crt_rs_find_parent; - rs_ctx->self_cnt = self_cnt; - rs_ctx->ver_chain = *ver_chain; /* struct copy */ - - return ret; - } -#else - (void) ret; -#endif - - /* No parent? We're done here */ - if (parent == NULL) { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return 0; - } - - /* Count intermediate self-issued (not necessarily self-signed) certs. - * These can occur with some strategies for key rollover, see [SIRO], - * and should be excluded from max_pathlen checks. */ - if (ver_chain->len != 1 && - x509_name_cmp(&child->issuer, &child->subject) == 0) { - self_cnt++; - } - - /* path_cnt is 0 for the first intermediate CA, - * and if parent is trusted it's not an intermediate CA */ - if (!parent_is_trusted && - ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { - /* return immediately to avoid overflow the chain array */ - return MBEDTLS_ERR_X509_FATAL_ERROR; - } - - /* signature was checked while searching parent */ - if (!signature_is_good) { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - } - - /* check size of signing key */ - if (x509_profile_check_key(profile, &parent->pk) != 0) { - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - /* Check trusted CA's CRL for the given crt */ - *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now); -#else - (void) ca_crl; -#endif - - /* prepare for next iteration */ - child = parent; - parent = NULL; - child_is_trusted = parent_is_trusted; - signature_is_good = 0; - } -} - -#ifdef _WIN32 -#ifdef _MSC_VER -#pragma comment(lib, "ws2_32.lib") -#include -#include -#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 -#include -#include -#else -/* inet_pton() is not supported, fallback to software version */ -#define MBEDTLS_TEST_SW_INET_PTON -#endif -#elif defined(__sun) -/* Solaris requires -lsocket -lnsl for inet_pton() */ -#elif defined(__has_include) -#if __has_include() -#include -#endif -#if __has_include() -#include -#endif -#endif - -/* Use whether or not AF_INET6 is defined to indicate whether or not to use - * the platform inet_pton() or a local implementation (below). The local - * implementation may be used even in cases where the platform provides - * inet_pton(), e.g. when there are different includes required and/or the - * platform implementation requires dependencies on additional libraries. - * Specifically, Windows requires custom includes and additional link - * dependencies, and Solaris requires additional link dependencies. - * Also, as a coarse heuristic, use the local implementation if the compiler - * does not support __has_include(), or if the definition of AF_INET6 is not - * provided by headers included (or not) via __has_include() above. - * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names - * despite having a platform that has inet_pton. */ -#if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names -/* Definition located further below to possibly reduce compiler inlining */ -static int x509_inet_pton_ipv4(const char *src, void *dst); - -#define li_cton(c, n) \ - (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0)) - -static int x509_inet_pton_ipv6(const char *src, void *dst) -{ - const unsigned char *p = (const unsigned char *) src; - int nonzero_groups = 0, num_digits, zero_group_start = -1; - uint16_t addr[8]; - do { - /* note: allows excess leading 0's, e.g. 1:0002:3:... */ - uint16_t group = num_digits = 0; - for (uint8_t digit; num_digits < 4; num_digits++) { - if (li_cton(*p, digit) == 0) { - break; - } - group = (group << 4) | digit; - p++; - } - if (num_digits != 0) { - MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); - nonzero_groups++; - if (*p == '\0') { - break; - } else if (*p == '.') { - /* Don't accept IPv4 too early or late */ - if ((nonzero_groups == 0 && zero_group_start == -1) || - nonzero_groups >= 7) { - break; - } - - /* Walk back to prior ':', then parse as IPv4-mapped */ - int steps = 4; - do { - p--; - steps--; - } while (*p != ':' && steps > 0); - - if (*p != ':') { - break; - } - p++; - nonzero_groups--; - if (x509_inet_pton_ipv4((const char *) p, - addr + nonzero_groups) != 0) { - break; - } - - nonzero_groups += 2; - p = (const unsigned char *) ""; - break; - } else if (*p != ':') { - return -1; - } - } else { - /* Don't accept a second zero group or an invalid delimiter */ - if (zero_group_start != -1 || *p != ':') { - return -1; - } - zero_group_start = nonzero_groups; - - /* Accept a zero group at start, but it has to be a double colon */ - if (zero_group_start == 0 && *++p != ':') { - return -1; - } - - if (p[1] == '\0') { - ++p; - break; - } - } - ++p; - } while (nonzero_groups < 8); - - if (*p != '\0') { - return -1; - } - - if (zero_group_start != -1) { - if (nonzero_groups > 6) { - return -1; - } - int zero_groups = 8 - nonzero_groups; - int groups_after_zero = nonzero_groups - zero_group_start; - - /* Move the non-zero part to after the zeroes */ - if (groups_after_zero) { - memmove(addr + zero_group_start + zero_groups, - addr + zero_group_start, - groups_after_zero * sizeof(*addr)); - } - memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr)); - } else { - if (nonzero_groups != 8) { - return -1; - } - } - memcpy(dst, addr, sizeof(addr)); - return 0; -} - -static int x509_inet_pton_ipv4(const char *src, void *dst) -{ - const unsigned char *p = (const unsigned char *) src; - uint8_t *res = (uint8_t *) dst; - uint8_t digit, num_digits = 0; - uint8_t num_octets = 0; - uint16_t octet; - - do { - octet = num_digits = 0; - do { - digit = *p - '0'; - if (digit > 9) { - break; - } - - /* Don't allow leading zeroes. These might mean octal format, - * which this implementation does not support. */ - if (octet == 0 && num_digits > 0) { - return -1; - } - - octet = octet * 10 + digit; - num_digits++; - p++; - } while (num_digits < 3); - - if (octet >= 256 || num_digits > 3 || num_digits == 0) { - return -1; - } - *res++ = (uint8_t) octet; - num_octets++; - } while (num_octets < 4 && *p++ == '.'); - return num_octets == 4 && *p == '\0' ? 0 : -1; -} - -#else - -static int x509_inet_pton_ipv6(const char *src, void *dst) -{ - return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; -} - -static int x509_inet_pton_ipv4(const char *src, void *dst) -{ - return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; -} - -#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names - -size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) -{ - return strchr(cn, ':') == NULL - ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 - : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; -} - -/* - * Check for CN match - */ -static int x509_crt_check_cn(const mbedtls_x509_buf *name, - const char *cn, size_t cn_len) -{ - /* try exact match */ - if (name->len == cn_len && - x509_memcasecmp(cn, name->p, cn_len) == 0) { - return 0; - } - - /* try wildcard match */ - if (x509_check_wildcard(cn, name) == 0) { - return 0; - } - - return -1; -} - -static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) -{ - uint32_t ip[4]; - cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip); - if (cn_len == 0) { - return -1; - } - - for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { - const unsigned char san_type = (unsigned char) cur->buf.tag & - MBEDTLS_ASN1_TAG_VALUE_MASK; - if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && - cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { - return 0; - } - } - - return -1; -} - -static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) -{ - for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { - const unsigned char san_type = (unsigned char) cur->buf.tag & - MBEDTLS_ASN1_TAG_VALUE_MASK; - if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && - cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { - return 0; - } - } - - return -1; -} - -/* - * Check for SAN match, see RFC 5280 Section 4.2.1.6 - */ -static int x509_crt_check_san(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) -{ - int san_ip = 0; - int san_uri = 0; - /* Prioritize DNS name over other subtypes due to popularity */ - for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { - switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { - case MBEDTLS_X509_SAN_DNS_NAME: - if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { - return 0; - } - break; - case MBEDTLS_X509_SAN_IP_ADDRESS: - san_ip = 1; - break; - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - san_uri = 1; - break; - /* (We may handle other types here later.) */ - default: /* Unrecognized type */ - break; - } - } - if (san_ip) { - if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { - return 0; - } - } - if (san_uri) { - if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { - return 0; - } - } - - return -1; -} - -/* - * Verify the requested CN - only call this if cn is not NULL! - */ -static void x509_crt_verify_name(const mbedtls_x509_crt *crt, - const char *cn, - uint32_t *flags) -{ - const mbedtls_x509_name *name; - size_t cn_len = strlen(cn); - - if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { - return; - } - } else { - for (name = &crt->subject; name != NULL; name = name->next) { - if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && - x509_crt_check_cn(&name->val, cn, cn_len) == 0) { - return; - } - } - - } - - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -} - -/* - * Merge the flags for all certs in the chain, after calling callback - */ -static int x509_crt_merge_flags_with_cb( - uint32_t *flags, - const mbedtls_x509_crt_verify_chain *ver_chain, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned i; - uint32_t cur_flags; - const mbedtls_x509_crt_verify_chain_item *cur; - - for (i = ver_chain->len; i != 0; --i) { - cur = &ver_chain->items[i-1]; - cur_flags = cur->flags; - - if (NULL != f_vrfy) { - if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { - return ret; - } - } - - *flags |= cur_flags; - } - - return 0; -} - -/* - * Verify the certificate validity, with profile, restartable version - * - * This function: - * - checks the requested CN (if any) - * - checks the type and size of the EE cert's key, - * as that isn't done as part of chain building/verification currently - * - builds and verifies the chain - * - then calls the callback and merges the flags - * - * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` - * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the - * verification routine to search for trusted signers, and CRLs will - * be disabled. Otherwise, `trust_ca` will be used as the static list - * of trusted signers, and `ca_crl` will be use as the static list - * of CRLs. - */ -static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, - mbedtls_x509_crt *, - int, - uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_type_t pk_type; - mbedtls_x509_crt_verify_chain ver_chain; - uint32_t ee_flags; - - *flags = 0; - ee_flags = 0; - x509_crt_verify_chain_reset(&ver_chain); - - if (profile == NULL) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto exit; - } - - /* check name if requested */ - if (cn != NULL) { - x509_crt_verify_name(crt, cn, &ee_flags); - } - - /* Check the type and size of the key */ - pk_type = mbedtls_pk_get_type(&crt->pk); - - if (x509_profile_check_pk_alg(profile, pk_type) != 0) { - ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; - } - - if (x509_profile_check_key(profile, &crt->pk) != 0) { - ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - - /* Check the chain */ - ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, - f_ca_cb, p_ca_cb, profile, - &ver_chain, rs_ctx); - - if (ret != 0) { - goto exit; - } - - /* Merge end-entity flags */ - ver_chain.items[0].flags |= ee_flags; - - /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); - -exit: - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); - mbedtls_free(ver_chain.trust_ca_cb_result); - ver_chain.trust_ca_cb_result = NULL; -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { - mbedtls_x509_crt_restart_free(rs_ctx); - } -#endif - - /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by - * the SSL module for authmode optional, but non-zero return from the - * callback means a fatal error so it shouldn't be ignored */ - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { - ret = MBEDTLS_ERR_X509_FATAL_ERROR; - } - - if (ret != 0) { - *flags = (uint32_t) -1; - return ret; - } - - if (*flags != 0) { - return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; - } - - return 0; -} - - -/* - * Verify the certificate validity (default profile, not restartable) - */ -int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, - NULL, NULL, - &mbedtls_x509_crt_profile_default, - cn, flags, - f_vrfy, p_vrfy, NULL); -} - -/* - * Verify the certificate validity (user-chosen profile, not restartable) - */ -int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, NULL); -} - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/* - * Verify the certificate validity (user-chosen profile, CA callback, - * not restartable). - */ -int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, - f_ca_cb, p_ca_cb, - profile, cn, flags, - f_vrfy, p_vrfy, NULL); -} -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, rs_ctx); -} - - -/* - * Initialize a certificate chain - */ -void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) -{ - memset(crt, 0, sizeof(mbedtls_x509_crt)); -} - -/* - * Unallocate all certificate data - */ -void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) -{ - mbedtls_x509_crt *cert_cur = crt; - mbedtls_x509_crt *cert_prv; - - while (cert_cur != NULL) { - mbedtls_pk_free(&cert_cur->pk); - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(cert_cur->sig_opts); -#endif - - mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); - mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); - mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); - mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); - mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); - mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); - - if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { - mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); - } - - cert_prv = cert_cur; - cert_cur = cert_cur->next; - - mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); - if (cert_prv != crt) { - mbedtls_free(cert_prv); - } - } -} - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) -/* - * Initialize a restart context - */ -void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) -{ - mbedtls_pk_restart_init(&ctx->pk); - - ctx->parent = NULL; - ctx->fallback_parent = NULL; - ctx->fallback_signature_is_good = 0; - - ctx->parent_is_trusted = -1; - - ctx->in_progress = x509_crt_rs_none; - ctx->self_cnt = 0; - x509_crt_verify_chain_reset(&ctx->ver_chain); -} - -/* - * Free the components of a restart context - */ -void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_pk_restart_free(&ctx->pk); - mbedtls_x509_crt_restart_init(ctx); -} -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - -int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) -{ - if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { - return crt->MBEDTLS_PRIVATE(ca_istrue); - } - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; -} - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/x509_csr.c b/library/x509_csr.c deleted file mode 100644 index 3a7826868..000000000 --- a/library/x509_csr.c +++ /dev/null @@ -1,638 +0,0 @@ -/* - * X.509 Certificate Signing Request (CSR) parsing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - -#include "mbedtls/x509_csr.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) -#include -#endif - -/* - * Version ::= INTEGER { v1(0) } - */ -static int x509_csr_get_version(unsigned char **p, - const unsigned char *end, - int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - *ver = 0; - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); - } - - return 0; -} - -/* - * Parse CSR extension requests in DER format - */ -static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, - unsigned char **p, const unsigned char *end, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *end_ext_data, *end_ext_octet; - - while (*p < end) { - mbedtls_x509_buf extn_oid = { 0, 0, NULL }; - int is_critical = 0; /* DEFAULT FALSE */ - int ext_type = 0; - - /* Read sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_data = *p + len; - - /* Get extension ID */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - extn_oid.tag = MBEDTLS_ASN1_OID; - extn_oid.p = *p; - *p += extn_oid.len; - - /* Get optional critical */ - if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && - (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Data should be octet string type */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_octet = *p + len; - - if (end_ext_octet != end_ext_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Detect supported extensions and skip unsupported extensions - */ - ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); - - if (ret != 0) { - /* Give the callback (if any) a chance to handle the extension */ - if (cb != NULL) { - ret = cb(p_ctx, csr, &extn_oid, is_critical, *p, end_ext_octet); - if (ret != 0 && is_critical) { - return ret; - } - *p = end_ext_octet; - continue; - } - - /* No parser found, skip extension */ - *p = end_ext_octet; - - if (is_critical) { - /* Data is marked as critical: fail */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - continue; - } - - /* Forbid repeated extensions */ - if ((csr->ext_types & ext_type) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_DATA); - } - - csr->ext_types |= ext_type; - - switch (ext_type) { - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data, - &csr->key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name */ - if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data, - &csr->subject_alt_names)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data, - &csr->ns_cert_type)) != 0) { - return ret; - } - break; - default: - /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ - if (is_critical) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } else { - *p = end_ext_octet; - } - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse CSR attributes in DER format - */ -static int x509_csr_parse_attributes(mbedtls_x509_csr *csr, - const unsigned char *start, const unsigned char *end, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - int ret; - size_t len; - unsigned char *end_attr_data; - unsigned char **p = (unsigned char **) &start; - - while (*p < end) { - mbedtls_x509_buf attr_oid = { 0, 0, NULL }; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - end_attr_data = *p + len; - - /* Get attribute ID */ - if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - attr_oid.tag = MBEDTLS_ASN1_OID; - attr_oid.p = *p; - *p += attr_oid.len; - - /* Check that this is an extension-request attribute */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((ret = x509_csr_parse_extensions(csr, p, *p + len, cb, p_ctx)) != 0) { - return ret; - } - - if (*p != end_attr_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } - - *p = end_attr_data; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse a CSR in DER format - */ -static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *p, *end; - mbedtls_x509_buf sig_params; - - memset(&sig_params, 0, sizeof(mbedtls_x509_buf)); - - /* - * Check for valid input - */ - if (csr == NULL || buf == NULL || buflen == 0) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - mbedtls_x509_csr_init(csr); - - /* - * first copy the raw DER data - */ - p = mbedtls_calloc(1, len = buflen); - - if (p == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - memcpy(p, buf, buflen); - - csr->raw.p = p; - csr->raw.len = len; - end = p + len; - - /* - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - * } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - if (len != (size_t) (end - p)) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * CertificationRequestInfo ::= SEQUENCE { - */ - csr->cri.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = p + len; - csr->cri.len = (size_t) (end - csr->cri.p); - - /* - * Version ::= INTEGER { v1(0) } - */ - if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - if (csr->version != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERR_X509_UNKNOWN_VERSION; - } - - csr->version++; - - /* - * subject Name - */ - csr->subject_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - csr->subject_raw.len = (size_t) (p - csr->subject_raw.p); - - /* - * subjectPKInfo SubjectPublicKeyInfo - */ - if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - /* - * attributes [0] Attributes - * - * The list of possible attributes is open-ended, though RFC 2985 - * (PKCS#9) defines a few in section 5.4. We currently don't support any, - * so we just ignore them. This is a safe thing to do as the worst thing - * that could happen is that we issue a certificate that does not match - * the requester's expectations - this cannot cause a violation of our - * signature policies. - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != - 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = x509_csr_parse_attributes(csr, p, p + len, cb, p_ctx)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - p += len; - - end = csr->raw.p + csr->raw.len; - - /* - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - */ - if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk, - &csr->sig_opts)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; - } - - if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - if (p != end) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse a CSR in DER format - */ -int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen) -{ - return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, NULL, NULL); -} - -/* - * Parse a CSR in DER format with callback for unknown extensions - */ -int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, cb, p_ctx); -} - -/* - * Parse a CSR, allowing for PEM or raw DER encoding - */ -int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen) -{ -#if defined(MBEDTLS_PEM_PARSE_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t use_len; - mbedtls_pem_context pem; -#endif - - /* - * Check for valid input - */ - if (csr == NULL || buf == NULL || buflen == 0) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_PEM_PARSE_C) - /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if (buf[buflen - 1] == '\0') { - mbedtls_pem_init(&pem); - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN CERTIFICATE REQUEST-----", - "-----END CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len); - if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN NEW CERTIFICATE REQUEST-----", - "-----END NEW CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len); - } - - if (ret == 0) { - /* - * Was PEM encoded, parse the result - */ - ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen); - } - - mbedtls_pem_free(&pem); - if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { - return ret; - } - } -#endif /* MBEDTLS_PEM_PARSE_C */ - return mbedtls_x509_csr_parse_der(csr, buf, buflen); -} - -#if defined(MBEDTLS_FS_IO) -/* - * Load a CSR into the structure - */ -int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_x509_csr_parse(csr, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define BEFORE_COLON 14 -#define BC "14" -/* - * Return an informational string about the CSR. - */ -int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - char *p; - char key_size_str[BEFORE_COLON]; - - p = buf; - n = size; - - ret = mbedtls_snprintf(p, n, "%sCSR version : %d", - prefix, csr->version); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &csr->subject); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, - csr->sig_opts); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, - mbedtls_pk_get_name(&csr->pk))) != 0) { - return ret; - } - - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&csr->pk)); - MBEDTLS_X509_SAFE_SNPRINTF; - - /* - * Optional extensions - */ - - if (csr->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, - &csr->subject_alt_names, - prefix)) != 0) { - return ret; - } - } - - if (csr->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { - ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_cert_type(&p, &n, csr->ns_cert_type)) != 0) { - return ret; - } - } - - if (csr->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { - ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_key_usage(&p, &n, csr->key_usage)) != 0) { - return ret; - } - } - - if (csr->ext_types != 0) { - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Initialize a CSR - */ -void mbedtls_x509_csr_init(mbedtls_x509_csr *csr) -{ - memset(csr, 0, sizeof(mbedtls_x509_csr)); -} - -/* - * Unallocate all CSR data - */ -void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) -{ - if (csr == NULL) { - return; - } - - mbedtls_pk_free(&csr->pk); - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(csr->sig_opts); -#endif - - mbedtls_asn1_free_named_data_list_shallow(csr->subject.next); - mbedtls_asn1_sequence_free(csr->subject_alt_names.next); - - if (csr->raw.p != NULL) { - mbedtls_zeroize_and_free(csr->raw.p, csr->raw.len); - } - - mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr)); -} - -#endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/library/x509_internal.h b/library/x509_internal.h deleted file mode 100644 index 36cbc6518..000000000 --- a/library/x509_internal.h +++ /dev/null @@ -1,87 +0,0 @@ -/** - * \file x509.h - * - * \brief Internal part of the public "x509.h". - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_INTERNAL_H -#define MBEDTLS_X509_INTERNAL_H - -#include "common.h" -#include "mbedtls/build_info.h" -#include "mbedtls/private_access.h" - -#include "mbedtls/x509.h" -#include "mbedtls/asn1.h" -#include "pk_internal.h" - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif - -int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur); -int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg); -int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len); -#endif -int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); -int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts); -int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, - mbedtls_x509_time *t); -int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial); -int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag); -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts); -#endif -int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); -int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, - size_t val_len); -int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first); -int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first); -int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg); -int mbedtls_x509_get_ns_cert_type(unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type); -int mbedtls_x509_get_key_usage(unsigned char **p, - const unsigned char *end, - unsigned int *key_usage); -int mbedtls_x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name); -int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name); -int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix); -int mbedtls_x509_info_cert_type(char **buf, size_t *size, - unsigned char ns_cert_type); -int mbedtls_x509_info_key_usage(char **buf, size_t *size, - unsigned int key_usage); - -int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, - const mbedtls_x509_san_list *san_list); - -#endif /* MBEDTLS_X509_INTERNAL_H */ diff --git a/library/x509write.c b/library/x509write.c deleted file mode 100644 index 8288c892b..000000000 --- a/library/x509write.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * X.509 internal, common functions for writing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) - -#include "mbedtls/x509_crt.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif /* MBEDTLS_PEM_WRITE_C */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" -#include "md_psa.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#define CHECK_OVERFLOW_ADD(a, b) \ - do \ - { \ - if (a > SIZE_MAX - (b)) \ - { \ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ - } \ - a += b; \ - } while (0) - -int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, - const mbedtls_x509_san_list *san_list) -{ - int ret = 0; - const mbedtls_x509_san_list *cur; - unsigned char *buf; - unsigned char *p; - size_t len; - size_t buflen = 0; - - /* Determine the maximum size of the SubjectAltName list */ - for (cur = san_list; cur != NULL; cur = cur->next) { - /* Calculate size of the required buffer */ - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - case MBEDTLS_X509_SAN_RFC822_NAME: - /* length of value for each name entry, - * maximum 4 bytes for the length field, - * 1 byte for the tag/type. - */ - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - { - const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; - while (chunk != NULL) { - // Max 4 bytes for length, +1 for tag, - // additional 4 max for length, +1 for tag. - // See x509_write_name for more information. - CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); - CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); - CHECK_OVERFLOW_ADD(buflen, chunk->val.len); - chunk = chunk->next; - } - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - } - default: - /* Not supported - return. */ - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - } - - /* Add the extra length field and tag */ - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - - /* Allocate buffer */ - buf = mbedtls_calloc(1, buflen); - if (buf == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - p = buf + buflen; - - /* Write ASN.1-based structure */ - cur = san_list; - len = 0; - while (cur != NULL) { - size_t single_san_len = 0; - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_RFC822_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - { - const unsigned char *unstructured_name = - (const unsigned char *) cur->node.san.unstructured_name.p; - size_t unstructured_name_len = cur->node.san.unstructured_name.len; - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_raw_buffer( - &p, buf, - unstructured_name, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( - &p, buf, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag( - &p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); - } - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_x509_write_names(&p, buf, - (mbedtls_asn1_named_data *) & - cur->node - .san.directory_name)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_len(&p, buf, single_san_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_X509_SAN_DIRECTORY_NAME)); - break; - default: - /* Error out on an unsupported SAN */ - ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - goto cleanup; - } - cur = cur->next; - /* check for overflow */ - if (len > SIZE_MAX - single_san_len) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - len += single_san_len; - } - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - ret = mbedtls_x509_set_extension(extensions, - MBEDTLS_OID_SUBJECT_ALT_NAME, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), - 0, - buf + buflen - len, len); - - /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list - * was incorrectly calculated and memory is corrupted. */ - if (p < buf) { - ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } -cleanup: - mbedtls_free(buf); - return ret; -} - -#endif /* MBEDTLS_X509_CSR_WRITE_C || MBEDTLS_X509_CRT_WRITE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c deleted file mode 100644 index 8bce1ccf5..000000000 --- a/library/x509write_crt.c +++ /dev/null @@ -1,685 +0,0 @@ -/* - * X.509 certificate writing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * References: - * - certificates: RFC 5280, updated by RFC 6818 - * - CSRs: PKCS#10 v1.7 aka RFC 2986 - * - attributes: PKCS#9 v2.0 aka RFC 2985 - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CRT_WRITE_C) - -#include "mbedtls/x509_crt.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/md.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif /* MBEDTLS_PEM_WRITE_C */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#include "psa_util_internal.h" -#include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) -{ - memset(ctx, 0, sizeof(mbedtls_x509write_cert)); - - ctx->version = MBEDTLS_X509_CRT_VERSION_3; -} - -void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_asn1_free_named_data_list(&ctx->subject); - mbedtls_asn1_free_named_data_list(&ctx->issuer); - mbedtls_asn1_free_named_data_list(&ctx->extensions); - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert)); -} - -void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, - int version) -{ - ctx->version = version; -} - -void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, - mbedtls_md_type_t md_alg) -{ - ctx->md_alg = md_alg; -} - -void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key) -{ - ctx->subject_key = key; -} - -void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key) -{ - ctx->issuer_key = key; -} - -int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, - const char *subject_name) -{ - return mbedtls_x509_string_to_names(&ctx->subject, subject_name); -} - -int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, - const char *issuer_name) -{ - return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); -} - -#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, - const mbedtls_mpi *serial) -{ - int ret; - size_t tmp_len; - - /* Ensure that the MPI value fits into the buffer */ - tmp_len = mbedtls_mpi_size(serial); - if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - ctx->serial_len = tmp_len; - - ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len); - if (ret < 0) { - return ret; - } - - return 0; -} -#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED - -int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - unsigned char *serial, size_t serial_len) -{ - if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - ctx->serial_len = serial_len; - memcpy(ctx->serial, serial, serial_len); - - return 0; -} - -int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, - const char *not_before, - const char *not_after) -{ - if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || - strlen(not_after) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); - strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); - ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; - ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; - - return 0; -} - -int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, - const mbedtls_x509_san_list *san_list) -{ - return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list); -} - - -int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len) -{ - return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, - critical, val, val_len); -} - -int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[9]; - unsigned char *c = buf + sizeof(buf); - size_t len = 0; - - memset(buf, 0, sizeof(buf)); - - if (is_ca && max_pathlen > 127) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if (is_ca) { - if (max_pathlen >= 0) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, - max_pathlen)); - } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return - mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, - MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS), - is_ca, buf + sizeof(buf) - len, len); -} - -#if defined(PSA_WANT_ALG_SHA_1) -static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, - int is_ca, - unsigned char tag) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof(buf); - size_t len = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - memset(buf, 0, sizeof(buf)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_pk_write_pubkey(&c, - buf, - is_ca ? - ctx->issuer_key : - ctx->subject_key)); - - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = psa_hash_compute(PSA_ALG_SHA_1, - buf + sizeof(buf) - len, - len, - buf + sizeof(buf) - 20, - 20, - &hash_length); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -#else - ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), - buf + sizeof(buf) - len, len, - buf + sizeof(buf) - 20); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - c = buf + sizeof(buf) - 20; - len = 20; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, tag)); - - if (is_ca) { // writes AuthorityKeyIdentifier sequence - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, - buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - } - - if (is_ca) { - return mbedtls_x509write_crt_set_extension(ctx, - MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( - MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER), - 0, buf + sizeof(buf) - len, len); - } else { - return mbedtls_x509write_crt_set_extension(ctx, - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER), - 0, buf + sizeof(buf) - len, len); - } -} - -int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx) -{ - return mbedtls_x509write_crt_set_key_identifier(ctx, - 0, - MBEDTLS_ASN1_OCTET_STRING); -} - -int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx) -{ - return mbedtls_x509write_crt_set_key_identifier(ctx, - 1, - (MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0)); -} -#endif /* PSA_WANT_ALG_SHA_1 */ - -int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, - unsigned int key_usage) -{ - unsigned char buf[5] = { 0 }, ku[2] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE | - MBEDTLS_X509_KU_NON_REPUDIATION | - MBEDTLS_X509_KU_KEY_ENCIPHERMENT | - MBEDTLS_X509_KU_DATA_ENCIPHERMENT | - MBEDTLS_X509_KU_KEY_AGREEMENT | - MBEDTLS_X509_KU_KEY_CERT_SIGN | - MBEDTLS_X509_KU_CRL_SIGN | - MBEDTLS_X509_KU_ENCIPHER_ONLY | - MBEDTLS_X509_KU_DECIPHER_ONLY; - - /* Check that nothing other than the allowed flags is set */ - if ((key_usage & ~allowed_bits) != 0) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - c = buf + 5; - MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0); - ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9); - - if (ret < 0) { - return ret; - } else if (ret < 3 || ret > 5) { - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), - 1, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, - const mbedtls_asn1_sequence *exts) -{ - unsigned char buf[256]; - unsigned char *c = buf + sizeof(buf); - int ret; - size_t len = 0; - const mbedtls_asn1_sequence *last_ext = NULL; - const mbedtls_asn1_sequence *ext; - - memset(buf, 0, sizeof(buf)); - - /* We need at least one extension: SEQUENCE SIZE (1..MAX) OF KeyPurposeId */ - if (exts == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - /* Iterate over exts backwards, so we write them out in the requested order */ - while (last_ext != exts) { - for (ext = exts; ext->next != last_ext; ext = ext->next) { - } - if (ext->buf.tag != MBEDTLS_ASN1_OID) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, ext->buf.p, ext->buf.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, ext->buf.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OID)); - last_ext = ext; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - return mbedtls_x509write_crt_set_extension(ctx, - MBEDTLS_OID_EXTENDED_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), - 1, c, len); -} - -int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type) -{ - unsigned char buf[4] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - c = buf + 4; - - ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); - if (ret < 3 || ret > 4) { - return ret; - } - - ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), - 0, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -static int x509_write_time(unsigned char **p, unsigned char *start, - const char *t, size_t size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - /* - * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) - */ - if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, - (const unsigned char *) t + 2, - size - 2)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_UTC_TIME)); - } else { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, - (const unsigned char *) t, - size)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_GENERALIZED_TIME)); - } - - return (int) len; -} - -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *sig_oid; - size_t sig_oid_len = 0; - unsigned char *c, *c2; - unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - size_t hash_length = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t psa_algorithm; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; - size_t len = 0; - mbedtls_pk_type_t pk_alg; - int write_sig_null_par; - - /* - * Prepare data to be signed at the end of the target buffer - */ - c = buf + size; - - /* Signature algorithm needed in TBS, and later for actual signature */ - - /* There's no direct way of extracting a signature algorithm - * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ - if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_RSA; - } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_ECDSA; - } else { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - - if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { - return ret; - } - - /* - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - */ - - /* Only for v3 */ - if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) { - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_x509_write_extensions(&c, - buf, ctx->extensions)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3)); - } - - /* - * SubjectPublicKeyInfo - */ - MBEDTLS_ASN1_CHK_ADD(pub_len, - mbedtls_pk_write_pubkey_der(ctx->subject_key, - buf, (size_t) (c - buf))); - c -= pub_len; - len += pub_len; - - /* - * Subject ::= Name - */ - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_x509_write_names(&c, buf, - ctx->subject)); - - /* - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - */ - sub_len = 0; - - MBEDTLS_ASN1_CHK_ADD(sub_len, - x509_write_time(&c, buf, ctx->not_after, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); - - MBEDTLS_ASN1_CHK_ADD(sub_len, - x509_write_time(&c, buf, ctx->not_before, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); - - len += sub_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - /* - * Issuer ::= Name - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, - ctx->issuer)); - - /* - * Signature ::= AlgorithmIdentifier - */ - if (pk_alg == MBEDTLS_PK_ECDSA) { - /* - * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature - * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and - * https://www.rfc-editor.org/rfc/rfc5758#section-3. - */ - write_sig_null_par = 0; - } else { - write_sig_null_par = 1; - } - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, - sig_oid, strlen(sig_oid), - 0, write_sig_null_par)); - - /* - * Serial ::= INTEGER - * - * Written data is: - * - "ctx->serial_len" bytes for the raw serial buffer - * - if MSb of "serial" is 1, then prepend an extra 0x00 byte - * - 1 byte for the length - * - 1 byte for the TAG - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, - ctx->serial, ctx->serial_len)); - if (*c & 0x80) { - if (c - buf < 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - *(--c) = 0x0; - len++; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, - ctx->serial_len + 1)); - } else { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, - ctx->serial_len)); - } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_INTEGER)); - - /* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - */ - - /* Can be omitted for v1 */ - if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) { - sub_len = 0; - MBEDTLS_ASN1_CHK_ADD(sub_len, - mbedtls_asn1_write_int(&c, buf, ctx->version)); - len += sub_len; - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_len(&c, buf, sub_len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - /* - * Make signature - */ - - /* Compute hash of CRT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); - - status = psa_hash_compute(psa_algorithm, - c, - len, - hash, - sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -#else - if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, - len, hash)) != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - - if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - f_rng, p_rng)) != 0) { - return ret; - } - - /* Move CRT to the front of the buffer to have space - * for the signature. */ - memmove(buf, c, len); - c = buf + len; - - /* Add signature at the end of the buffer, - * making sure that it doesn't underflow - * into the CRT buffer. */ - c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, - sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); - - /* - * Memory layout after this step: - * - * buf c=buf+len c2 buf+size - * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm] - */ - - /* Move raw CRT to just before the signature. */ - c = c2 - len; - memmove(c, buf, len); - - len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n" -#define PEM_END_CRT "-----END CERTIFICATE-----\n" - -#if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen; - - if ((ret = mbedtls_x509write_crt_der(crt, buf, size, - f_rng, p_rng)) < 0) { - return ret; - } - - if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, - buf + size - ret, ret, - buf, size, &olen)) != 0) { - return ret; - } - - return 0; -} -#endif /* MBEDTLS_PEM_WRITE_C */ - -#endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/library/x509write_csr.c b/library/x509write_csr.c deleted file mode 100644 index 604c94c3e..000000000 --- a/library/x509write_csr.c +++ /dev/null @@ -1,334 +0,0 @@ -/* - * X.509 Certificate Signing Request writing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * References: - * - CSRs: PKCS#10 v1.7 aka RFC 2986 - * - attributes: PKCS#9 v2.0 aka RFC 2985 - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CSR_WRITE_C) - -#include "mbedtls/x509_csr.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform_util.h" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#include "psa_util_internal.h" -#include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/platform.h" - -void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) -{ - memset(ctx, 0, sizeof(mbedtls_x509write_csr)); -} - -void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_asn1_free_named_data_list(&ctx->subject); - mbedtls_asn1_free_named_data_list(&ctx->extensions); - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr)); -} - -void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg) -{ - ctx->md_alg = md_alg; -} - -void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key) -{ - ctx->key = key; -} - -int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, - const char *subject_name) -{ - return mbedtls_x509_string_to_names(&ctx->subject, subject_name); -} - -int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len) -{ - return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, - critical, val, val_len); -} - -int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx, - const mbedtls_x509_san_list *san_list) -{ - return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list); -} - -int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage) -{ - unsigned char buf[4] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - c = buf + 4; - - ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8); - if (ret < 3 || ret > 4) { - return ret; - } - - ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), - 0, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type) -{ - unsigned char buf[4] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - c = buf + 4; - - ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); - if (ret < 3 || ret > 4) { - return ret; - } - - ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), - 0, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, - unsigned char *buf, - size_t size, - unsigned char *sig, size_t sig_size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *sig_oid; - size_t sig_oid_len = 0; - unsigned char *c, *c2; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - size_t pub_len = 0, sig_and_oid_len = 0, sig_len; - size_t len = 0; - mbedtls_pk_type_t pk_alg; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* Write the CSR backwards starting from the end of buf */ - c = buf + size; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf, - ctx->extensions)); - - if (len) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)); - - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_oid( - &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ))); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key, - buf, (size_t) (c - buf))); - c -= pub_len; - len += pub_len; - - /* - * Subject ::= Name - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, - ctx->subject)); - - /* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - /* - * Sign the written CSR data into the sig buffer - * Note: hash errors can happen only after an internal error - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (psa_hash_compute(hash_alg, - c, - len, - hash, - sizeof(hash), - &hash_len) != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -#else /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash); - if (ret != 0) { - return ret; - } -#endif - if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, - f_rng, p_rng)) != 0) { - return ret; - } - - if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_RSA; - } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_ECDSA; - } else { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - - if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { - return ret; - } - - /* - * Move the written CSR data to the start of buf to create space for - * writing the signature into buf. - */ - memmove(buf, c, len); - - /* - * Write sig and its OID into buf backwards from the end of buf. - * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len - * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed. - */ - c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, - mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); - - /* - * Compact the space between the CSR data and signature by moving the - * CSR data to the start of the signature. - */ - c2 -= len; - memmove(c2, buf, len); - - /* ASN encode the total size and tag the CSR data with it. */ - len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c2, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - /* Zero the unused bytes at the start of buf */ - memset(buf, 0, (size_t) (c2 - buf)); - - return (int) len; -} - -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret; - unsigned char *sig; - - if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - ret = x509write_csr_der_internal(ctx, buf, size, - sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE, - f_rng, p_rng); - - mbedtls_free(sig); - - return ret; -} - -#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" -#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" - -#if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen = 0; - - if ((ret = mbedtls_x509write_csr_der(ctx, buf, size, - f_rng, p_rng)) < 0) { - return ret; - } - - if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR, - buf + size - ret, - ret, buf, size, &olen)) != 0) { - return ret; - } - - return 0; -} -#endif /* MBEDTLS_PEM_WRITE_C */ - -#endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/pkgconfig/.gitignore b/pkgconfig/.gitignore deleted file mode 100644 index 5460c2076..000000000 --- a/pkgconfig/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile -*.pc diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt deleted file mode 100644 index 7dfc043ce..000000000 --- a/pkgconfig/CMakeLists.txt +++ /dev/null @@ -1,25 +0,0 @@ -if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) - include(JoinPaths.cmake) - join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}") - join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}") - - #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below. - # Prefix with something that won't clash with newer versions of CMAKE. - set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") - set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/") - - configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY) - install(FILES - ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - - configure_file(mbedtls.pc.in mbedtls.pc @ONLY) - install(FILES - ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - - configure_file(mbedx509.pc.in mbedx509.pc @ONLY) - install(FILES - ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) -endif() diff --git a/pkgconfig/JoinPaths.cmake b/pkgconfig/JoinPaths.cmake deleted file mode 100644 index 193caed76..000000000 --- a/pkgconfig/JoinPaths.cmake +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# This module provides function for joining paths -# known from most languages -# -# Copyright The Mbed TLS Contributors -# -# This script originates from: -# - https://github.com/jtojnar/cmake-snips -# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and -# allowed for the change of Copyright. -# -# Modelled after Python’s os.path.join -# https://docs.python.org/3.7/library/os.path.html#os.path.join -# Windows not supported -function(join_paths joined_path first_path_segment) - set(temp_path "${first_path_segment}") - foreach(current_segment IN LISTS ARGN) - if(NOT ("${current_segment}" STREQUAL "")) - if(IS_ABSOLUTE "${current_segment}") - set(temp_path "${current_segment}") - else() - set(temp_path "${temp_path}/${current_segment}") - endif() - endif() - endforeach() - set(${joined_path} "${temp_path}" PARENT_SCOPE) -endfunction() diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in deleted file mode 100644 index 28b9716b6..000000000 --- a/pkgconfig/mbedcrypto.pc.in +++ /dev/null @@ -1,10 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -includedir=@PKGCONFIG_INCLUDEDIR@ -libdir=@PKGCONFIG_LIBDIR@ - -Name: @PROJECT_NAME@ -Description: @PKGCONFIG_PROJECT_DESCRIPTION@ -URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ -Version: @PROJECT_VERSION@ -Cflags: -I"${includedir}" -Libs: -L"${libdir}" -ltfpsacrypto -lbuiltin -leverest -lp256m diff --git a/pkgconfig/mbedtls.pc.in b/pkgconfig/mbedtls.pc.in deleted file mode 100644 index 2bfce80b6..000000000 --- a/pkgconfig/mbedtls.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -includedir=@PKGCONFIG_INCLUDEDIR@ -libdir=@PKGCONFIG_LIBDIR@ - -Name: @PROJECT_NAME@ -Description: @PKGCONFIG_PROJECT_DESCRIPTION@ -URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ -Version: @PROJECT_VERSION@ -Requires.private: mbedcrypto mbedx509 -Cflags: -I"${includedir}" -Libs: -L"${libdir}" -lmbedtls diff --git a/pkgconfig/mbedx509.pc.in b/pkgconfig/mbedx509.pc.in deleted file mode 100644 index 0ab2e31ea..000000000 --- a/pkgconfig/mbedx509.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -includedir=@PKGCONFIG_INCLUDEDIR@ -libdir=@PKGCONFIG_LIBDIR@ - -Name: @PROJECT_NAME@ -Description: @PKGCONFIG_PROJECT_DESCRIPTION@ -URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ -Version: @PROJECT_VERSION@ -Requires.private: mbedcrypto -Cflags: -I"${includedir}" -Libs: -L"${libdir}" -lmbedx509 diff --git a/programs/.gitignore b/programs/.gitignore deleted file mode 100644 index c3e61c16b..000000000 --- a/programs/.gitignore +++ /dev/null @@ -1,76 +0,0 @@ -# Ignore makefiles generated by CMake, but not the makefile that's checked in. -*/Makefile -!fuzz/Makefile - -*.sln -*.vcxproj - -aes/crypt_and_hash -cipher/cipher_aead_demo -hash/generic_sum -hash/hello -hash/md_hmac_demo -hash/md5sum -hash/sha1sum -hash/sha2sum -pkey/dh_client -pkey/dh_genprime -pkey/dh_server -pkey/ecdh_curve25519 -pkey/ecdsa -pkey/gen_key -pkey/key_app -pkey/key_app_writer -pkey/mpi_demo -pkey/pk_decrypt -pkey/pk_encrypt -pkey/pk_sign -pkey/pk_verify -pkey/rsa_decrypt -pkey/rsa_encrypt -pkey/rsa_genkey -pkey/rsa_sign -pkey/rsa_sign_pss -pkey/rsa_verify -pkey/rsa_verify_pss -random/gen_entropy -random/gen_random_ctr_drbg -ssl/dtls_client -ssl/dtls_server -ssl/mini_client -ssl/ssl_client1 -ssl/ssl_client2 -ssl/ssl_context_info -ssl/ssl_fork_server -ssl/ssl_mail_client -ssl/ssl_pthread_server -ssl/ssl_server -ssl/ssl_server2 -test/benchmark -test/cpp_dummy_build -test/cpp_dummy_build.cpp -test/dlopen -test/ecp-bench -test/metatest -test/query_compile_time_config -test/query_included_headers -test/selftest -test/ssl_cert_test -test/udp_proxy -test/zeroize -util/pem2der -util/strerror -x509/cert_app -x509/cert_req -x509/cert_write -x509/crl_app -x509/load_roots -x509/req_app - -###START_GENERATED_FILES### -# Generated source files -/test/query_config.c - -# Generated data files -pkey/keyfile.key -###END_GENERATED_FILES### diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt deleted file mode 100644 index 2c23c48c6..000000000 --- a/programs/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(programs_target "${MBEDTLS_TARGET_PREFIX}programs") -add_custom_target(${programs_target}) - -add_subdirectory(aes) -add_subdirectory(cipher) -if (NOT WIN32) - add_subdirectory(fuzz) -endif() -add_subdirectory(hash) -add_subdirectory(pkey) -add_subdirectory(random) -add_subdirectory(ssl) -add_subdirectory(test) -add_subdirectory(util) -add_subdirectory(x509) diff --git a/programs/Makefile b/programs/Makefile deleted file mode 100644 index c177c28a2..000000000 --- a/programs/Makefile +++ /dev/null @@ -1,441 +0,0 @@ -MBEDTLS_TEST_PATH = ../tests -include ../scripts/common.make - -ifeq ($(shell uname -s),Linux) -DLOPEN_LDFLAGS ?= -ldl -else -DLOPEN_LDFLAGS ?= -endif - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG -endif -DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} - -# Only build the dlopen test in shared library builds, and not when building -# for Windows. -ifdef BUILD_DLOPEN -# Don't override the value -else ifdef WINDOWS_BUILD -BUILD_DLOPEN = -else ifdef SHARED -BUILD_DLOPEN = y -else -BUILD_DLOPEN = -endif - -## The following assignment is the list of base names of applications that -## will be built on Windows. Extra Linux/Unix/POSIX-only applications can -## be declared by appending with `APPS += ...` afterwards. -## See the get_app_list function in scripts/generate_visualc_files.pl and -## make sure to check that it still works if you tweak the format here. -## -## Note: Variables cannot be used to define an apps path. This cannot be -## substituted by the script generate_visualc_files.pl. -APPS = \ - aes/crypt_and_hash \ - cipher/cipher_aead_demo \ - hash/generic_sum \ - hash/hello \ - hash/md_hmac_demo \ - pkey/dh_client \ - pkey/dh_genprime \ - pkey/dh_server \ - pkey/ecdh_curve25519 \ - pkey/ecdsa \ - pkey/gen_key \ - pkey/key_app \ - pkey/key_app_writer \ - pkey/mpi_demo \ - pkey/pk_decrypt \ - pkey/pk_encrypt \ - pkey/pk_sign \ - pkey/pk_verify \ - pkey/rsa_decrypt \ - pkey/rsa_encrypt \ - pkey/rsa_genkey \ - pkey/rsa_sign \ - pkey/rsa_sign_pss \ - pkey/rsa_verify \ - pkey/rsa_verify_pss \ - ../tf-psa-crypto/programs/psa/aead_demo \ - ../tf-psa-crypto/programs/psa/crypto_examples \ - ../tf-psa-crypto/programs/psa/hmac_demo \ - ../tf-psa-crypto/programs/psa/key_ladder_demo \ - ../tf-psa-crypto/programs/psa/psa_constant_names \ - ../tf-psa-crypto/programs/psa/psa_hash \ - random/gen_entropy \ - random/gen_random_ctr_drbg \ - ssl/dtls_client \ - ssl/dtls_server \ - ssl/mini_client \ - ssl/ssl_client1 \ - ssl/ssl_client2 \ - ssl/ssl_context_info \ - ssl/ssl_fork_server \ - ssl/ssl_mail_client \ - ssl/ssl_server \ - ssl/ssl_server2 \ - test/benchmark \ - test/metatest \ - test/query_compile_time_config \ - test/query_included_headers \ - test/selftest \ - test/udp_proxy \ - test/zeroize \ - util/pem2der \ - util/strerror \ - x509/cert_app \ - x509/cert_req \ - x509/cert_write \ - x509/crl_app \ - x509/load_roots \ - x509/req_app \ -# End of APPS - -ifeq ($(THREADING),pthread) -APPS += ssl/ssl_pthread_server -endif - -ifdef BUILD_DLOPEN -APPS += test/dlopen -endif - -ifdef TEST_CPP -APPS += test/cpp_dummy_build -endif - -EXES = $(patsubst %,%$(EXEXT),$(APPS)) - -.SILENT: - -.PHONY: all clean list fuzz - -all: $(EXES) -ifndef WINDOWS -# APPS doesn't include the fuzzing programs, which aren't "normal" -# sample or test programs, and don't build with MSVC which is -# warning about fopen -all: fuzz -endif - -SSL_OPT_APPS = $(filter ssl/%,$(APPS)) -SSL_OPT_APPS += test/query_compile_time_config test/udp_proxy -# Just the programs needed to run ssl-opt.sh (and compat.sh) -ssl-opt: $(patsubst %,%$(EXEXT),$(SSL_OPT_APPS)) -.PHONY: ssl-opt - -fuzz: ${MBEDTLS_TEST_OBJS} - $(MAKE) -C fuzz - -${MBEDTLS_TEST_OBJS}: - $(MAKE) -C ../tests mbedtls_test - -.PHONY: generated_files -GENERATED_FILES = ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c test/query_config.c -generated_files: $(GENERATED_FILES) - -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: - echo " Gen $@" - cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py - -test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl -## The generated file only depends on the options that are present in mbedtls_config.h, -## not on which options are set. To avoid regenerating this file all the time -## when switching between configurations, don't declare mbedtls_config.h as a -## dependency. Remove this file from your working tree if you've just added or -## removed an option in mbedtls_config.h. -#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h -test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt -test/query_config.c: - echo " Gen $@" - $(PERL) ../scripts/generate_query_config.pl - -aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) - echo " CC aes/crypt_and_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP) - echo " CC cipher/cipher_aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP) - echo " CC hash/generic_sum.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/hello$(EXEXT): hash/hello.c $(DEP) - echo " CC hash/hello.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP) - echo " CC hash/md_hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP) - echo " CC pkey/dh_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP) - echo " CC pkey/dh_genprime.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP) - echo " CC pkey/dh_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP) - echo " CC pkey/ecdh_curve25519.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP) - echo " CC pkey/ecdsa.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) - echo " CC pkey/gen_key.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/key_app$(EXEXT): pkey/key_app.c $(DEP) - echo " CC pkey/key_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP) - echo " CC pkey/key_app_writer.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP) - echo " CC pkey/mpi_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP) - echo " CC pkey/pk_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP) - echo " CC pkey/pk_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) - echo " CC pkey/pk_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) - echo " CC pkey/pk_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP) - echo " CC pkey/rsa_genkey.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP) - echo " CC pkey/rsa_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP) - echo " CC pkey/rsa_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) - echo " CC pkey/rsa_sign_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) - echo " CC pkey/rsa_verify_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP) - echo " CC pkey/rsa_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) - echo " CC pkey/rsa_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) - echo " CC psa/aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) - echo " CC psa/crypto_examples.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) - echo " CC psa/hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) - echo " CC psa/key_ladder_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) - echo " CC psa/psa_constant_names.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) - echo " CC psa/psa_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) - echo " CC random/gen_entropy.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP) - echo " CC random/gen_random_ctr_drbg.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) - echo " CC ssl/dtls_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/dtls_server$(EXEXT): ssl/dtls_server.c $(DEP) - echo " CC ssl/dtls_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP) - echo " CC ssl/ssl_client1.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o -SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \ - test/query_config.h \ - ssl/ssl_test_lib.h \ - ssl/ssl_test_common_source.c \ - $(DEP) - -ssl/ssl_test_lib.o: ssl/ssl_test_lib.c ssl/ssl_test_lib.h $(DEP) - echo " CC ssl/ssl_test_lib.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c ssl/ssl_test_lib.c -o $@ - -ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(SSL_TEST_DEPS) - echo " CC ssl/ssl_client2.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP) - echo " CC ssl/ssl_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS) - echo " CC ssl/ssl_server2.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP) - echo " CC ssl/ssl_context_info.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP) - echo " CC ssl/ssl_fork_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_pthread_server$(EXEXT): ssl/ssl_pthread_server.c $(DEP) - echo " CC ssl/ssl_pthread_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_pthread_server.c $(LOCAL_LDFLAGS) -lpthread $(LDFLAGS) -o $@ - -ssl/ssl_mail_client$(EXEXT): ssl/ssl_mail_client.c $(DEP) - echo " CC ssl/ssl_mail_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_mail_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP) - echo " CC ssl/mini_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/benchmark$(EXEXT): test/benchmark.c $(DEP) - echo " CC test/benchmark.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh - echo " Gen test/cpp_dummy_build.cpp" - test/generate_cpp_dummy_build.sh - -test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP) - echo " CXX test/cpp_dummy_build.cpp" - $(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ifdef BUILD_DLOPEN -test/dlopen$(EXEXT): test/dlopen.c $(DEP) - echo " CC test/dlopen.c" -# Do not link any test objects (that would bring in a static dependency on -# libmbedcrypto at least). Do not link with libmbed* (that would defeat the -# purpose of testing dynamic loading). - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ -endif - -test/metatest$(EXEXT): test/metatest.c $(DEP) - echo " CC test/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/query_config.o: test/query_config.c test/query_config.h $(DEP) - echo " CC test/query_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ - -test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP) - echo " CC test/query_included_headers.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/selftest$(EXEXT): test/selftest.c $(DEP) - echo " CC test/selftest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) - echo " CC test/udp_proxy.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/zeroize$(EXEXT): test/zeroize.c $(DEP) - echo " CC test/zeroize.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP) - echo " CC test/query_compile_time_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -util/pem2der$(EXEXT): util/pem2der.c $(DEP) - echo " CC util/pem2der.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -util/strerror$(EXEXT): util/strerror.c $(DEP) - echo " CC util/strerror.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/strerror.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/cert_app$(EXEXT): x509/cert_app.c $(DEP) - echo " CC x509/cert_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/cert_write$(EXEXT): x509/cert_write.c $(DEP) - echo " CC x509/cert_write.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_write.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/crl_app$(EXEXT): x509/crl_app.c $(DEP) - echo " CC x509/crl_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/crl_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/cert_req$(EXEXT): x509/cert_req.c $(DEP) - echo " CC x509/cert_req.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/load_roots$(EXEXT): x509/load_roots.c $(DEP) - echo " CC x509/load_roots.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/load_roots.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/req_app$(EXEXT): x509/req_app.c $(DEP) - echo " CC x509/req_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -clean: -ifndef WINDOWS - rm -f $(EXES) - rm -f */*.o - -rm -f ssl/ssl_pthread_server$(EXEXT) - -rm -f test/cpp_dummy_build.cpp test/cpp_dummy_build$(EXEXT) - -rm -f test/dlopen$(EXEXT) -else - if exist *.o del /Q /F *.o - if exist *.exe del /Q /F *.exe - if exist test\cpp_dummy_build.cpp del /Q /F test\cpp_dummy_build.cpp -endif - $(MAKE) -C fuzz clean - -list: - echo $(EXES) diff --git a/programs/README.md b/programs/README.md deleted file mode 100644 index f53bde561..000000000 --- a/programs/README.md +++ /dev/null @@ -1,118 +0,0 @@ -Mbed TLS sample programs -======================== - -This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. - -## Symmetric cryptography (AES) examples - -* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. - -## Hash (digest) examples - -* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface. - -* [`hash/hello.c`](hash/hello.c): hello-world program for MD5. - -## Public-key cryptography examples - -### Generic public-key cryptography (`pk`) examples - -* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. - -* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content. - -* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file. - -* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface. - -* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. - -### ECDSA and RSA signature examples - -* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature. - -* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface. - -* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs. - -* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. - -* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. - -### Diffie-Hellman key exchange examples - -* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key. - -* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. - -### Bignum (`mpi`) usage examples - -* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters. - -* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers. - -## Random number generator (RNG) examples - -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. - Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. - -* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. - -## SSL/TLS examples - -### SSL/TLS sample applications - -* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. - -* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program, which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification. - -* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client, which sends a short string and disconnects. This is primarily intended as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`. - -* [`ssl/ssl_client1.c`](ssl/ssl_client1.c): a simple HTTPS client that sends a fixed request and displays the response. - -* [`ssl/ssl_fork_server.c`](ssl/ssl_fork_server.c): a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the `fork` system call. - -* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with fixed content. - -* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library. - -* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. It serves a single client at a time. - -### SSL/TLS feature demonstrators - -Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis for writing an application. They combine most of the features supported by the library, and most applications require only a few features. To write a new application, we recommended that you start with `ssl_client1.c` or `ssl_server.c`, and then look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs. - -* [`ssl/ssl_client2.c`](ssl/ssl_client2.c): an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features. - -* [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features. - -In addition to providing options for testing client-side features, the `ssl_client2` program has options that allow you to trigger certain behaviors in the server. For example, there are options to select ciphersuites, or to force a renegotiation. These options are useful for testing the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful for testing a TLS client. - -## Test utilities - -* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms. - -* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. - -* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. - -* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). - -## Development utilities - -* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support. - -* [`util/strerror.c`](util/strerror.c): prints the error description corresponding to an integer status returned by an Mbed TLS function. - -## X.509 certificate examples - -* [`x509/cert_app.c`](x509/cert_app.c): connects to a TLS server and verifies its certificate chain. - -* [`x509/cert_req.c`](x509/cert_req.c): generates a certificate signing request (CSR) for a private key. - -* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-signs a certificate. - -* [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). - -* [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR). - diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt deleted file mode 100644 index c5128b1b4..000000000 --- a/programs/aes/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - crypt_and_hash -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c deleted file mode 100644 index b2cd70471..000000000 --- a/programs/aes/crypt_and_hash.c +++ /dev/null @@ -1,577 +0,0 @@ -/* - * \brief Generic file encryption program using generic wrappers for configured - * security. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of fileno() even when compiling with -std=c99. Must be - * set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 200112L - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/cipher.h" -#include "mbedtls/md.h" -#include "mbedtls/platform_util.h" - -#include -#include -#include -#endif - -#if defined(_WIN32) -#include -#if !defined(_WIN32_WCE) -#include -#endif -#else -#include -#include -#endif - -#define MODE_ENCRYPT 0 -#define MODE_DECRYPT 1 - -#define USAGE \ - "\n crypt_and_hash \n" \ - "\n : 0 = encrypt, 1 = decrypt\n" \ - "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \ - "\n" - -#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - unsigned n; - int exit_code = MBEDTLS_EXIT_FAILURE; - int mode; - size_t keylen, ilen, olen; - FILE *fkey, *fin = NULL, *fout = NULL; - - char *p; - unsigned char IV[16]; - unsigned char key[512]; - unsigned char digest[MBEDTLS_MD_MAX_SIZE]; - unsigned char buffer[1024]; - unsigned char output[1024]; - unsigned char diff; - - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; - mbedtls_cipher_context_t cipher_ctx; - mbedtls_md_context_t md_ctx; - mbedtls_cipher_mode_t cipher_mode; - unsigned int cipher_block_size; - unsigned char md_size; -#if defined(_WIN32_WCE) - long filesize, offset; -#elif defined(_WIN32) - LARGE_INTEGER li_size; - __int64 filesize, offset; -#else - off_t filesize, offset; -#endif - - mbedtls_cipher_init(&cipher_ctx); - mbedtls_md_init(&md_ctx); - - /* - * Parse the command-line arguments. - */ - if (argc != 7) { - const int *list; - - mbedtls_printf(USAGE); - - mbedtls_printf("Available ciphers:\n"); - list = mbedtls_cipher_list(); - while (*list) { - cipher_info = mbedtls_cipher_info_from_type(*list); - const char *name = mbedtls_cipher_info_get_name(cipher_info); - - if (name) { - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } - list++; - } - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - goto exit; - } - - mode = atoi(argv[1]); - - if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) { - mbedtls_fprintf(stderr, "invalid operation mode\n"); - goto exit; - } - - if (strcmp(argv[2], argv[3]) == 0) { - mbedtls_fprintf(stderr, "input and output filenames must differ\n"); - goto exit; - } - - if ((fin = fopen(argv[2], "rb")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]); - goto exit; - } - - if ((fout = fopen(argv[3], "wb+")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]); - goto exit; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ - mbedtls_setbuf(fin, NULL); - mbedtls_setbuf(fout, NULL); - - /* - * Read the Cipher and MD from the command line - */ - cipher_info = mbedtls_cipher_info_from_string(argv[4]); - if (cipher_info == NULL) { - mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]); - goto exit; - } - if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n"); - goto exit; - } - - md_info = mbedtls_md_info_from_string(argv[5]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]); - goto exit; - } - - if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n"); - goto exit; - } - - /* - * Read the secret key from file or command line - */ - if ((fkey = fopen(argv[6], "rb")) != NULL) { - keylen = fread(key, 1, sizeof(key), fkey); - fclose(fkey); - } else { - if (memcmp(argv[6], "hex:", 4) == 0) { - p = &argv[6][4]; - keylen = 0; - - while (sscanf(p, "%02X", (unsigned int *) &n) > 0 && - keylen < (int) sizeof(key)) { - key[keylen++] = (unsigned char) n; - p += 2; - } - } else { - keylen = strlen(argv[6]); - - if (keylen > (int) sizeof(key)) { - keylen = (int) sizeof(key); - } - - memcpy(key, argv[6], keylen); - } - } - -#if defined(_WIN32_WCE) - filesize = fseek(fin, 0L, SEEK_END); -#else -#if defined(_WIN32) - /* - * Support large files (> 2Gb) on Win32 - */ - li_size.QuadPart = 0; - li_size.LowPart = - SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)), - li_size.LowPart, &li_size.HighPart, FILE_END); - - if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) { - mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n"); - goto exit; - } - - filesize = li_size.QuadPart; -#else - if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) { - perror("lseek"); - goto exit; - } -#endif -#endif - - if (fseek(fin, 0, SEEK_SET) < 0) { - mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n"); - goto exit; - } - - md_size = mbedtls_md_get_size(md_info); - cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx); - - if (mode == MODE_ENCRYPT) { - /* - * Generate the initialization vector as: - * IV = MD( filesize || filename )[0..15] - */ - for (i = 0; i < 8; i++) { - buffer[i] = (unsigned char) (filesize >> (i << 3)); - } - - p = argv[2]; - - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p)) - != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - - memcpy(IV, digest, 16); - - /* - * Append the IV at the beginning of the output. - */ - if (fwrite(IV, 1, 16, fout) != 16) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16); - goto exit; - } - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_finish() returned error\n"); - goto exit; - } - - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Encrypt and write the ciphertext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen); - goto exit; - } - - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - - /* - * Finally write the HMAC. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fwrite(digest, 1, md_size, fout) != md_size) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size); - goto exit; - } - } - - if (mode == MODE_DECRYPT) { - /* - * The encrypted file must be structured as follows: - * - * 00 .. 15 Initialization Vector - * 16 .. 31 Encrypted Block #1 - * .. - * N*16 .. (N+1)*16 - 1 Encrypted Block #N - * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext) - */ - if (filesize < 16 + md_size) { - mbedtls_fprintf(stderr, "File too short to be encrypted.\n"); - goto exit; - } - - if (cipher_block_size == 0) { - mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n"); - goto exit; - } - - /* - * Check the file size. - */ - cipher_mode = mbedtls_cipher_info_get_mode(cipher_info); - if (cipher_mode != MBEDTLS_MODE_GCM && - cipher_mode != MBEDTLS_MODE_CTR && - cipher_mode != MBEDTLS_MODE_CFB && - cipher_mode != MBEDTLS_MODE_OFB && - ((filesize - md_size) % cipher_block_size) != 0) { - mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n", - cipher_block_size); - goto exit; - } - - /* - * Subtract the IV + HMAC length. - */ - filesize -= (16 + md_size); - - /* - * Read the IV and original filesize modulo 16. - */ - if (fread(buffer, 1, 16, fin) != 16) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16); - goto exit; - } - - memcpy(IV, buffer, 16); - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Decrypt and write the plaintext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%u bytes) failed\n", - cipher_block_size); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, - &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - /* - * Verify the message authentication code. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fread(buffer, 1, md_size, fin) != md_size) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size); - goto exit; - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < md_size; i++) { - diff |= digest[i] ^ buffer[i]; - } - - if (diff != 0) { - mbedtls_fprintf(stderr, "HMAC check failed: wrong key, " - "or file corrupted.\n"); - goto exit; - } - - /* - * Write the final block of data - */ - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - if (fin) { - fclose(fin); - } - if (fout) { - fclose(fout); - } - - /* Zeroize all command line arguments to also cover - the case when the user has missed or reordered some, - in which case the key might not be in argv[6]. */ - for (i = 0; i < argc; i++) { - mbedtls_platform_zeroize(argv[i], strlen(argv[i])); - } - - mbedtls_platform_zeroize(IV, sizeof(IV)); - mbedtls_platform_zeroize(key, sizeof(key)); - mbedtls_platform_zeroize(buffer, sizeof(buffer)); - mbedtls_platform_zeroize(output, sizeof(output)); - mbedtls_platform_zeroize(digest, sizeof(digest)); - - mbedtls_cipher_free(&cipher_ctx); - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt deleted file mode 100644 index d6483011a..000000000 --- a/programs/cipher/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - cipher_aead_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c deleted file mode 100644 index 83fcce587..000000000 --- a/programs/cipher/cipher_aead_demo.c +++ /dev/null @@ -1,259 +0,0 @@ -/** - * Cipher API multi-part AEAD demonstration. - * - * This program AEAD-encrypts a message, using the algorithm and key size - * specified on the command line, using the multi-part API. - * - * It comes with a companion program psa/aead_demo.c, which does the same - * operations with the PSA Crypto API. The goal is that comparing the two - * programs will help people migrating to the PSA Crypto API. - * - * When used with multi-part AEAD operations, the `mbedtls_cipher_context` - * serves a triple purpose (1) hold the key, (2) store the algorithm when no - * operation is active, and (3) save progress information for the current - * operation. With PSA those roles are held by disinct objects: (1) a - * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the - * algorithm, and (3) a psa_operation_t for multi-part progress. - * - * On the other hand, with PSA, the algorithms encodes the desired tag length; - * with Cipher the desired tag length needs to be tracked separately. - * - * This program and its companion psa/aead_demo.c illustrate this by doing the - * same sequence of multi-part AEAD computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#include -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_CIPHER_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ - !defined(MBEDTLS_CHACHAPOLY_C) -int main(void) -{ - printf("MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or " - "MBEDTLS_CHACHAPOLY_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -const char usage[] = - "Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: context and tag length, which together hold all the information - */ -static int aead_prepare(const char *info, - mbedtls_cipher_context_t *ctx, - size_t *tag_len) -{ - int ret; - - /* Convert arg to type + tag_len */ - mbedtls_cipher_type_t type; - if (strcmp(info, "aes128-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes256-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_256_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 8; - } else if (strcmp(info, "chachapoly") == 0) { - type = MBEDTLS_CIPHER_CHACHA20_POLY1305; - *tag_len = 16; - } else { - puts(usage); - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - } - - /* Prepare context for the given type */ - CHK(mbedtls_cipher_setup(ctx, - mbedtls_cipher_info_from_type(type))); - - /* Import key */ - int key_len = mbedtls_cipher_get_key_bitlen(ctx); - CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT)); - -exit: - return ret; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (ctx, tag_len). - */ -static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len) -{ - mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx); - const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type); - const char *ciph = mbedtls_cipher_info_get_name(info); - int key_bits = mbedtls_cipher_get_key_bitlen(ctx); - mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx); - - const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM" - : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly" - : "???"; - - printf("%s, %d, %s, %u\n", - ciph, key_bits, mode_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - int ret; - size_t olen; -#define MAX_TAG_LENGTH 16 - unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH]; - unsigned char *p = out; - - CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len)); - CHK(mbedtls_cipher_reset(ctx)); - CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len)); - CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_finish(ctx, p, &olen)); - p += olen; - CHK(mbedtls_cipher_write_tag(ctx, p, tag_len)); - p += tag_len; - - olen = p - out; - print_buf("out", out, olen); - -exit: - return ret; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static int aead_demo(const char *info) -{ - int ret = 0; - - mbedtls_cipher_context_t ctx; - size_t tag_len; - - mbedtls_cipher_init(&ctx); - - CHK(aead_prepare(info, &ctx, &tag_len)); - - aead_info(&ctx, tag_len); - - CHK(aead_encrypt(&ctx, tag_len, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - CHK(aead_encrypt(&ctx, tag_len, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - mbedtls_cipher_free(&ctx); - - return ret; -} - - -/* - * Main function - */ -int main(int argc, char **argv) -{ - /* Check usage */ - if (argc != 2) { - puts(usage); - return 1; - } - - int ret; - - /* Run the demo */ - CHK(aead_demo(argv[1])); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/demo_common.sh b/programs/demo_common.sh deleted file mode 100644 index d8fcda554..000000000 --- a/programs/demo_common.sh +++ /dev/null @@ -1,137 +0,0 @@ -## Common shell functions used by demo scripts programs/*/*.sh. - -## How to write a demo script -## ========================== -## -## Include this file near the top of each demo script: -## . "${0%/*}/../demo_common.sh" -## -## Start with a "msg" call that explains the purpose of the script. -## Then call the "depends_on" function to ensure that all config -## dependencies are met. -## -## As the last thing in the script, call the cleanup function. -## -## You can use the functions and variables described below. - -set -e -u - -## $root_dir is the root directory of the Mbed TLS source tree. -root_dir="${0%/*}" -# Find a nice path to the root directory, avoiding unnecessary "../". -# The code supports demo scripts nested up to 4 levels deep. -# The code works no matter where the demo script is relative to the current -# directory, even if it is called with a relative path. -n=4 # limit the search depth -while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do - if [ $n -eq 0 ]; then - echo >&2 "This doesn't seem to be an Mbed TLS source tree." - exit 125 - fi - n=$((n - 1)) - case $root_dir in - .) root_dir="..";; - ..|?*/..) root_dir="$root_dir/..";; - ?*/*) root_dir="${root_dir%/*}";; - /*) root_dir="/";; - *) root_dir=".";; - esac -done - -## $programs_dir is the directory containing the sample programs. -# Assume an in-tree build. -programs_dir="$root_dir/programs" - -## msg LINE... -## msg &2 < - $) - if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) - endif() - - # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 - list(FIND executables_with_common_c ${exe} exe_index) - if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) - endif() - - add_executable(${exe} ${exe_sources}) - set_base_compile_options(${exe}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) - - if (NOT FUZZINGENGINE_LIB) - target_link_libraries(${exe} ${libs}) - else() - target_link_libraries(${exe} ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX) - endif() - -endforeach() diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile deleted file mode 100644 index 71cba0bcd..000000000 --- a/programs/fuzz/Makefile +++ /dev/null @@ -1,46 +0,0 @@ -MBEDTLS_TEST_PATH:=../../tests - -MBEDTLS_PATH := ../.. -include ../../scripts/common.make - -DEP=${MBEDLIBS} - -ifdef FUZZINGENGINE -LOCAL_LDFLAGS += -lFuzzingEngine -endif - -# A test application is built for each fuzz_*.c file. -APPS = $(basename $(wildcard fuzz_*.c)) - -# Construct executable name by adding OS specific suffix $(EXEXT). -BINARIES := $(addsuffix $(EXEXT),$(APPS)) - -.SILENT: - -.PHONY: all check test clean - -all: $(BINARIES) - -C_FILES := $(addsuffix .c,$(APPS)) - -%.o: %.c - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@ - - -ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o common.o $(DEP) - echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -else -$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP) - echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -endif - -clean: -ifndef WINDOWS - rm -rf $(BINARIES) *.o -else - if exist *.o del /Q /F *.o - if exist *.exe del /Q /F *.exe -endif diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md deleted file mode 100644 index aaef03015..000000000 --- a/programs/fuzz/README.md +++ /dev/null @@ -1,68 +0,0 @@ -What is it? ------- - -This directory contains fuzz targets. -Fuzz targets are simple codes using the library. -They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance). - -These targets were meant to be used with oss-fuzz but can be used in other contexts. - -This code was contributed by Philippe Antoine ( Catena cyber ). - -How to run? ------- - -To run the fuzz targets like oss-fuzz: -``` -git clone https://github.com/google/oss-fuzz -cd oss-fuzz -python infra/helper.py build_image mbedtls -python infra/helper.py build_fuzzers --sanitizer address mbedtls -python infra/helper.py run_fuzzer mbedtls fuzz_client -``` -You can use `undefined` sanitizer as well as `address` sanitizer. -And you can run any of the fuzz targets like `fuzz_client`. - -To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance). -Then you need to compile the code with the compiler flags of the wished sanitizer. -``` -perl scripts/config.py set MBEDTLS_PLATFORM_TIME_ALT -mkdir build -cd build -cmake .. -make -``` -Finally, you can run the targets like `./test/fuzz/fuzz_client`. - - -Corpus generation for network traffic targets ------- - -These targets use network traffic as inputs : -* client : simulates a client against (fuzzed) server traffic -* server : simulates a server against (fuzzed) client traffic -* dtls_client -* dtls_server - -They also use the last bytes as configuration options. - -To generate corpus for these targets, you can do the following, not fully automated steps : -* Build mbedtls programs ssl_server2 and ssl_client2 -* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap -* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt` -* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor` -* Finally, you can add the options by appending the last bytes to the file test.cor - -Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command) -``` -import sys -import binascii - -f = open(sys.argv[1]) -for l in f.readlines(): - portAndPl=l.split() - if len(portAndPl) == 2: - # determine client or server based on port - if portAndPl[0] == "4433": - print(binascii.unhexlify(portAndPl[1].replace(":",""))) -``` diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c deleted file mode 100644 index 98aa4037b..000000000 --- a/programs/fuzz/common.c +++ /dev/null @@ -1,105 +0,0 @@ -#include "common.h" -#include -#include -#include -#include -#include "mbedtls/ctr_drbg.h" - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -void dummy_init(void) -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send(void *ctx, const unsigned char *buf, size_t len) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if (len > INT_MAX) { - return -1; - } - return (int) len; -} - -int fuzz_recv(void *ctx, unsigned char *buf, size_t len) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if (biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return 0; - } - if (len > INT_MAX) { - return -1; - } - if (len + biomemfuzz->Offset > biomemfuzz->Size) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return (int) len; -} - -int dummy_random(void *p_rng, unsigned char *output, size_t output_len) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng - if (p_rng != NULL) { - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - } else { - //fall through to pseudo-random - ret = 0; - } -#else - (void) p_rng; - ret = 0; -#endif - for (i = 0; i < output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} - -int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return 0; -} - -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h deleted file mode 100644 index 88dceacf7..000000000 --- a/programs/fuzz/common.h +++ /dev/null @@ -1,28 +0,0 @@ -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include -#include - -typedef struct fuzzBufferOffset { - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif -void dummy_init(void); - -int dummy_send(void *ctx, const unsigned char *buf, size_t len); -int fuzz_recv(void *ctx, unsigned char *buf, size_t len); -int dummy_random(void *p_rng, unsigned char *output, size_t output_len); -int dummy_entropy(void *data, unsigned char *output, size_t len); -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/* Implemented in the fuzz_*.c sources and required by onefile.c */ -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/corpuses/client b/programs/fuzz/corpuses/client deleted file mode 100644 index 48d0a67c8f36ace60ccf4013a5b985207703ed80..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4037 zcmeH~c{o)2AIHy`8T&qD>`Tbb8T(Gxk|o8ErjclDkqky_x`$1_j$U1{?2p$IG^wNp3n1rKA-RFyx(75I2>?<0l#`t7=xuH8BqrwtHx79!|=M4uzdQ)O)jn z@;IGr&&3`UxKmtzIJOP~0FKWf00ICC000&M1_HcrIBPWvzdaleofBgLvTIp zbA&()grdOhTUQCv0q`i01E7sF!=gYCsJG60F+~yXM)X?*RHc=&2TkbcS$67h^LF7T zD0#rSqIr>{sYMua@>|7#5Ch3;Yj@R3B^OVQ?Qo0FxGfW&GxR3@b&F8ygN=Fwrc$Ff z@6*fj69dWhhshoojock}B{u^PF@*C+J(n90%^qYEQnc{+=qN=rqq3ae>&1EpNPamK z#px0LtGztQJ@`V-_~Ay1kp<)Y5!QF4vpr@HyQ)gK;3B6SiUmYW_&7MukcLPmhsOCH zxnNB~X38r^V*noqocGak7K4Ox9@oG>>61_6*Tt&GC#2wntF0Ugz? zYIxLz!v<;XQtVb{O)|a&iEh4@K=47lkvwGFL_y_94`%6pUttQzjKPEE_0L-iPTLl= zf`dSY=RsL)cCcVkjZm?`EPud)5BoAvqhk_fg#>-(%loW`Hi(3isS^)n2l0y1{Kc#T z`(^!XKR7(dlfiKf$Ys9ZjH!C0J~6XFbmk*03h9}9>Xk&4iK8d_6g~83=0eN`$`i41 zZc3^_L5C06iuyNm*1`L<>q1feLVk~oJZtG*;K2ur8};j=EkTyUsA;P5?py8kfquz1 zl;aCySUHTW@A~)P^%RbxEyqeiht^NZyuRBXG@I$wCs@$wN225(v?pCO_*! zuupkhda2MF7uUpQsr~fg)I&8K_oz8@-6wWAm|I@Re$AqI-a_679fDUI)P0?EcM0wS z;3OJ7u{3%J-{=AUQl@{C9_Y{XK)9bv{v(L$Mm5(^zm2748lD|VRS7pK;LWCpzf0?# zebW}khh@B6Fq{5}G%6sHrj-^e5?Ys_J*ws87sT-N`rsw%{Q%oX9eEJu#=?}5A5WV} zZU9Teq|u7OWFdRy%B-bpU6m{ln6Y2CxB!vt|E?x_(C}HoxSm|nTWOcZ$60OFvo7KH zUdO1^?p?+1*baB>CHJi^zDiZ{tD8`&SyP%H-?^_&O(|S5z^iRnIge3vxaWtnOX!>L zg7YixC?Qv3P`~2|(gxhva(g!MYedZ)sFQGUcxigA^tqBucLdBzB756{mb)9%8&=;$ zK~%Q?lgjj#o70U8ow2D&kua6(X;?yT-&crEr$DDKLadu`a3km-I0$~;Leh6Zas5it zK?wJKl5!05^?#~$QQ%*<*%unC*6jxX`(%>TZRr;&l-!Ro48pN-mQ6ui0}OZix7#F| z&)`E;;%Z%Y*?qoS`%Wp|zAnu$`@W_`fHRxffuw<5lqB0#d0%SZy-^(o!|-rX>*x{j4l)vzAoYz)_-ua$F4u2t99B*j+xDA z->kR|iuX0WCFRh_$FXVqAJEA1_gcpKzgouneJ#_3)M=Wfp{@y`H)-4q)xU***V2EM z{Qorma~l7vWdAyU|EO7;{Qdclu*EXbw%HdNh02;m$b%}ueJWQDJ(Dx2jZ`c-^lH56 zuu@gye8N+aVJ;tyyC=lT3U48A9-~C#+wo^+bp=?~d6-8eLTyU-4L2kqYak~?ZF0U` zoPK)wr&pP-+l15YwOT!>cHaKoh3kR}BMX^Fy$;GbOJYJEw(eJ7p|2Or*12QV6;PAb z;@KBH9X}Z?zNa$r(2RywRX*X&ZDfy~6t_wD=L)^C9y@)*8iP>Sg%8YrVcmC`DtH<6 z{1>jyxCa4YvO5$@d{?5E*mA0-;zcsjPfs`!(@Zf^(@T6=$Jk75)E#tn_z-)_qP-pC z4411#U5CjEx0^m?%831PWqX5i%%_h_?PzlV=0MX$49%1Ef7M1Npx$^q0&m<-g_!9X zX%4eP9|4C!20wIwLXZIMk4m$b++XY^k?8Z)UYZ*J;V@MpZ51`Nx|+6{)+Uvkp~|=L zr}Lkn`A>!~tA&B|bn>SWz;-wuKr{}?tL@apD#to(ti@H!8e8od^KE3`Z>Oq_?ZuEU zq-e89j5?zv@#bp+DY6|3im?snFp*`?yl;xXsCp{oi>+#6k?efDXcwW6 zUv{6@H9K7~vInn=sz~1HZ0L067OBZRCMIbC8p^i?-Qj-_A=&bLRU-`Y{VFw{kb5N0 z_a@~0l5h006^Po>xIgduEp3E*0gwj_4K$MRLE)>L1XYVbjFH9X0!^6LFayjhEnsTQMv&*TjYV%2V& zEG};=>6`@LWKnvW6^>YUcd$0@nv-`yA31ow#REz*ezN8$al{1d4T}Qrg%x$?3PnXZ zTd|fddp%b@CwQRx!=jVu1vhe^K!X1M8vVdvBzfZs=S!CB{Fe=Uw576{vRpE$yyi#& zS@)=0BPRy%ZaUXH*U!J!n!{eme@|)FJEKXMTHSU2jkDIatfwJ~ULOQvoMmGp-?yHc z%Z|vG%Zc|k%aB(*&Gqs%SU(;GeaZeTXL6~{1j}g2uDI+ z3P&+E2wKG86mk`4T>%j6v?C@D?EwTgLm681<$}%|>5hE--TDBjbferpg=$#0GKxyL zC(}}4l=wutqZ~z>{Oh;5;F+vFDNs6U#sRkHEC>H1XDK-^3uTUb-dwys)zv=G8#Zdq zo}=u}MY@;Y>aL}nNl26FDMnK~D%u5M1!~N&Pz$^%+9Sla(rIsc(~aK*aeWuF->DbY zxZqY}yMA@QBdOtf^};Jsv2F}CT4~{U*k$Sb21;9!>8RhnF1{6#h%P1obEzSvF~vK< z)MDW+u7WM+@iKYdq!W=3af-@0Fw02F*iUF|qb*tB+mc~|&773RYt+2AHUAf15O9M5fCB)2@OD^P z_QavCV+nbVoAxrH2~*BpSIS%NXH?p9b4CVkmDC%Ik?@<+&)NE9iKGvPr9B_?PEFEu zlAkHld5zxCYqR zSYibs^x6=dcf;o)30n_JpoGy@NDPg_Vj&zBhgDToh14CtiWJ(|u2}-ShOOOeGM}k}cW1Jlp34%baRo>7 zsCVVPdvfh?Z*r|`r6*oJce73Ll|W~fP{GIn`CjqtK9q=}ndj?0n<(2SIey;hg{%US zpY%s=@C^OMc1xT`(5akJ*SZ!%GuGMt$ho)^o!jrU(~7y_V#n-@gv7Q9aB&@v>yO*! zJSuRXsNCS0@NRE!=quS+40tb@(?E6(`pum4<)h(-23hY0CcWT#nC^K|eXdE>b9ks=|d2){2z4BQ@8=`6V)W)V)C@uoz1rc3Sl5TNWsU&u+ThUW*`bDs* z(6vNDth!}l=&4C%%aZ2W zK)>Y6%JGHKNG?OGYX456u7Wq#e55#}fBA^qv+5q|OqN%-a6y}2TuZ)_ZQN;NKJonq zveY)GZsk$g#X>8`*m{(?*2B{icT^pDADgn%-*L*r-1CARG%m&S7xLd~6+U-Y&DSN@ zMA!s?$1&)MVbDYVL=W({W%@7af&NMlE4xX^6{{Mjv% zbLm|(&zp`45LnL^%w*h)dn_cDu9+Sq7D7+ZdaSwEkIM4!Lf@Im8v(oSwdO(i%kvY4 zetb>aasxQ-jvKz!A1~yrcspb6MyFwbz)T07q5?#+|J?1UK7&UEqq_1*FJ<@D-M`p$ zb7o)Y^=Hwznw{?no2B4;x+=ThFFZ|E@}rL_-Ck0f9o=e2S5*p?3Giw%xyEN06-xT! z#3J^}Tu^>_l@ia}X!P$yvaCKY;hHT<@;pT&2Wlgq9$cJSx;mgF*AWJ@kj~yXuj%2= z_8jS(D2&eb|E(gU@yb-)d|OOvQaB8EA)P?Z?fwW+L<$sf8bYqY!HZym;2^lVj-+pb z;`WgwC&=;JB;^?7>-|vbBEi3x*#{bF%eK9MZF1bEGTEV&mfY9TETS>7=JizWUY4pJ zDeFYjX<{%gw#LoGX0^IzPAT4&o^FtRLqj^i1+{&5Qm;u%n&m|nBoC2ITV_nXZ%UzG zvz>CtwWro+b6mzq_aNy-ythhEpp>rVKvjZ#s{)F3HxnCEq1MF;lJIEM_>&}?Mbepu zx8%dy2t1S8U1<|jbp4{>0KFI+@o|Od=!x?ej(PTpXDslVmRa$2442FFQ9~EhnhAm( zo#`*FC~w4LyByo`t!xX|w(mLsBC zJ8G}pjHET1{~5D+i}Ud7kty5n(8%%6y$t!ky$t#7UZw%5F?yD|ng)bjqjAkt`(*x8 zO8;H(|I_&IY5dyB{&W8RRkGIj`|B5Bon&H^*#{a$N*lx~`*1;#lTmAC?ZWzG^pkH;Lyqv=>p6 zoG%}%mvQag(=4}*q8YZD4?HJr4)}KzE(a%dCrVwo8cV|ys+#`sNBivkx9qKvK8>~*vS5Iahv z4(y3Fcym+SZLm_Ito~h=oWxIQQg@Z3-@RUJ#+m{!dq!WxGc;Mx$KJ>W)EbS35sjKB zA$Dd~hQe&sL%?B>{&y9i2qeV#qB7(q?+1BFq4<21m&Qh)6{ZTLg;T|Q)Vca*X}TQtVBPk;RS?-#ShQ8x<`= z7rydTiWZ0TV;8gx(R4{D1=Fga7<2a|KD_kNfh&?jw1*gOyj_N^`nsQ$5umv zJi__DH6iDxe8V4Ifyi}<`)k#&OC#J1fIMMXpstcgv6o8$La98PJN-ih-~4<||MZH= zg|VQ{mEh|!fx260Jzi%y@<>N$6*V2|IEKqIDf6r}iEe+>LS-Xx|7kOpRUtF3|MDSe zWt!Z?d?uf^A?Q?!EN=@u23=$|Dv|iQoq>btNB~R#82c}PafSne#}QyIzvg&*gpZY?z2OC}lrfz~-I%7h;?HH9Qr(Ce0p% z3B>1^CB4`g6lf-gcar>7?YCFV3~3xwk@cLp32i*v}n@bfjlI#|nl_X_j>GIZjs zL8y3#t=^&JqLtxeHZwpeM*GeI*70XMOyN%1bgjL&J59Q9r;pzKr z+tFE@3vcUOL_|cLtxR}caLOCda^CedO9%kTxt1Wr+8+S$ecAmo0U)?G?c?qj0HDuT z&id`LQeE9i24*F2(or_*bb*l=?CqOIPo8kfl`;WYrX043LSQ8p{lyssBtJQWzgvJC zhKOEO_gDrr)8x+554UKhgz`QyZrJ!`HVhE@G#l1lH6pcBTeNsq{uxgX9PgCc`zK~= B`4|8I diff --git a/programs/fuzz/corpuses/dtlsserver b/programs/fuzz/corpuses/dtlsserver deleted file mode 100644 index 7a7a117900781be46a5b985b275d625ef98b8c96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1189 zcmeHGYfQ~y9Dd&OKed!oraGZql5k2FMY=IQC>?!Zlr0-G3@h3y2VpKLUDct`kxFiL zI@MfO(=3nsd|;W|T-LITvM_BKnvOSJKKta8=gaT;-S+<8-}AoOek+C`jthv~K}Y2F z|JrnKOX_l~zFYUOxwfaTBWlmBmEYYvKNJ`e{MQFpJTL*mma`a$3f8fL(>N1}w5JQg z*ub+q%slR8DtF)xvgykJl+(g;dT|CeaTJ{q%z9Qai@Dsx6dKTi#kAvCXi>|H48;|O zz(^xc@dRsO<^|5fWzIzri+G$SnmGrBIL*_TkGTw@51r`G>9pY)?gnv)1>D6PZbuo* z5QzZJrjCyEqc_#8WICF$i22;fY^K4U8Y-wm6H0iDrLdq8#XQQBIEEUYM*|92$P(6| zn&(iDd>&yjtC0t*021Wh95EUgm6W`GUDD>{)HG=1O$PAg6%QydpL{k!aD&v!y&pqjC5YuX;$QKk01-+D78Z(T-D;xh4H!ha&+uK~#s{3VYWqz0{Yv%U$#2?KR;OS5)KIu)%fV2}8-ZCHmf{)6Q&l z`Wj@ezdduJ@=~YnePn8R7weHT)un%UJOx5%rT6EB$pHh0nOm69Ps&R#Ee{{vl#uQa z6*IZLyl+*;oW>RLapA2+_O`~3lWiL}zj7OC7VsQu7N0X?t_LSahlF-py54Bl1}u2i nv9Hu>xftj=Qmv9dVDL~?`zO!puqtOwgrV+z*#6Zm+cJIwp9Z@o diff --git a/programs/fuzz/corpuses/server b/programs/fuzz/corpuses/server deleted file mode 100644 index fbeb019f200a63d8f40815551f07375c0265c4e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 675 zcmXYsSxD4z6ot>v|0wF@SUPGhQKaUUySADrl!Z=#p*;u%p=F^VsJTZNxsH>2mbq6h zmlop{>)-gi7Q%?T>4Qdgvyo18MFLH!#(wtlE(@sT6{av9Pf$n? zdZU3|Y@j1u5Kj|Y!k;~CVLpqQ!(^sm1V?C03s|F*ZQO?e?m;=rd51OZgr2S3i+%>8 zjAgvZTIv~qQq;2^hY(0Vy3?Fq+(kn+GaJNp>X^wQUPc}35Cm`f(v2#5(wPc2F$=>8 zWeGD_$W)lpj1syrglbmuHo7o~Dpv3oD$&9F=!K4@tY!z=c@I4(;SE-?9a^jlAO?U6 zn*fu@m+YzHf-VF?Q; zAp>#)xd$BOC`l;Z4CLo2#Hpj^o^wkFhE&cUp02V=<2=7GYU}9tu_W)$FORrBjoE{d z@Wt|V|5sB7iyyTXrWuz{)&{){i%w8x&Gqk?Y#D=fhU$0nHJw{-UFpi1h`zPFOnbA} zvk!%PbXkXIZ=6*~O#{2OX(K-Ys diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c deleted file mode 100644 index 07ca96efa..000000000 --- a/programs/fuzz/fuzz_client.c +++ /dev/null @@ -1,193 +0,0 @@ -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "test/certs.h" -#include "common.h" -#include -#include -#include - - -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt cacert; -#endif -const char *alpn_list[3]; - - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif - -const char *pers = "fuzz_client"; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - uint16_t options; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&cacert); - if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } -#endif - - alpn_list[0] = "HTTP"; - alpn_list[1] = "fuzzalpn"; - alpn_list[2] = NULL; - - dummy_init(); - - initialized = 1; - } - - //we take 1 byte as options input - if (Size < 2) { - return 0; - } - options = (Data[Size - 2] << 8) | Data[Size - 1]; - //Avoid warnings if compile options imply no options - (void) options; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options & 2) { - mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), - (const unsigned char *) psk_id, sizeof(psk_id) - 1); - } -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (options & 4) { - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); - } else -#endif - { - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - } -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - mbedtls_ssl_conf_extended_master_secret(&conf, - (options & - 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - mbedtls_ssl_conf_encrypt_then_mac(&conf, - (options & - 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED); -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, - (options & - 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_session_tickets(&conf, - (options & - 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ALPN) - if (options & 0x200) { - mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); - } -#endif - //There may be other options to add : - // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes - - srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if ((options & 1) == 0) { - if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { - goto exit; - } - } -#endif - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size-2; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); - - ret = mbedtls_ssl_handshake(&ssl); - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#else - (void) Data; - (void) Size; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_client.options b/programs/fuzz/fuzz_client.options deleted file mode 100644 index 4d7340f49..000000000 --- a/programs/fuzz/fuzz_client.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c deleted file mode 100644 index 6581dcb1e..000000000 --- a/programs/fuzz/fuzz_dtlsclient.c +++ /dev/null @@ -1,136 +0,0 @@ -#include -#include -#include -#include "common.h" -#include "mbedtls/ssl.h" -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/timing.h" -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt cacert; -#endif - -const char *pers = "fuzz_dtlsclient"; -#endif -#endif // MBEDTLS_SSL_PROTO_DTLS - - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_timing_delay_context timer; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&cacert); - if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } -#endif - dummy_init(); - - initialized = 1; - } - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - srand(1); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); -#endif - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { - goto exit; - } -#endif - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); - - ret = mbedtls_ssl_handshake(&ssl); - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#else - (void) Data; - (void) Size; -#endif - return 0; -} diff --git a/programs/fuzz/fuzz_dtlsclient.options b/programs/fuzz/fuzz_dtlsclient.options deleted file mode 100644 index 4d7340f49..000000000 --- a/programs/fuzz/fuzz_dtlsclient.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c deleted file mode 100644 index c2dbef86c..000000000 --- a/programs/fuzz/fuzz_dtlsserver.c +++ /dev/null @@ -1,181 +0,0 @@ -#include -#include -#include -#include "common.h" -#include "mbedtls/ssl.h" -#include "test/certs.h" -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/timing.h" -#include "mbedtls/ssl_cookie.h" - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) && \ - (defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_256)) -const char *pers = "fuzz_dtlsserver"; -const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 }; -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt srvcert; -static mbedtls_pk_context pkey; -#endif -#endif -#endif // MBEDTLS_SSL_PROTO_DTLS - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) && \ - (defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_256)) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_timing_delay_context timer; - mbedtls_ssl_cookie_ctx cookie_ctx; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); -#endif - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_cookie_init(&cookie_ctx); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len) != 0) { - return 1; - } - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } - if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { - return 1; - } -#endif - dummy_init(); - - initialized = 1; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - - - srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { - goto exit; - } -#endif - - if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) { - goto exit; - } - - mbedtls_ssl_conf_dtls_cookies(&conf, - mbedtls_ssl_cookie_write, - mbedtls_ssl_cookie_check, - &cookie_ctx); - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); - if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) { - goto exit; - } - - ret = mbedtls_ssl_handshake(&ssl); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - biomemfuzz.Offset = ssl.MBEDTLS_PRIVATE(next_record_offset); - mbedtls_ssl_session_reset(&ssl); - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); - if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) { - goto exit; - } - - ret = mbedtls_ssl_handshake(&ssl); - - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - } - -exit: - mbedtls_ssl_cookie_free(&cookie_ctx); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pk_free(&pkey); - mbedtls_x509_crt_free(&srvcert); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#else - (void) Data; - (void) Size; -#endif - return 0; -} diff --git a/programs/fuzz/fuzz_dtlsserver.options b/programs/fuzz/fuzz_dtlsserver.options deleted file mode 100644 index 4d7340f49..000000000 --- a/programs/fuzz/fuzz_dtlsserver.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c deleted file mode 100644 index 38b4dc139..000000000 --- a/programs/fuzz/fuzz_pkcs7.c +++ /dev/null @@ -1,21 +0,0 @@ -#include -#include "mbedtls/pkcs7.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_PKCS7_C - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init(&pkcs7); - - mbedtls_pkcs7_parse_der(&pkcs7, Data, Size); - - mbedtls_pkcs7_free(&pkcs7); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/programs/fuzz/fuzz_pkcs7.options b/programs/fuzz/fuzz_pkcs7.options deleted file mode 100644 index 0824b19fa..000000000 --- a/programs/fuzz/fuzz_pkcs7.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c deleted file mode 100644 index 753096406..000000000 --- a/programs/fuzz/fuzz_privkey.c +++ /dev/null @@ -1,104 +0,0 @@ -#include -#include -#include -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "common.h" - -//4 Kb should be enough for every bug ;-) -#define MAX_LEN 0x1000 - -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) -const char *pers = "fuzz_privkey"; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) - int ret; - mbedtls_pk_context pk; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - - if (Size > MAX_LEN) { - //only work on small inputs - Size = MAX_LEN; - } - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0, - dummy_random, &ctr_drbg); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#else - (void) Data; - (void) Size; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - - return 0; -} diff --git a/programs/fuzz/fuzz_privkey.options b/programs/fuzz/fuzz_privkey.options deleted file mode 100644 index 0824b19fa..000000000 --- a/programs/fuzz/fuzz_privkey.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c deleted file mode 100644 index b2500e57c..000000000 --- a/programs/fuzz/fuzz_pubkey.c +++ /dev/null @@ -1,91 +0,0 @@ -#include -#include -#include "mbedtls/pk.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_PK_PARSE_C - int ret; - mbedtls_pk_context pk; - - mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_pk_parse_public_key(&pk, Data, Size); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - - /* It's a public key, so the private value should not have - * been changed from its initialization to 0. */ - mbedtls_mpi d; - mbedtls_mpi_init(&d); - if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { - abort(); - } - if (mbedtls_mpi_cmp_int(&d, 0) != 0) { - abort(); - } - mbedtls_mpi_free(&d); - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_pk_free(&pk); -#else - (void) Data; - (void) Size; -#endif //MBEDTLS_PK_PARSE_C - - return 0; -} diff --git a/programs/fuzz/fuzz_pubkey.options b/programs/fuzz/fuzz_pubkey.options deleted file mode 100644 index 0824b19fa..000000000 --- a/programs/fuzz/fuzz_pubkey.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c deleted file mode 100644 index 64b35edb9..000000000 --- a/programs/fuzz/fuzz_server.c +++ /dev/null @@ -1,216 +0,0 @@ -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ssl_ticket.h" -#include "test/certs.h" -#include "common.h" -#include -#include -#include - - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -const char *pers = "fuzz_server"; -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt srvcert; -static mbedtls_pk_context pkey; -#endif -const char *alpn_list[3]; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif -#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_context ticket_ctx; -#endif - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - uint8_t options; - - //we take 1 byte as options input - if (Size < 1) { - return 0; - } - options = Data[Size - 1]; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); -#endif - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_init(&ticket_ctx); -#endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - return 1; - } - - if (initialized == 0) { - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len) != 0) { - return 1; - } - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } - if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { - return 1; - } -#endif - - alpn_list[0] = "HTTP"; - alpn_list[1] = "fuzzalpn"; - alpn_list[2] = NULL; - - dummy_init(); - - initialized = 1; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - - srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { - goto exit; - } -#endif - - mbedtls_ssl_conf_cert_req_ca_list(&conf, - (options & - 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED); -#if defined(MBEDTLS_SSL_ALPN) - if (options & 0x2) { - mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); - } -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - if (options & 0x4) { - if (mbedtls_ssl_ticket_setup(&ticket_ctx, - dummy_random, &ctr_drbg, - MBEDTLS_CIPHER_AES_256_GCM, - 86400) != 0) { - goto exit; - } - - mbedtls_ssl_conf_session_tickets_cb(&conf, - mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, - &ticket_ctx); - } -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - mbedtls_ssl_conf_extended_master_secret(&conf, - (options & - 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - mbedtls_ssl_conf_encrypt_then_mac(&conf, - (options & - 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options & 0x40) { - mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), - (const unsigned char *) psk_id, sizeof(psk_id) - 1); - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, - (options & - 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); -#endif - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size-1; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); - - mbedtls_ssl_session_reset(&ssl); - ret = mbedtls_ssl_handshake(&ssl); - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - -exit: -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_free(&ticket_ctx); -#endif - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); -#endif - mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif -#else - (void) Data; - (void) Size; -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_server.options b/programs/fuzz/fuzz_server.options deleted file mode 100644 index 4d7340f49..000000000 --- a/programs/fuzz/fuzz_server.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c deleted file mode 100644 index e8dacd90b..000000000 --- a/programs/fuzz/fuzz_x509crl.c +++ /dev/null @@ -1,40 +0,0 @@ -#include -#include "mbedtls/x509_crl.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_X509_CRL_PARSE_C - int ret; - mbedtls_x509_crl crl; - unsigned char buf[4096]; - - mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_x509_crl_parse(&crl, Data, Size); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (ret == 0) { - ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); - } -#else - ((void) ret); - ((void) buf); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_x509_crl_free(&crl); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/programs/fuzz/fuzz_x509crl.options b/programs/fuzz/fuzz_x509crl.options deleted file mode 100644 index 0824b19fa..000000000 --- a/programs/fuzz/fuzz_x509crl.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c deleted file mode 100644 index 74d3b077c..000000000 --- a/programs/fuzz/fuzz_x509crt.c +++ /dev/null @@ -1,40 +0,0 @@ -#include -#include "mbedtls/x509_crt.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_X509_CRT_PARSE_C - int ret; - mbedtls_x509_crt crt; - unsigned char buf[4096]; - - mbedtls_x509_crt_init(&crt); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_x509_crt_parse(&crt, Data, Size); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (ret == 0) { - ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt); - } -#else - ((void) ret); - ((void) buf); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_x509_crt_free(&crt); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/programs/fuzz/fuzz_x509crt.options b/programs/fuzz/fuzz_x509crt.options deleted file mode 100644 index 0824b19fa..000000000 --- a/programs/fuzz/fuzz_x509crt.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c deleted file mode 100644 index 4c123f8e0..000000000 --- a/programs/fuzz/fuzz_x509csr.c +++ /dev/null @@ -1,40 +0,0 @@ -#include -#include "mbedtls/x509_csr.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_X509_CSR_PARSE_C - int ret; - mbedtls_x509_csr csr; - unsigned char buf[4096]; - - mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_x509_csr_parse(&csr, Data, Size); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (ret == 0) { - ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); - } -#else - ((void) ret); - ((void) buf); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_x509_csr_free(&csr); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/programs/fuzz/fuzz_x509csr.options b/programs/fuzz/fuzz_x509csr.options deleted file mode 100644 index 0824b19fa..000000000 --- a/programs/fuzz/fuzz_x509csr.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c deleted file mode 100644 index 2d4330abc..000000000 --- a/programs/fuzz/onefile.c +++ /dev/null @@ -1,68 +0,0 @@ -#include -#include -#include -#include "common.h" - -/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#include "mbedtls/build_info.h" - -int main(int argc, char **argv) -{ - FILE *fp; - uint8_t *Data; - size_t Size; - const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; - - if (argc != 2) { - fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - fprintf(stderr, "%s: Error in fopen\n", argv0); - perror(argv[1]); - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fprintf(stderr, "%s: Error in ftell\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fprintf(stderr, "%s: Error in fseek(0)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fprintf(stderr, "%s: Could not allocate memory\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - fprintf(stderr, "%s: Error in fread\n", argv0); - perror(argv[1]); - free(Data); - fclose(fp); - return 2; - } - - //launch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt deleted file mode 100644 index d23db0443..000000000 --- a/programs/hash/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ -set(executables - generic_sum - hello - md_hmac_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c deleted file mode 100644 index 3fd2b0089..000000000 --- a/programs/hash/generic_sum.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * generic message digest layer demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/md.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum) -{ - int ret = mbedtls_md_file(md_info, filename, sum); - - if (ret == 1) { - mbedtls_fprintf(stderr, "failed to open: %s\n", filename); - } - - if (ret == 2) { - mbedtls_fprintf(stderr, "failed to read: %s\n", filename); - } - - return ret; -} - -static int generic_print(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - - if (generic_wrapper(md_info, filename, sum) != 0) { - return 1; - } - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - mbedtls_printf("%02x", sum[i]); - } - - mbedtls_printf(" %s\n", filename); - return 0; -} - -static int generic_check(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - size_t n; - FILE *f; - int nb_err1, nb_err2; - int nb_tot1, nb_tot2; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char line[1024]; - char diff; -#if defined(__clang_analyzer__) - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; -#else - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; -#endif - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("failed to open: %s\n", filename); - return 1; - } - - nb_err1 = nb_err2 = 0; - nb_tot1 = nb_tot2 = 0; - - memset(line, 0, sizeof(line)); - - n = sizeof(line); - - while (fgets(line, (int) n - 1, f) != NULL) { - n = strlen(line); - - if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[2 * mbedtls_md_get_size(md_info)] != ' ' || - line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[n - 1] == '\n') { - n--; line[n] = '\0'; - } - if (line[n - 1] == '\r') { - n--; line[n] = '\0'; - } - - nb_tot1++; - - if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) { - nb_err1++; - continue; - } - - nb_tot2++; - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - sprintf(buf + i * 2, "%02x", sum[i]); - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) { - diff |= line[i] ^ buf[i]; - } - - if (diff != 0) { - nb_err2++; - mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66); - } - - n = sizeof(line); - } - - if (nb_err1 != 0) { - mbedtls_printf("WARNING: %d (out of %d) input files could " - "not be read\n", nb_err1, nb_tot1); - } - - if (nb_err2 != 0) { - mbedtls_printf("WARNING: %d (out of %d) computed checksums did " - "not match\n", nb_err2, nb_tot2); - } - - fclose(f); - - return nb_err1 != 0 || nb_err2 != 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - int exit_code = MBEDTLS_EXIT_FAILURE; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - - mbedtls_md_init(&md_ctx); - - if (argc < 2) { - const int *list; - - mbedtls_printf("print mode: generic_sum ...\n"); - mbedtls_printf("check mode: generic_sum -c \n"); - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - mbedtls_exit(exit_code); - } - - /* - * Read the MD from the command line - */ - md_info = mbedtls_md_info_from_string(argv[1]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]); - mbedtls_exit(exit_code); - } - if (mbedtls_md_setup(&md_ctx, md_info, 0)) { - mbedtls_fprintf(stderr, "Failed to initialize context.\n"); - mbedtls_exit(exit_code); - } - - ret = 0; - if (argc == 4 && strcmp("-c", argv[2]) == 0) { - ret |= generic_check(md_info, argv[3]); - goto exit; - } - - for (i = 2; i < argc; i++) { - ret |= generic_print(md_info, argv[i]); - } - - if (ret == 0) { - exit_code = MBEDTLS_EXIT_SUCCESS; - } - -exit: - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c deleted file mode 100644 index 8caae8851..000000000 --- a/programs/hash/hello.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Classic "Hello, world" demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if !defined(MBEDTLS_MD5_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int i, ret; - unsigned char digest[16]; - char str[] = "Hello, world!"; - - mbedtls_printf("\n MD5('%s') = ", str); - - if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) { - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - for (i = 0; i < 16; i++) { - mbedtls_printf("%02x", digest[i]); - } - - mbedtls_printf("\n\n"); - - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); -} -#endif /* MBEDTLS_MD5_C */ diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c deleted file mode 100644 index 494e9efaa..000000000 --- a/programs/hash/md_hmac_demo.c +++ /dev/null @@ -1,136 +0,0 @@ -/** - * MD API multi-part HMAC demonstration. - * - * This programs computes the HMAC of two messages using the multi-part API. - * - * This is a companion to psa/hmac_demo.c, doing the same operations with the - * legacy MD API. The goal is that comparing the two programs will help people - * migrating to the PSA Crypto API. - * - * When it comes to multi-part HMAC operations, the `mbedtls_md_context` - * serves a dual purpose (1) hold the key, and (2) save progress information - * for the current operation. With PSA those roles are held by two disinct - * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for - * multi-part progress. - * - * This program and its companion psa/hmac_demo.c illustrate this by doing the - * same sequence of multi-part HMAC computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize - -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_MD_C) -int main(void) -{ - printf("MBEDTLS_MD_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -/* Dummy inputs for HMAC */ -const unsigned char msg1_part1[] = { 0x01, 0x02 }; -const unsigned char msg1_part2[] = { 0x03, 0x04 }; -const unsigned char msg2_part1[] = { 0x05, 0x05 }; -const unsigned char msg2_part2[] = { 0x06, 0x06 }; - -/* Dummy key material - never do this in production! - * This example program uses SHA-256, so a 32-byte key makes sense. */ -const unsigned char key_bytes[32] = { 0 }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * This function demonstrates computation of the HMAC of two messages using - * the multipart API. - */ -static int hmac_demo(void) -{ - int ret; - const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; - unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal - - mbedtls_md_context_t ctx; - - mbedtls_md_init(&ctx); - - /* prepare context and load key */ - // the last argument to setup is 1 to enable HMAC (not just hashing) - const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg); - CHK(mbedtls_md_setup(&ctx, info, 1)); - CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes))); - - /* compute HMAC(key, msg1_part1 | msg1_part2) */ - CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg1", out, mbedtls_md_get_size(info)); - - /* compute HMAC(key, msg2_part1 | msg2_part2) */ - CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation - CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg2", out, mbedtls_md_get_size(info)); - -exit: - mbedtls_md_free(&ctx); - mbedtls_platform_zeroize(out, sizeof(out)); - - return ret; -} - -int main(void) -{ - int ret; - - CHK(hmac_demo()); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt deleted file mode 100644 index c782ad465..000000000 --- a/programs/pkey/CMakeLists.txt +++ /dev/null @@ -1,45 +0,0 @@ -set(executables_mbedtls - dh_client - dh_server -) -add_dependencies(${programs_target} ${executables_mbedtls}) - -foreach(exe IN LISTS executables_mbedtls) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -set(executables_mbedcrypto - dh_genprime - ecdh_curve25519 - ecdsa - gen_key - key_app - key_app_writer - mpi_demo - pk_encrypt - pk_decrypt - pk_sign - pk_verify - rsa_decrypt - rsa_encrypt - rsa_genkey - rsa_sign - rsa_sign_pss - rsa_verify - rsa_verify_pss -) -add_dependencies(${programs_target} ${executables_mbedcrypto}) - -foreach(exe IN LISTS executables_mbedcrypto) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c deleted file mode 100644 index a3bc49d3f..000000000 --- a/programs/pkey/dh_client.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (client side) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net_sockets.h" -#include "mbedtls/aes.h" -#include "mbedtls/dhm.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#define SERVER_NAME "localhost" -#define SERVER_PORT "11999" - -#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " - "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); - mbedtls_exit(0); -} - -#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) -int main(void) -{ - mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - FILE *f; - - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned int mdlen; - size_t n, buflen; - mbedtls_net_context server_fd; - - unsigned char *p, *end; - unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - mbedtls_mpi N, E; - const char *pers = "dh_client"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_rsa_context rsa; - mbedtls_dhm_context dhm; - mbedtls_aes_context aes; - - mbedtls_net_init(&server_fd); - mbedtls_dhm_init(&dhm); - mbedtls_aes_init(&aes); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - /* - * 1. Setup the RNG - */ - mbedtls_printf("\n . Seeding the random number generator"); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - /* - * 2. Read the server's public RSA key - */ - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - mbedtls_rsa_init(&rsa); - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * 3. Initiate the connection - */ - mbedtls_printf("\n . Connecting to tcp/%s/%s", SERVER_NAME, - SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, - SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - /* - * 4a. First get the buffer length - */ - mbedtls_printf("\n . Receiving the server's DH parameters"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - n = buflen = (buf[0] << 8) | buf[1]; - if (buflen < 1 || buflen > sizeof(buf)) { - mbedtls_printf(" failed\n ! Got an invalid buffer length\n\n"); - goto exit; - } - - /* - * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P - */ - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - p = buf, end = buf + buflen; - - if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret); - goto exit; - } - - n = mbedtls_dhm_get_len(&dhm); - if (n < 64 || n > 512) { - mbedtls_printf(" failed\n ! Invalid DHM modulus size\n\n"); - goto exit; - } - - /* - * 5. Check that the server's RSA signature matches - * the SHA-256 hash of (P,G,Ys) - */ - mbedtls_printf("\n . Verifying the server's RSA signature"); - fflush(stdout); - - p += 2; - - if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n"); - goto exit; - } - - mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); - if (mdlen == 0) { - mbedtls_printf(" failed\n ! Invalid digest type\n\n"); - goto exit; - } - - if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - mdlen, hash, p)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret); - goto exit; - } - - /* - * 6. Send our public value: Yc = G ^ Xc mod P - */ - mbedtls_printf("\n . Sending own public value to server"); - fflush(stdout); - - n = mbedtls_dhm_get_len(&dhm); - if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - /* - * 7. Derive the shared secret: K = Ys ^ Xc mod P - */ - mbedtls_printf("\n . Shared secret: "); - fflush(stdout); - - if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret); - goto exit; - } - - for (n = 0; n < 16; n++) { - mbedtls_printf("%02x", buf[n]); - } - - /* - * 8. Setup the AES-256 decryption key - * - * This is an overly simplified example; best practice is - * to hash the shared secret with a random value to derive - * the keying material for the encryption/decryption keys, - * IVs and MACs. - */ - mbedtls_printf("...\n . Receiving and decrypting the ciphertext"); - fflush(stdout); - - ret = mbedtls_aes_setkey_dec(&aes, buf, 256); - if (ret != 0) { - goto exit; - } - - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf); - if (ret != 0) { - goto exit; - } - buf[16] = '\0'; - mbedtls_printf("\n . Plaintext is \"%s\"\n\n", (char *) buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - - mbedtls_aes_free(&aes); - mbedtls_rsa_free(&rsa); - mbedtls_dhm_free(&dhm); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c deleted file mode 100644 index 6872e61e3..000000000 --- a/programs/pkey/dh_genprime.c +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (prime generation) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_GENPRIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_GENPRIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/bignum.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#define USAGE \ - "\n usage: dh_genprime param=<>...\n" \ - "\n acceptable parameters:\n" \ - " bits=%%d default: 2048\n" - -#define DFL_BITS 2048 - -/* - * Note: G = 4 is always a quadratic residue mod P, - * so it is a generator of order Q (with P = 2*Q+1). - */ -#define GENERATOR "4" - - -int main(int argc, char **argv) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi G, P, Q; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "dh_genprime"; - FILE *fout; - int nbits = DFL_BITS; - int i; - char *p, *q; - - mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "bits") == 0) { - nbits = atoi(q); - if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } else { - goto usage; - } - } - - if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ! Generating large primes may take minutes!\n"); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the modulus, please wait..."); - fflush(stdout); - - /* - * This can take a long time... - */ - if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime..."); - fflush(stdout); - - if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt..."); - fflush(stdout); - - if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n"); - goto exit; - } - - if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) || - ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - fclose(fout); - goto exit; - } - - mbedtls_printf(" ok\n\n"); - fclose(fout); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt deleted file mode 100644 index de0c28148..000000000 --- a/programs/pkey/dh_prime.txt +++ /dev/null @@ -1,2 +0,0 @@ -P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF -G = 02 diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c deleted file mode 100644 index 26b48e3ff..000000000 --- a/programs/pkey/dh_server.c +++ /dev/null @@ -1,306 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (server side) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net_sockets.h" -#include "mbedtls/aes.h" -#include "mbedtls/dhm.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#define SERVER_PORT "11999" -#define PLAINTEXT "==Hello there!==" - -#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " - "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - FILE *f; - - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned int mdlen; - size_t n, buflen; - mbedtls_net_context listen_fd, client_fd; - - unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - unsigned char buf2[2]; - const char *pers = "dh_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_rsa_context rsa; - mbedtls_dhm_context dhm; - mbedtls_aes_context aes; - - mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_dhm_init(&dhm); - mbedtls_aes_init(&aes); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P); - mbedtls_mpi_init(&dhm_G); - /* - * 1. Setup the RNG - */ - mbedtls_printf("\n . Seeding the random number generator"); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - /* - * 2a. Read the server's private RSA key - */ - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - mbedtls_rsa_init(&rsa); - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * 2b. Get the DHM modulus and generator - */ - mbedtls_printf("\n . Reading DH parameters from dh_prime.txt"); - fflush(stdout); - - if ((f = fopen("dh_prime.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open dh_prime.txt\n" \ - " ! Please run dh_genprime first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 || - (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) { - mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - /* - * 3. Wait for a client to connect - */ - mbedtls_printf("\n . Waiting for a remote connection"); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* - * 4. Setup the DH parameters (P,G,Ys) - */ - mbedtls_printf("\n . Sending the server's DH parameters"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - if ((ret = - mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret); - goto exit; - } - - /* - * 5. Sign the parameters and send them - */ - - mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); - if (mdlen == 0) { - mbedtls_printf(" failed\n ! Invalid digest type\n\n"); - goto exit; - } - - if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); - goto exit; - } - - const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa); - buf[n] = (unsigned char) (rsa_key_len >> 8); - buf[n + 1] = (unsigned char) (rsa_key_len); - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_MD_SHA256, mdlen, - hash, buf + n + 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); - goto exit; - } - - buflen = n + 2 + rsa_key_len; - buf2[0] = (unsigned char) (buflen >> 8); - buf2[1] = (unsigned char) (buflen); - - if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 || - (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - /* - * 6. Get the client's public value: Yc = G ^ Xc mod P - */ - mbedtls_printf("\n . Receiving the client's public value"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - n = mbedtls_dhm_get_len(&dhm); - if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret); - goto exit; - } - - /* - * 7. Derive the shared secret: K = Ys ^ Xc mod P - */ - mbedtls_printf("\n . Shared secret: "); - fflush(stdout); - - if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret); - goto exit; - } - - for (n = 0; n < 16; n++) { - mbedtls_printf("%02x", buf[n]); - } - - /* - * 8. Setup the AES-256 encryption key - * - * This is an overly simplified example; best practice is - * to hash the shared secret with a random value to derive - * the keying material for the encryption/decryption keys - * and MACs. - */ - mbedtls_printf("...\n . Encrypting and sending the ciphertext"); - fflush(stdout); - - ret = mbedtls_aes_setkey_enc(&aes, buf, 256); - if (ret != 0) { - goto exit; - } - memcpy(buf, PLAINTEXT, 16); - ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P); - mbedtls_mpi_free(&dhm_G); - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_aes_free(&aes); - mbedtls_rsa_free(&rsa); - mbedtls_dhm_free(&dhm); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c deleted file mode 100644 index fedfcc9fe..000000000 --- a/programs/pkey/ecdh_curve25519.c +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Example ECDHE with Curve25519 program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ECDH_C) || \ - !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDH_C and/or " - "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " - "not defined\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdh.h" - -#include - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdh_context ctx_cli, ctx_srv; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char cli_to_srv[36], srv_to_cli[33]; - const char pers[] = "ecdh"; - - size_t srv_olen; - size_t cli_olen; - unsigned char secret_cli[32] = { 0 }; - unsigned char secret_srv[32] = { 0 }; - const unsigned char *p_cli_to_srv = cli_to_srv; - - ((void) argc); - ((void) argv); - - mbedtls_ecdh_init(&ctx_cli); - mbedtls_ecdh_init(&ctx_srv); - mbedtls_ctr_drbg_init(&ctr_drbg); - - /* - * Initialize random number generation - */ - mbedtls_printf(" . Seed the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, - (const unsigned char *) pers, - sizeof(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: initialize context and generate keypair - */ - mbedtls_printf(" . Set up client context, generate EC key pair..."); - fflush(stdout); - - ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret); - goto exit; - } - - ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv, - sizeof(cli_to_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Server: initialize context and generate keypair - */ - mbedtls_printf(" . Server: read params, generate public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv, - p_cli_to_srv + sizeof(cli_to_srv)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli, - sizeof(srv_to_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: read public key - */ - mbedtls_printf(" . Client: read public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli, - sizeof(srv_to_cli)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Calculate secrets - */ - mbedtls_printf(" . Calculate secrets..."); - fflush(stdout); - - ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli, - sizeof(secret_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv, - sizeof(secret_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Verification: are the computed secrets equal? - */ - mbedtls_printf(" . Check if both calculated secrets are equal..."); - fflush(stdout); - - ret = memcmp(secret_srv, secret_cli, srv_olen); - if (ret != 0 || (cli_olen != srv_olen)) { - mbedtls_printf(" failed\n ! Shared secrets not equal.\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdh_free(&ctx_srv); - mbedtls_ecdh_free(&ctx_cli); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c deleted file mode 100644 index 5664b8c4e..000000000 --- a/programs/pkey/ecdsa.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Example ECDSA program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ECDSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/sha256.h" - -#include -#endif - -/* - * Uncomment to show key and signature details - */ -#define VERBOSE - -/* - * Uncomment to force use of a specific curve - */ -#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 - -#if !defined(ECPARAMS) -#define ECPARAMS mbedtls_ecp_curve_list()->grp_id -#endif - -#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); - mbedtls_exit(0); -} -#else -#if defined(VERBOSE) -static void dump_buf(const char *title, unsigned char *buf, size_t len) -{ - size_t i; - - mbedtls_printf("%s", title); - for (i = 0; i < len; i++) { - mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16], - "0123456789ABCDEF" [buf[i] % 16]); - } - mbedtls_printf("\n"); -} - -static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) -{ - unsigned char buf[300]; - size_t len; - - if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof(buf)) != 0) { - mbedtls_printf("internal error\n"); - return; - } - - dump_buf(title, buf, len); -} -#else -#define dump_buf(a, b, c) -#define dump_pubkey(a, b) -#endif - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdsa_context ctx_sign, ctx_verify; - mbedtls_ecp_point Q; - mbedtls_ecp_point_init(&Q); - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char message[100]; - unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - size_t sig_len; - const char *pers = "ecdsa"; - ((void) argv); - - mbedtls_ecdsa_init(&ctx_sign); - mbedtls_ecdsa_init(&ctx_verify); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(sig, 0, sizeof(sig)); - memset(message, 0x25, sizeof(message)); - - if (argc != 1) { - mbedtls_printf("usage: ecdsa\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - /* - * Generate a key pair for signing - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating key pair..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret); - goto exit; - } - - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); - - dump_pubkey(" + Public key: ", &ctx_sign); - - /* - * Compute message hash - */ - mbedtls_printf(" . Computing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - dump_buf(" + Hash: ", hash, sizeof(hash)); - - /* - * Sign message hash - */ - mbedtls_printf(" . Signing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256, - hash, sizeof(hash), - sig, sizeof(sig), &sig_len, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len); - - dump_buf(" + Signature: ", sig, sig_len); - - /* - * Transfer public information to verifying context - * - * We could use the same context for verification and signatures, but we - * chose to use a new one in order to make it clear that the verifying - * context only needs the public key (Q), and not the private key (d). - */ - mbedtls_printf(" . Preparing verification context..."); - fflush(stdout); - - if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); - goto exit; - } - - if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); - goto exit; - } - - /* - * Verify signature - */ - mbedtls_printf(" ok\n . Verifying signature..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify, - hash, sizeof(hash), - sig, sig_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdsa_free(&ctx_verify); - mbedtls_ecdsa_free(&ctx_sign); - mbedtls_ecp_point_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - ECPARAMS */ diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c deleted file mode 100644 index 99999c7a5..000000000 --- a/programs/pkey/gen_key.c +++ /dev/null @@ -1,477 +0,0 @@ -/* - * Key generation application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#include - -#if !defined(_WIN32) -#include - -#define DEV_RANDOM_THRESHOLD 32 - -static int dev_random_entropy_poll(void *data, unsigned char *output, - size_t len, size_t *olen) -{ - FILE *file; - size_t ret, left = len; - unsigned char *p = output; - ((void) data); - - *olen = 0; - - file = fopen("/dev/random", "rb"); - if (file == NULL) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - while (left > 0) { - /* /dev/random can return much less than requested. If so, try again */ - ret = fread(p, 1, left, file); - if (ret == 0 && ferror(file)) { - fclose(file); - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - p += ret; - left -= ret; - sleep(1); - } - fclose(file); - *olen = len; - - return 0; -} -#endif /* !_WIN32 */ - -#if defined(MBEDTLS_ECP_C) -#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id -#else -#define DFL_EC_CURVE 0 -#endif - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) -#define USAGE_DEV_RANDOM \ - " use_dev_random=0|1 default: 0\n" -#else -#define USAGE_DEV_RANDOM "" -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - -#define FORMAT_PEM 0 -#define FORMAT_DER 1 - -#define DFL_TYPE MBEDTLS_PK_RSA -#define DFL_RSA_KEYSIZE 4096 -#define DFL_FILENAME "keyfile.key" -#define DFL_FORMAT FORMAT_PEM -#define DFL_USE_DEV_RANDOM 0 - -#define USAGE \ - "\n usage: gen_key param=<>...\n" \ - "\n acceptable parameters:\n" \ - " type=rsa|ec default: rsa\n" \ - " rsa_keysize=%%d default: 4096\n" \ - " ec_curve=%%s see below\n" \ - " filename=%%s default: keyfile.key\n" \ - " format=pem|der default: pem\n" \ - USAGE_DEV_RANDOM \ - "\n" - - -/* - * global options - */ -struct options { - int type; /* the type of key to generate */ - int rsa_keysize; /* length of key in bits */ - int ec_curve; /* curve identifier for EC keys */ - const char *filename; /* filename of the key file */ - int format; /* the output format to use */ - int use_dev_random; /* use /dev/random as entropy source */ -} opt; - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - if (opt.format == FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "wb")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context key; - char buf[1024]; - int i; - char *p, *q; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "gen_key"; -#if defined(MBEDTLS_ECP_C) - const mbedtls_ecp_curve_info *curve_info; -#endif - - /* - * Set to sane values - */ -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); -#if defined(MBEDTLS_ECP_C) - mbedtls_printf(" available ec_curve values:\n"); - curve_info = mbedtls_ecp_curve_list(); - mbedtls_printf(" %s (default)\n", curve_info->name); - while ((++curve_info)->name != NULL) { - mbedtls_printf(" %s\n", curve_info->name); - } -#endif /* MBEDTLS_ECP_C */ - goto exit; - } - - opt.type = DFL_TYPE; - opt.rsa_keysize = DFL_RSA_KEYSIZE; - opt.ec_curve = DFL_EC_CURVE; - opt.filename = DFL_FILENAME; - opt.format = DFL_FORMAT; - opt.use_dev_random = DFL_USE_DEV_RANDOM; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "type") == 0) { - if (strcmp(q, "rsa") == 0) { - opt.type = MBEDTLS_PK_RSA; - } else if (strcmp(q, "ec") == 0) { - opt.type = MBEDTLS_PK_ECKEY; - } else { - goto usage; - } - } else if (strcmp(p, "format") == 0) { - if (strcmp(q, "pem") == 0) { - opt.format = FORMAT_PEM; - } else if (strcmp(q, "der") == 0) { - opt.format = FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "rsa_keysize") == 0) { - opt.rsa_keysize = atoi(q); - if (opt.rsa_keysize < 1024 || - opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } -#if defined(MBEDTLS_ECP_C) - else if (strcmp(p, "ec_curve") == 0) { - if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) { - goto usage; - } - opt.ec_curve = curve_info->grp_id; - } -#endif - else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "use_dev_random") == 0) { - opt.use_dev_random = atoi(q); - if (opt.use_dev_random < 0 || opt.use_dev_random > 1) { - goto usage; - } - } else { - goto usage; - } - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) - if (opt.use_dev_random) { - if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, - NULL, DEV_RANDOM_THRESHOLD, - MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n Using /dev/random, so can take a long time! "); - fflush(stdout); - } -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * 1.1. Generate the key - */ - mbedtls_printf("\n . Generating the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_pk_setup(&key, - mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (opt.type == MBEDTLS_PK_RSA) { - ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg, - opt.rsa_keysize, 65537); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) - if (opt.type == MBEDTLS_PK_ECKEY) { - ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve, - mbedtls_pk_ec(key), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_ECP_C */ - { - mbedtls_printf(" failed\n ! key type not supported\n"); - goto exit; - } - - /* - * 1.2 Print the key - */ - mbedtls_printf(" ok\n . Key information:\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf(" ! key type not supported\n"); - - /* - * 1.3 Export key - */ - mbedtls_printf(" . Writing key to file..."); - - if ((ret = write_private_key(&key, opt.filename)) != 0) { - mbedtls_printf(" failed\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c deleted file mode 100644 index d01aa8852..000000000 --- a/programs/pkey/key_app.c +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Key reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && \ - defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_PASSWORD "" -#define DFL_PASSWORD_FILE "" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: key_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " password=%%s default: \"\"\n" \ - " password_file=%%s default: \"\"\n" \ - "\n" - -#if !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - const char *password; /* password for the private key */ - const char *password_file; /* password_file for the private key */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - char buf[1024]; - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context pk; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&pk); - memset(buf, 0, sizeof(buf)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto cleanup; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.password = DFL_PASSWORD; - opt.password_file = DFL_PASSWORD_FILE; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "password") == 0) { - opt.password = q; - } else if (strcmp(p, "password_file") == 0) { - opt.password_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_PRIVATE) { - if (strlen(opt.password) && strlen(opt.password_file)) { - mbedtls_printf("Error: cannot have both password and password_file\n"); - goto usage; - } - - if (strlen(opt.password_file)) { - FILE *f; - - mbedtls_printf("\n . Loading the password file ..."); - if ((f = fopen(opt.password_file, "rb")) == NULL) { - mbedtls_printf(" failed\n ! fopen returned NULL\n"); - goto cleanup; - } - if (fgets(buf, sizeof(buf), f) == NULL) { - fclose(f); - mbedtls_printf("Error: fgets() failed to retrieve password\n"); - goto cleanup; - } - fclose(f); - - i = (int) strlen(buf); - if (buf[i - 1] == '\n') { - buf[i - 1] = '\0'; - } - if (buf[i - 2] == '\r') { - buf[i - 2] = '\0'; - } - opt.password = buf; - } - - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else { - goto usage; - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c deleted file mode 100644 index d34cbe1fb..000000000 --- a/programs/pkey/key_app_writer.c +++ /dev/null @@ -1,494 +0,0 @@ -/* - * Key writing application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#define USAGE_OUT \ - " output_file=%%s default: keyfile.pem\n" \ - " output_format=pem|der default: pem\n" -#else -#define USAGE_OUT \ - " output_file=%%s default: keyfile.der\n" \ - " output_format=der default: der\n" -#endif - -#if defined(MBEDTLS_PEM_WRITE_C) -#define DFL_OUTPUT_FILENAME "keyfile.pem" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM -#else -#define DFL_OUTPUT_FILENAME "keyfile.der" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER -#endif - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_DEBUG_LEVEL 0 -#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define OUTPUT_MODE_NONE 0 -#define OUTPUT_MODE_PRIVATE 1 -#define OUTPUT_MODE_PUBLIC 2 - -#define OUTPUT_FORMAT_PEM 0 -#define OUTPUT_FORMAT_DER 1 - -#define USAGE \ - "\n usage: key_app_writer param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " output_mode=private|public default: none\n" \ - USAGE_OUT \ - "\n" - - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - int output_mode; /* the output mode to use */ - const char *output_file; /* where to store the constructed key file */ - int output_format; /* the output format to use */ -} opt; - -static int write_public_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; -#if defined(MBEDTLS_ERROR_C) - char buf[200]; -#endif - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context key; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&key); -#if defined(MBEDTLS_ERROR_C) - memset(buf, 0, sizeof(buf)); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.output_mode = DFL_OUTPUT_MODE; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.output_format = DFL_OUTPUT_FORMAT; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.output_mode = OUTPUT_MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.output_mode = OUTPUT_MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_format") == 0) { -#if defined(MBEDTLS_PEM_WRITE_C) - if (strcmp(q, "pem") == 0) { - opt.output_format = OUTPUT_FORMAT_PEM; - } else -#endif - if (strcmp(q, "der") == 0) { - opt.output_format = OUTPUT_FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) { - mbedtls_printf("\nCannot output a key without reading one.\n"); - goto exit; - } - - if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) { - mbedtls_printf("\nCannot output a private key from a public key.\n"); - goto exit; - } - - if (opt.mode == MODE_PRIVATE) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL, - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - } else { - goto usage; - } - - if (opt.output_mode == OUTPUT_MODE_PUBLIC) { - write_public_key(&key, opt.output_file); - } - if (opt.output_mode == OUTPUT_MODE_PRIVATE) { - write_private_key(&key, opt.output_file); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c deleted file mode 100644 index e83aa3259..000000000 --- a/programs/pkey/mpi_demo.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Simple MPI demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/bignum.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi E, P, Q, N, H, D, X, Y, Z; - - mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N); - mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - mbedtls_mpi_init(&Z); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257")); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q)); - - mbedtls_printf("\n Public key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL)); - - mbedtls_printf("\n Private key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL)); - -#if defined(MBEDTLS_GENPRIME) - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q)); - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H)); - - mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ", - &D, 10, NULL); -#else - mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n"); -#endif - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555")); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL)); - - mbedtls_printf("\n RSA operation:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL)); - mbedtls_printf("\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N); - mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - mbedtls_mpi_free(&Z); - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("\nAn error occurred.\n"); - } - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c deleted file mode 100644 index 3dbfde02b..000000000 --- a/programs/pkey/pk_decrypt.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Public key-based simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_decrypt"; - ((void) argv); - - mbedtls_pk_init(&pk); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(result, 0, sizeof(result)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 2) { - mbedtls_printf("usage: mbedtls_pk_decrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - ret = 1; - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c deleted file mode 100644 index a3a7c1b4d..000000000 --- a/programs/pkey/pk_encrypt.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_encrypt"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - if (strlen(argv[2]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[2], strlen(argv[2])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the encrypted value"); - fflush(stdout); - - if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", - "result-enc.txt"); - ret = 1; - goto exit; - } - - for (i = 0; i < olen; i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c deleted file mode 100644 index c1640d66a..000000000 --- a/programs/pkey/pk_sign.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Public key-based signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/pk.h" - -#include -#include - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - const char *pers = "mbedtls_pk_sign"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the signature of the hash. - */ - mbedtls_printf("\n . Generating the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c deleted file mode 100644 index 7b88cabf8..000000000 --- a/programs/pkey/pk_verify.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Public key-based signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the signature from the file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, sizeof(buf), f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c deleted file mode 100644 index a84af50d7..000000000 --- a/programs/pkey/rsa_decrypt.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * RSA simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include - -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned c; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "rsa_decrypt"; - ((void) argv); - - memset(result, 0, sizeof(result)); - - if (argc != 1) { - mbedtls_printf("usage: rsa_decrypt\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - goto exit; - } - - i = 0; - - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, &i, - buf, result, 1024); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c deleted file mode 100644 index 6538f8a99..000000000 --- a/programs/pkey/rsa_encrypt.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "rsa_encrypt"; - mbedtls_mpi N, E; - - if (argc != 2) { - mbedtls_printf("usage: rsa_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if (strlen(argv[1]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[1], strlen(argv[1])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the RSA encrypted value"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, strlen(argv[1]), input, buf); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", - ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt"); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c deleted file mode 100644 index dc58215f7..000000000 --- a/programs/pkey/rsa_genkey.c +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Example RSA key generation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" - -#include -#include -#endif - -#define KEY_SIZE 2048 -#define EXPONENT 65537 - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - FILE *fpub = NULL; - FILE *fpriv = NULL; - const char *pers = "rsa_genkey"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE); - fflush(stdout); - - if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, - EXPONENT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt...."); - fflush(stdout); - - if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt..."); - fflush(stdout); - - if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - mbedtls_printf(" ok\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (fpub != NULL) { - fclose(fpub); - } - - if (fpriv != NULL) { - fclose(fpriv); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - mbedtls_rsa_free(&rsa); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt deleted file mode 100644 index 254fcf852..000000000 --- a/programs/pkey/rsa_priv.txt +++ /dev/null @@ -1,8 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 -D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 -P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 -Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 -DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 -DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 -QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt deleted file mode 100644 index 1e7ae0c9c..000000000 --- a/programs/pkey/rsa_pub.txt +++ /dev/null @@ -1,2 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c deleted file mode 100644 index 0e32e13d9..000000000 --- a/programs/pkey/rsa_sign.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * RSA/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - mbedtls_rsa_init(&rsa); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc != 2) { - mbedtls_printf("usage: rsa_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Checking the private key"); - fflush(stdout); - if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c deleted file mode 100644 index 430536a55..000000000 --- a/programs/pkey/rsa_sign_pss.c +++ /dev/null @@ -1,161 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - const char *pers = "rsa_sign_pss"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - mbedtls_ctr_drbg_init(&ctr_drbg); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: rsa_sign_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Padding not supported\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c deleted file mode 100644 index e3f32bb4d..000000000 --- a/programs/pkey/rsa_verify.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * RSA/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, E; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - if (argc != 2) { - mbedtls_printf("usage: rsa_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * Extract the RSA signature from the text file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c deleted file mode 100644 index 4b5336d70..000000000 --- a/programs/pkey/rsa_verify_pss.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/md.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: rsa_verify_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Invalid padding\n"); - goto exit; - } - - /* - * Extract the RSA signature from the file - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt deleted file mode 100644 index 76cb8407a..000000000 --- a/programs/random/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set(executables - gen_entropy - gen_random_ctr_drbg -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c deleted file mode 100644 index 887b2c988..000000000 --- a/programs/random/gen_entropy.c +++ /dev/null @@ -1,75 +0,0 @@ -/** - * \brief Use and generate multiple entropies calls into a file - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" - -#include -#endif - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_entropy_context entropy; - unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n", - (unsigned int) ret); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c deleted file mode 100644 index 0eecf0ad4..000000000 --- a/programs/random/gen_random_ctr_drbg.c +++ /dev/null @@ -1,107 +0,0 @@ -/** - * \brief Use and generate random data into a file via the CTR_DBRG based on AES - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[1024]; - - mbedtls_ctr_drbg_init(&ctr_drbg); - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, - mbedtls_entropy_func, - &entropy, - (const unsigned char *) "RANDOM_GEN", - 10); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret); - goto cleanup; - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF); - -#if defined(MBEDTLS_FS_IO) - ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile"); - - if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) { - mbedtls_printf("Failed to open seedfile. Generating one.\n"); - ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile"); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret); - goto cleanup; - } - } else if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret); - goto cleanup; - } -#endif - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf("failed!\n"); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */ diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt deleted file mode 100644 index a27c6262b..000000000 --- a/programs/ssl/CMakeLists.txt +++ /dev/null @@ -1,73 +0,0 @@ -find_package(Threads) - -set(libs - ${mbedtls_target} -) - -set(executables - dtls_client - dtls_server - mini_client - ssl_client1 - ssl_client2 - ssl_context_info - ssl_fork_server - ssl_mail_client - ssl_server - ssl_server2 -) -add_dependencies(${programs_target} ${executables}) -add_dependencies(${ssl_opt_target} ${executables}) - -if(GEN_FILES) - # Inform CMake that the following file will be generated as part of the build - # process, so it doesn't complain that it doesn't exist yet. Starting from - # CMake 3.20, this will no longer be necessary as CMake will automatically - # propagate this information across the tree, for now it's only visible - # inside the same directory, so we need to propagate manually. - set_source_files_properties( - ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c - PROPERTIES GENERATED TRUE) -endif() - -foreach(exe IN LISTS executables) - set(extra_sources "") - if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") - list(APPEND extra_sources - ssl_test_lib.c - ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h - ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) - endif() - add_executable(${exe} - ${exe}.c - $ - $ - ${extra_sources}) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) - if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") - if(GEN_FILES) - add_dependencies(${exe} generate_query_config_c) - endif() - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test) - endif() -endforeach() - -if(THREADS_FOUND) - add_executable(ssl_pthread_server - ssl_pthread_server.c - $ - $) - set_base_compile_options(ssl_pthread_server) - target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) - target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) - list(APPEND executables ssl_pthread_server) -endif(THREADS_FOUND) - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c deleted file mode 100644 index f7f417f74..000000000 --- a/programs/ssl/dtls_client.c +++ /dev/null @@ -1,336 +0,0 @@ -/* - * Simple DTLS client demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include - -#include "mbedtls/net_sockets.h" -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" -#include "mbedtls/timing.h" -#include "test/certs.h" - -/* Uncomment out the following line to default to IPv4 and disable IPv6 */ -//#define FORCE_IPV4 - -#define SERVER_PORT "4433" -#define SERVER_NAME "localhost" - -#ifdef FORCE_IPV4 -#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */ -#else -#define SERVER_ADDR SERVER_NAME -#endif - -#define MESSAGE "Echo this" - -#define READ_TIMEOUT_MS 1000 -#define MAX_RETRY 5 - -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(int argc, char *argv[]) -{ - int ret, len; - mbedtls_net_context server_fd; - uint32_t flags; - unsigned char buf[1024]; - const char *pers = "dtls_client"; - int retry_left = MAX_RETRY; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - mbedtls_timing_delay_context timer; - - ((void) argc); - ((void) argv); - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 0. Load certificates - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1. Start the connection - */ - mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR, - SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the DTLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - /* OPTIONAL is usually a bad choice for security, but makes interop easier - * in this simplified example, in which the ca chain is hardcoded. - * Production code should set a proper ca chain and use REQUIRED. */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, - mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout); - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - - mbedtls_printf(" ok\n"); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the DTLS handshake..."); - fflush(stdout); - - do { - ret = mbedtls_ssl_handshake(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - /* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the - * handshake would not succeed if the peer's cert is bad. Even if we used - * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */ - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - char vrfy_buf[512]; -#endif - - mbedtls_printf(" failed\n"); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); -#endif - } else { - mbedtls_printf(" ok\n"); - } - - /* - * 6. Write the echo request - */ -send_request: - mbedtls_printf(" > Write to server:"); - fflush(stdout); - - len = sizeof(MESSAGE) - 1; - - do { - ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - - len = ret; - mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE); - - /* - * 7. Read the echo response - */ - mbedtls_printf(" < Read from server:"); - fflush(stdout); - - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - - do { - ret = mbedtls_ssl_read(&ssl, buf, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_TIMEOUT: - mbedtls_printf(" timeout\n\n"); - if (retry_left-- > 0) { - goto send_request; - } - goto exit; - - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - goto close_notify; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - } - - len = ret; - mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf); - - /* - * 8. Done, cleanly close the connection - */ -close_notify: - mbedtls_printf(" . Closing the connection..."); - - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - - mbedtls_printf(" done\n"); - - /* - * 9. Final clean-ups and exit - */ -exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - /* Shell can not handle large exit numbers -> 1 for errors */ - if (ret < 0) { - ret = 1; - } - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c deleted file mode 100644 index 6430ed2a2..000000000 --- a/programs/ssl/dtls_server.c +++ /dev/null @@ -1,409 +0,0 @@ -/* - * Simple DTLS server demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -/* Uncomment out the following line to default to IPv4 and disable IPv6 */ -//#define FORCE_IPV4 - -#ifdef FORCE_IPV4 -#define BIND_IP "0.0.0.0" /* Forces IPv4 */ -#else -#define BIND_IP "::" -#endif - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ - !defined(MBEDTLS_SSL_COOKIE_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " - "MBEDTLS_SSL_COOKIE_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#if defined(_WIN32) -#include -#endif - -#include -#include -#include - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "mbedtls/debug.h" -#include "mbedtls/timing.h" - -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#define READ_TIMEOUT_MS 10000 /* 10 seconds */ -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret, len; - mbedtls_net_context listen_fd, client_fd; - unsigned char buf[1024]; - const char *pers = "dtls_server"; - unsigned char client_ip[16] = { 0 }; - size_t cliip_len; - mbedtls_ssl_cookie_ctx cookie_ctx; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; - mbedtls_timing_delay_context timer; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_cookie_init(&cookie_ctx); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 1. Seed the RNG - */ - printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - printf(" ok\n"); - - /* - * 2. Load the certificates and private RSA key - */ - printf("\n . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, - NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); - if (ret != 0) { - printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - printf(" ok\n"); - - /* - * 3. Setup the "listening" UDP socket - */ - printf(" . Bind on udp/*/4433 ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP)) != 0) { - printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - printf(" ok\n"); - - /* - * 4. Setup stuff - */ - printf(" . Setting up the DTLS data..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, - &cookie_ctx); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - - printf(" ok\n"); - -reset: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - - mbedtls_ssl_session_reset(&ssl); - - /* - * 5. Wait until a client connects - */ - printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - client_ip, sizeof(client_ip), &cliip_len)) != 0) { - printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* For HelloVerifyRequest cookies */ - if ((ret = mbedtls_ssl_set_client_transport_id(&ssl, - client_ip, cliip_len)) != 0) { - printf(" failed\n ! " - "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &client_fd, - mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout); - - printf(" ok\n"); - - /* - * 6. Handshake - */ - printf(" . Performing the DTLS handshake..."); - fflush(stdout); - - do { - ret = mbedtls_ssl_handshake(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - printf(" hello verification requested\n"); - ret = 0; - goto reset; - } else if (ret != 0) { - printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret); - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { - printf(" An unexpected message was received from our peer. If this happened at\n"); - printf(" the beginning of the handshake, this is likely a duplicated packet or\n"); - printf(" a close_notify alert from the previous connection, which is harmless.\n"); - ret = 0; - } - printf("\n"); - goto reset; - } - - printf(" ok\n"); - - /* - * 7. Read the echo Request - */ - printf(" < Read from client:"); - fflush(stdout); - - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - - do { - ret = mbedtls_ssl_read(&ssl, buf, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_TIMEOUT: - printf(" timeout\n\n"); - goto reset; - - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - printf(" connection was closed gracefully\n"); - goto close_notify; - - default: - printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret); - goto reset; - } - } - - len = ret; - printf(" %d bytes read\n\n%s\n\n", len, buf); - - /* - * 8. Write the 200 Response - */ - printf(" > Write to client:"); - fflush(stdout); - - do { - ret = mbedtls_ssl_write(&ssl, buf, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret < 0) { - printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - - len = ret; - printf(" %d bytes written\n\n%s\n\n", len, buf); - - /* - * 9. Done, cleanly close the connection - */ -close_notify: - printf(" . Closing the connection..."); - - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - - printf(" done\n"); - - goto reset; - - /* - * Final clean-ups and exit - */ -exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_cookie_free(&cookie_ctx); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - /* Shell can not handle large exit numbers -> 1 for errors */ - if (ret < 0) { - ret = 1; - } - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c deleted file mode 100644 index cac630e29..000000000 --- a/programs/ssl/mini_client.c +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Minimal SSL client, used for memory measurements. - * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -/* - * We're creating and connecting the socket "manually" rather than using the - * NET module, in order to avoid the overhead of getaddrinfo() which tends to - * dominate memory usage in small configurations. For the sake of simplicity, - * only a Unix version is implemented. - * - * Warning: we are breaking some of the abstractions from the NET layer here. - * This is not a good example for general use. This programs has the specific - * goal of minimizing use of the libc functions on full-blown OSes. - */ -#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) -#define UNIX -#endif - -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(UNIX) - -int main(void) -{ - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include - -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#include - -/* - * Hardcoded values for server host and port - */ -#define PORT_BE 0x1151 /* 4433 */ -#define PORT_LE 0x5111 -#define ADDR_BE 0x7f000001 /* 127.0.0.1 */ -#define ADDR_LE 0x0100007f -#define HOSTNAME "localhost" /* for cert verification if enabled */ - -#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" - -const char *pers = "mini_client"; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/* This is framework/data_files/test-ca2.crt, a CA using EC secp384r1 */ -const unsigned char ca_cert[] = { - 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, - 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, - 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, - 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, - 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, - 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x39, - 0x32, 0x34, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32, - 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, - 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, - 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, - 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, - 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, - 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, - 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, - 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, - 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, - 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, - 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, - 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, - 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, - 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, - 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x81, 0xa0, 0x30, 0x81, 0x9d, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0x6d, 0x20, - 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, - 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0c, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, - 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, - 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xb4, 0x62, 0x73, 0x56, - 0x28, 0x95, 0x00, 0x7d, 0x78, 0x12, 0x26, 0xd2, 0x71, 0x7b, 0x19, 0xf8, - 0x8a, 0x98, 0x3e, 0x92, 0xfe, 0x33, 0x9e, 0xe4, 0x79, 0xd2, 0xfe, 0x7a, - 0xb7, 0x87, 0x74, 0x3c, 0x2b, 0xb8, 0xd7, 0x69, 0x94, 0x0b, 0xa3, 0x67, - 0x77, 0xb8, 0xb3, 0xbe, 0xd1, 0x36, 0x32, 0x02, 0x31, 0x00, 0xfd, 0x67, - 0x9c, 0x94, 0x23, 0x67, 0xc0, 0x56, 0xba, 0x4b, 0x33, 0x15, 0x00, 0xc6, - 0xe3, 0xcc, 0x31, 0x08, 0x2c, 0x9c, 0x8b, 0xda, 0xa9, 0x75, 0x23, 0x2f, - 0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c, - 0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20, -}; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -enum exit_codes { - exit_ok = 0, - ctr_drbg_seed_failed, - ssl_config_defaults_failed, - ssl_setup_failed, - hostname_failed, - socket_failed, - connect_failed, - x509_crt_parse_failed, - ssl_handshake_failed, - ssl_write_failed, -}; - - -int main(void) -{ - int ret = exit_ok; - mbedtls_net_context server_fd; - struct sockaddr_in addr; -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt ca; -#endif - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_init(&ctr_drbg); - - /* - * 0. Initialize and setup stuff - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_init(&ca); -#endif - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - ret = ctr_drbg_seed_failed; - goto exit; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - ret = ssl_config_defaults_failed; - goto exit; - } - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), - (const unsigned char *) psk_id, sizeof(psk_id) - 1); -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) { - ret = x509_crt_parse_failed; - goto exit; - } - - mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL); - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); -#endif - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - ret = ssl_setup_failed; - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) { - ret = hostname_failed; - goto exit; - } -#endif - - /* - * 1. Start the connection - */ - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - - ret = 1; /* for endianness detection */ - addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE; - addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; - ret = 0; - - if ((server_fd.fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - ret = socket_failed; - goto exit; - } - - if (connect(server_fd.fd, - (const struct sockaddr *) &addr, sizeof(addr)) < 0) { - ret = connect_failed; - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - if (mbedtls_ssl_handshake(&ssl) != 0) { - ret = ssl_handshake_failed; - goto exit; - } - - /* - * 2. Write the GET request and close the connection - */ - if (mbedtls_ssl_write(&ssl, (const unsigned char *) GET_REQUEST, - sizeof(GET_REQUEST) - 1) <= 0) { - ret = ssl_write_failed; - goto exit; - } - - mbedtls_ssl_close_notify(&ssl); - -exit: - mbedtls_net_free(&server_fd); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_free(&ca); -#endif - mbedtls_psa_crypto_free(); - - mbedtls_exit(ret); -} -#endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c deleted file mode 100644 index a6ab8587b..000000000 --- a/programs/ssl/ssl_client1.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * SSL client demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/net_sockets.h" -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" -#include "test/certs.h" - -#include - -#define SERVER_PORT "4433" -#define SERVER_NAME "localhost" -#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" - -#define DEBUG_LEVEL 1 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret = 1, len; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context server_fd; - uint32_t flags; - unsigned char buf[1024]; - const char *pers = "ssl_client1"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 0. Initialize certificates - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1. Start the connection - */ - mbedtls_printf(" . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, - SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* OPTIONAL is not optimal for security, - * but makes interop easier in this simplified example */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - /* In real life, we probably want to bail out when ret != 0 */ - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - char vrfy_buf[512]; -#endif - - mbedtls_printf(" failed\n"); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); -#endif - } else { - mbedtls_printf(" ok\n"); - } - - /* - * 3. Write the GET request - */ - mbedtls_printf(" > Write to server:"); - fflush(stdout); - - len = sprintf((char *) buf, GET_REQUEST); - - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - } - - len = ret; - mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf); - - /* - * 7. Read the HTTP response - */ - mbedtls_printf(" < Read from server:"); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - mbedtls_printf("The return value %d from mbedtls_ssl_read() means that the server\n" - "closed the connection first. We're ok with that.\n", - MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY); - break; - } - - if (ret < 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret); - break; - } - - if (ret == 0) { - mbedtls_printf("\n\nEOF\n\n"); - break; - } - - len = ret; - mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf); - } while (1); - - mbedtls_ssl_close_notify(&ssl); - - if (ret == 0 || ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - exit_code = MBEDTLS_EXIT_SUCCESS; - } - -exit: - -#ifdef MBEDTLS_ERROR_C - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c deleted file mode 100644 index f009a3169..000000000 --- a/programs/ssl/ssl_client2.c +++ /dev/null @@ -1,3238 +0,0 @@ -/* - * SSL client with certificate authentication - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "ssl_test_lib.h" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#include "test/psa_crypto_helpers.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) -int main(void) -{ - mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE); - mbedtls_exit(0); -} -#elif !defined(MBEDTLS_SSL_CLI_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n"); - mbedtls_exit(0); -} -#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ - -/* Size of memory to be allocated for the heap, when using the library's memory - * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 - -#define MAX_REQUEST_SIZE 20000 -#define MAX_REQUEST_SIZE_STR "20000" - -#define DFL_SERVER_NAME "localhost" -#define DFL_SERVER_ADDR NULL -#define DFL_SERVER_PORT "4433" -#define DFL_REQUEST_PAGE "/" -#define DFL_REQUEST_SIZE -1 -#define DFL_DEBUG_LEVEL 0 -#define DFL_CONTEXT_CRT_CB 0 -#define DFL_NBIO 0 -#define DFL_EVENT 0 -#define DFL_READ_TIMEOUT 0 -#define DFL_MAX_RESEND 0 -#define DFL_CA_FILE "" -#define DFL_CA_PATH "" -#define DFL_CRT_FILE "" -#define DFL_KEY_FILE "" -#define DFL_KEY_OPAQUE 0 -#define DFL_KEY_PWD "" -#define DFL_PSK "" -#define DFL_EARLY_DATA -1 -#define DFL_PSK_OPAQUE 0 -#define DFL_PSK_IDENTITY "Client_identity" -#define DFL_ECJPAKE_PW NULL -#define DFL_ECJPAKE_PW_OPAQUE 0 -#define DFL_EC_MAX_OPS -1 -#define DFL_FORCE_CIPHER 0 -#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL -#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED -#define DFL_ALLOW_LEGACY -2 -#define DFL_RENEGOTIATE 0 -#define DFL_EXCHANGES 1 -#define DFL_MIN_VERSION -1 -#define DFL_MAX_VERSION -1 -#define DFL_SHA1 -1 -#define DFL_AUTH_MODE -1 -#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE -#define DFL_TRUNC_HMAC -1 -#define DFL_RECSPLIT -1 -#define DFL_DHMLEN -1 -#define DFL_RECONNECT 0 -#define DFL_RECO_SERVER_NAME NULL -#define DFL_RECO_DELAY 0 -#define DFL_RECO_MODE 1 -#define DFL_CID_ENABLED 0 -#define DFL_CID_VALUE "" -#define DFL_CID_ENABLED_RENEGO -1 -#define DFL_CID_VALUE_RENEGO NULL -#define DFL_RECONNECT_HARD 0 -#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED -#define DFL_ALPN_STRING NULL -#define DFL_GROUPS NULL -#define DFL_SIG_ALGS NULL -#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM -#define DFL_HS_TO_MIN 0 -#define DFL_HS_TO_MAX 0 -#define DFL_DTLS_MTU -1 -#define DFL_DGRAM_PACKING 1 -#define DFL_FALLBACK -1 -#define DFL_EXTENDED_MS -1 -#define DFL_ETM -1 -#define DFL_SERIALIZE 0 -#define DFL_CONTEXT_FILE "" -#define DFL_EXTENDED_MS_ENFORCE -1 -#define DFL_CA_CALLBACK 0 -#define DFL_EAP_TLS 0 -#define DFL_REPRODUCIBLE 0 -#define DFL_NSS_KEYLOG 0 -#define DFL_NSS_KEYLOG_FILE NULL -#define DFL_SKIP_CLOSE_NOTIFY 0 -#define DFL_QUERY_CONFIG_MODE 0 -#define DFL_USE_SRTP 0 -#define DFL_SRTP_FORCE_PROFILE 0 -#define DFL_SRTP_MKI "" -#define DFL_KEY_OPAQUE_ALG "none" - -#define GET_REQUEST "GET %s HTTP/1.0\r\nHost: %s\r\nExtra-header: " -#define GET_REQUEST_END "\r\n\r\n" - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_CONTEXT_CRT_CB \ - " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \ - " to the SSL configuration of the SSL context.\n" \ - " Possible values:\n" \ - " - 0 (default): Use CRT callback bound to configuration\n" \ - " - 1: Use CRT callback bound to SSL context\n" -#else -#define USAGE_CONTEXT_CRT_CB "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_FS_IO) -#define USAGE_IO \ - " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded) (overrides ca_file)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ - " default: \"\" (pre-loaded)\n" \ - " key_file=%%s default: \"\" (pre-loaded)\n" \ - " key_pwd=%%s Password for key specified by key_file argument\n" \ - " default: none\n" -#else -#define USAGE_IO \ - " No file operations available (MBEDTLS_FS_IO not defined)\n" -#endif /* MBEDTLS_FS_IO */ -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#define USAGE_IO "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_KEY_OPAQUE \ - " key_opaque=%%d Handle your private key as if it were opaque\n" \ - " default: 0 (disabled)\n" -#else -#define USAGE_KEY_OPAQUE "" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define USAGE_CID \ - " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \ - " default: 0 (disabled)\n" \ - " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \ - " default: same as 'cid' parameter\n" \ - " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \ - " default: \"\"\n" \ - " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \ - " default: same as 'cid_val' parameter\n" -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#define USAGE_CID "" -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#define USAGE_PSK_RAW \ - " psk=%%s default: \"\" (disabled)\n" \ - " The PSK values are in hex, without 0x.\n" \ - " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define USAGE_PSK_SLOT \ - " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ - " Enable this to store the PSK configured through command line\n" \ - " parameter `psk` in a PSA-based key slot.\n" \ - " Note: Currently only supported in conjunction with\n" \ - " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \ - " to force a particular PSK-only ciphersuite.\n" \ - " Note: This is to test integration of PSA-based opaque PSKs with\n" \ - " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ - " with prepopulated key slots instead of importing raw key material.\n" -#else -#define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT -#else -#define USAGE_PSK "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -#define USAGE_CA_CALLBACK \ - " ca_callback=%%d default: 0 (disabled)\n" \ - " Enable this to use the trusted certificate callback function\n" -#else -#define USAGE_CA_CALLBACK "" -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" -#else -#define USAGE_TICKETS "" -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#define USAGE_EAP_TLS \ - " eap_tls=%%d default: 0 (disabled)\n" -#define USAGE_NSS_KEYLOG \ - " nss_keylog=%%d default: 0 (disabled)\n" \ - " This cannot be used with eap_tls=1\n" -#define USAGE_NSS_KEYLOG_FILE \ - " nss_keylog_file=%%s\n" -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#define USAGE_SRTP \ - " use_srtp=%%d default: 0 (disabled)\n" \ - " This cannot be used with eap_tls=1 or " \ - " nss_keylog=1\n" \ - " srtp_force_profile=%%d default: 0 (all enabled)\n" \ - " available profiles:\n" \ - " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ - " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ - " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ - " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " mki=%%s default: \"\" (in hex, without 0x)\n" -#else /* MBEDTLS_SSL_DTLS_SRTP */ -#define USAGE_SRTP "" -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -#define USAGE_MAX_FRAG_LEN \ - " max_frag_len=%%d default: 16384 (tls default)\n" \ - " options: 512, 1024, 2048, 4096\n" -#else -#define USAGE_MAX_FRAG_LEN "" -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_DHM_C) -#define USAGE_DHMLEN \ - " dhmlen=%%d default: (library default: 1024 bits)\n" -#else -#define USAGE_DHMLEN -#endif - -#if defined(MBEDTLS_SSL_ALPN) -#define USAGE_ALPN \ - " alpn=%%s default: \"\" (disabled)\n" \ - " example: spdy/1,http/1.1\n" -#else -#define USAGE_ALPN "" -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) -#define USAGE_GROUPS \ - " groups=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"secp521r1,brainpoolP512r1\"\n" \ - " - use \"none\" for empty list\n" \ - " - see mbedtls_ecp_curve_list()\n" \ - " for acceptable EC group names\n" \ - " - the following ffdh groups are supported:\n" \ - " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \ - " ffdhe8192\n" -#else -#define USAGE_GROUPS "" -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_SIG_ALGS \ - " sig_algs=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n" -#else -#define USAGE_SIG_ALGS "" -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#define USAGE_DTLS \ - " dtls=%%d default: 0 (TLS)\n" \ - " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \ - " range of DTLS handshake timeouts in millisecs\n" \ - " mtu=%%d default: (library default: unlimited)\n" \ - " dgram_packing=%%d default: 1 (allowed)\n" \ - " allow or forbid packing of multiple\n" \ - " records within a single datgram.\n" -#else -#define USAGE_DTLS "" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -#define USAGE_EMS \ - " extended_ms=0/1 default: (library default: on)\n" -#else -#define USAGE_EMS "" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define USAGE_ETM \ - " etm=0/1 default: (library default: on)\n" -#else -#define USAGE_ETM "" -#endif - -#define USAGE_REPRODUCIBLE \ - " reproducible=0/1 default: 0 (disabled)\n" - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -#define USAGE_RENEGO \ - " renegotiation=%%d default: 0 (disabled)\n" \ - " renegotiate=%%d default: 0 (disabled)\n" -#else -#define USAGE_RENEGO "" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" \ - " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#define USAGE_ECJPAKE "" -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) -#define USAGE_ECRESTART \ - " ec_max_ops=%%s default: library default (restart disabled)\n" -#else -#define USAGE_ECRESTART "" -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -#define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" \ - " context_file=%%s The file path to write a serialized connection\n" \ - " in the form of base64 code (serialize option\n" \ - " must be set)\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" -#else -#define USAGE_SERIALIZATION "" -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#define USAGE_EARLY_DATA \ - " early_data=%%d default: library default\n" \ - " options: 0 (disabled), 1 (enabled)\n" -#else -#define USAGE_EARLY_DATA "" -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ - -#define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" \ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " tls13_kex_modes=%%s default: all\n" \ - " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \ - " ephemeral_all, all, psk_or_ephemeral\n" -#else -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* USAGE is arbitrarily split to stay under the portable string literal - * length limit: 4095 bytes in C99. */ -#define USAGE1 \ - "\n usage: ssl_client2 param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_name=%%s default: localhost\n" \ - " server_addr=%%s default: given by name\n" \ - " server_port=%%d default: 4433\n" \ - " request_page=%%s default: \".\"\n" \ - " request_size=%%d default: about 34 (basic request)\n" \ - " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \ - " If 0, in the first exchange only an empty\n" \ - " application data message is sent followed by\n" \ - " a second non-empty message before attempting\n" \ - " to read a response from the server\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " build_version=%%d default: none (disabled)\n" \ - " option: 1 (print build version only and stop)\n" \ - " nbio=%%d default: 0 (blocking I/O)\n" \ - " options: 1 (non-blocking), 2 (added delays)\n" \ - " event=%%d default: 0 (loop)\n" \ - " options: 1 (level-triggered, implies nbio=1),\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ - " max_resend=%%d default: 0 (no resend on timeout)\n" \ - " skip_close_notify=%%d default: 0 (send close_notify)\n" \ - "\n" \ - USAGE_DTLS \ - USAGE_CID \ - USAGE_SRTP \ - "\n" -#define USAGE2 \ - " auth_mode=%%s default: (library default: none)\n" \ - " options: none, optional, required\n" \ - USAGE_IO \ - USAGE_KEY_OPAQUE \ - USAGE_CA_CALLBACK \ - "\n" \ - USAGE_PSK \ - USAGE_ECJPAKE \ - USAGE_ECRESTART \ - "\n" -#define USAGE3 \ - " allow_legacy=%%d default: (library default: no)\n" \ - USAGE_RENEGO \ - " exchanges=%%d default: 1\n" \ - " reconnect=%%d number of reconnections using session resumption\n" \ - " default: 0 (disabled)\n" \ - " reco_server_name=%%s default: NULL\n" \ - " reco_delay=%%d default: 0 milliseconds\n" \ - " reco_mode=%%d 0: copy session, 1: serialize session\n" \ - " default: 1\n" \ - " reconnect_hard=%%d default: 0 (disabled)\n" \ - USAGE_TICKETS \ - USAGE_EAP_TLS \ - USAGE_MAX_FRAG_LEN \ - USAGE_CONTEXT_CRT_CB \ - USAGE_ALPN \ - USAGE_EMS \ - USAGE_ETM \ - USAGE_REPRODUCIBLE \ - USAGE_GROUPS \ - USAGE_SIG_ALGS \ - USAGE_EARLY_DATA \ - USAGE_DHMLEN \ - USAGE_KEY_OPAQUE_ALGS \ - "\n" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define TLS1_3_VERSION_OPTIONS ", tls13" -#else /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#define TLS1_3_VERSION_OPTIONS "" -#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ - -#define USAGE4 \ - " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls12)\n" \ - " max_version=%%s default: (library default: tls12)\n" \ - " force_version=%%s default: \"\" (none)\n" \ - " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \ - "\n\n" \ - " force_ciphersuite= default: all enabled\n" \ - USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " query_config= return 0 if the specified\n" \ - " configuration macro is defined and 1\n" \ - " otherwise. The expansion of the macro\n" \ - " is printed if it is defined\n" \ - USAGE_SERIALIZATION \ - "\n" - -/* - * global options - */ -struct options { - const char *server_name; /* hostname of the server (client only) */ - const char *server_addr; /* address of the server (client only) */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int nbio; /* should I/O be blocking? */ - int event; /* loop or event-driven IO? level or edge triggered? */ - uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ - int max_resend; /* DTLS times to resend on read timeout */ - const char *request_page; /* page on server to request */ - int request_size; /* pad request with header to requested size */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *ca_path; /* the path with the CA certificate(s) reside */ - const char *crt_file; /* the file with the client certificate */ - const char *key_file; /* the file with the client key */ - int key_opaque; /* handle private key as if it were opaque */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - int psk_opaque; -#endif -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - int ca_callback; /* Use callback for trusted certificate list */ -#endif - const char *key_pwd; /* the password for the client key */ - const char *psk; /* the pre-shared key */ - const char *psk_identity; /* the pre-shared key identity */ - const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif - int ec_max_ops; /* EC consecutive operations limit */ - int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - int renegotiation; /* enable / disable renegotiation */ - int allow_legacy; /* allow legacy renegotiation */ - int renegotiate; /* attempt renegotiation? */ - int renego_delay; /* delay before enforcing renegotiation */ - int exchanges; /* number of data exchanges */ - int min_version; /* minimum protocol version accepted */ - int max_version; /* maximum protocol version accepted */ - int allow_sha1; /* flag for SHA-1 support */ - int auth_mode; /* verify mode for connection */ - unsigned char mfl_code; /* code for maximum fragment length */ - int trunc_hmac; /* negotiate truncated hmac or not */ - int recsplit; /* enable record splitting? */ - int dhmlen; /* minimum DHM params len in bits */ - int reconnect; /* attempt to resume session */ - const char *reco_server_name; /* hostname of the server (re-connect) */ - int reco_delay; /* delay in seconds before resuming session */ - int reco_mode; /* how to keep the session around */ - int reconnect_hard; /* unexpectedly reconnect from the same port */ - int tickets; /* enable / disable session tickets */ - const char *groups; /* list of supported groups */ - const char *sig_algs; /* supported TLS 1.3 signature algorithms */ - const char *alpn_string; /* ALPN supported protocols */ - int transport; /* TLS or DTLS? */ - uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ - uint32_t hs_to_max; /* Max value of DTLS handshake timer */ - int dtls_mtu; /* UDP Maximum transport unit for DTLS */ - int fallback; /* is this a fallback connection? */ - int dgram_packing; /* allow/forbid datagram packing */ - int extended_ms; /* negotiate extended master secret? */ - int etm; /* negotiate encrypt then mac? */ - int context_crt_cb; /* use context-specific CRT verify callback */ - int eap_tls; /* derive EAP-TLS keying material? */ - int nss_keylog; /* export NSS key log material */ - const char *nss_keylog_file; /* NSS key log file */ - int cid_enabled; /* whether to use the CID extension or not */ - int cid_enabled_renego; /* whether to use the CID extension or not - * during renegotiation */ - const char *cid_val; /* the CID to use for incoming messages */ - int serialize; /* serialize/deserialize connection */ - const char *context_file; /* the file to write a serialized connection - * in the form of base64 code (serialize - * option must be set) */ - const char *cid_val_renego; /* the CID to use for incoming messages - * after renegotiation */ - int reproducible; /* make communication reproducible */ - int skip_close_notify; /* skip sending the close_notify alert */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* early data enablement flag */ -#endif - int query_config_mode; /* whether to read config */ - int use_srtp; /* Support SRTP */ - int force_srtp_profile; /* SRTP protection profile to use or all */ - const char *mki; /* The dtls mki value to use */ - const char *key_opaque_alg1; /* Allowed opaque key alg 1 */ - const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */ -} opt; - -#include "ssl_test_common_source.c" - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static unsigned char peer_crt_info[1024]; - -/* - * Enabled if debug_level > 1 in code below - */ -static int my_verify(void *data, mbedtls_x509_crt *crt, - int depth, uint32_t *flags) -{ - char buf[1024]; - ((void) data); - - mbedtls_printf("\nVerify requested for (Depth %d):\n", depth); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); - if (depth == 0) { - memcpy(peer_crt_info, buf, sizeof(buf)); - } - - if (opt.debug_level == 0) { - return 0; - } - - mbedtls_printf("%s", buf); -#else - ((void) crt); - ((void) depth); -#endif - - if ((*flags) == 0) { - mbedtls_printf(" This certificate has no flags\n"); - } else { - x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags); - mbedtls_printf("%s\n", buf); - } - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int report_cid_usage(mbedtls_ssl_context *ssl, - const char *additional_description) -{ - int ret; - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; - size_t peer_cid_len; - int cid_negotiated; - - if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } - - /* Check if the use of a CID has been negotiated, - * but don't ask for the CID value and length. - * - * Note: Here and below, we're demonstrating the various ways - * in which mbedtls_ssl_get_peer_cid() can be called, - * depending on whether or not the length/value of the - * peer's CID is needed. - * - * An actual application, however, should use - * just one call to mbedtls_ssl_get_peer_cid(). */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - NULL, NULL); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - - if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) { - if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) { - mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n", - additional_description); - } - } else { - size_t idx = 0; - mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n", - additional_description); - - /* Ask for just the length of the peer's CID. */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - NULL, &peer_cid_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - - /* Ask for just length + value of the peer's CID. */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - peer_cid, &peer_cid_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - mbedtls_printf("(%s) Peer CID (length %u Bytes): ", - additional_description, - (unsigned) peer_cid_len); - while (idx < peer_cid_len) { - mbedtls_printf("%02x ", peer_cid[idx]); - idx++; - } - mbedtls_printf("\n"); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -static int ssl_save_session_serialize(mbedtls_ssl_context *ssl, - unsigned char **session_data, - size_t *session_data_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session exported_session; - - /* free any previously saved data */ - if (*session_data != NULL) { - mbedtls_platform_zeroize(*session_data, *session_data_len); - mbedtls_free(*session_data); - *session_data = NULL; - *session_data_len = 0; - } - - mbedtls_ssl_session_init(&exported_session); - ret = mbedtls_ssl_get_session(ssl, &exported_session); - if (ret != 0) { - mbedtls_printf( - "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n", - (unsigned) -ret); - goto exit; - } - - /* get size of the buffer needed */ - (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len); - *session_data = mbedtls_calloc(1, *session_data_len); - if (*session_data == NULL) { - mbedtls_printf(" failed\n ! alloc %u bytes for session data\n", - (unsigned) *session_data_len); - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - /* actually save session data */ - if ((ret = mbedtls_ssl_session_save(&exported_session, - *session_data, *session_data_len, - session_data_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", - (unsigned int) -ret); - goto exit; - } - -exit: - mbedtls_ssl_session_free(&exported_session); - return ret; -} - -/* - * Build HTTP request - */ -static int build_http_request(unsigned char *buf, size_t buf_size, size_t *request_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len, tail_len, request_size; - - ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page, opt.server_name); - if (ret < 0) { - return ret; - } - - len = (size_t) ret; - tail_len = strlen(GET_REQUEST_END); - if (opt.request_size != DFL_REQUEST_SIZE) { - request_size = (size_t) opt.request_size; - } else { - request_size = len + tail_len; - } - - if (request_size > buf_size) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* Add padding to GET request to reach opt.request_size in length */ - if (opt.request_size != DFL_REQUEST_SIZE && - len + tail_len < request_size) { - memset(buf + len, 'A', request_size - len - tail_len); - len = request_size - tail_len; - } - - strncpy((char *) buf + len, GET_REQUEST_END, buf_size - len); - len += tail_len; - - /* Truncate if request size is smaller than the "natural" size */ - if (opt.request_size != DFL_REQUEST_SIZE && - len > request_size) { - len = request_size; - - /* Still end with \r\n unless that's really not possible */ - if (len >= 2) { - buf[len - 2] = '\r'; - } - if (len >= 1) { - buf[len - 1] = '\n'; - } - } - - *request_len = len; - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 0, i; - size_t len, written, frags, retry_left; - int query_config_ret = 0; - mbedtls_net_context server_fd; - io_ctx_t io_ctx; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; -#endif - - unsigned char buf[MAX_REQUEST_SIZE + 1]; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - unsigned char psk[MBEDTLS_PSK_MAX_LEN]; - size_t psk_len = 0; -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; - size_t cid_len = 0; - size_t cid_renego_len = 0; -#endif - -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[ALPN_LIST_SIZE]; -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[MEMORY_HEAP_SIZE]; -#endif - uint16_t group_list[GROUP_LIST_SIZE]; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; - size_t mki_len = 0; -#endif - - const char *pers = "ssl_client2"; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; - psa_algorithm_t alg = 0; - psa_key_attributes_t key_attributes; -#endif - psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif - - rng_context_t rng; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ssl_session saved_session; - unsigned char *session_data = NULL; - size_t session_data_len = 0; -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer; -#endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint32_t flags; - mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; - mbedtls_pk_context pkey; - mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - char *p, *q; - const int *list; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; -#endif - unsigned char eap_tls_keymaterial[16]; - unsigned char eap_tls_iv[8]; - const char *eap_tls_label = "client EAP encryption"; - eap_tls_keys eap_tls_keying; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp"; - dtls_srtp_keys dtls_srtp_keying; - const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_UNSET - }; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - -#if defined(MBEDTLS_TEST_HOOKS) - test_hooks_init(); -#endif /* MBEDTLS_TEST_HOOKS */ - - /* - * Make sure memory references are valid. - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_session_init(&saved_session); - rng_init(&rng); -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_init(&cacert); - mbedtls_x509_crt_init(&clicert); - mbedtls_pk_init(&pkey); -#endif -#if defined(MBEDTLS_SSL_ALPN) - memset((void *) alpn_list, 0, sizeof(alpn_list)); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - mbedtls_test_enable_insecure_external_rng(); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - - opt.server_name = DFL_SERVER_NAME; - opt.server_addr = DFL_SERVER_ADDR; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.cid_enabled = DFL_CID_ENABLED; - opt.cid_val = DFL_CID_VALUE; - opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO; - opt.cid_val_renego = DFL_CID_VALUE_RENEGO; - opt.nbio = DFL_NBIO; - opt.event = DFL_EVENT; - opt.context_crt_cb = DFL_CONTEXT_CRT_CB; - opt.read_timeout = DFL_READ_TIMEOUT; - opt.max_resend = DFL_MAX_RESEND; - opt.request_page = DFL_REQUEST_PAGE; - opt.request_size = DFL_REQUEST_SIZE; - opt.ca_file = DFL_CA_FILE; - opt.ca_path = DFL_CA_PATH; - opt.crt_file = DFL_CRT_FILE; - opt.key_file = DFL_KEY_FILE; - opt.key_opaque = DFL_KEY_OPAQUE; - opt.key_pwd = DFL_KEY_PWD; - opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - opt.psk_opaque = DFL_PSK_OPAQUE; -#endif -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - opt.ca_callback = DFL_CA_CALLBACK; -#endif - opt.psk_identity = DFL_PSK_IDENTITY; - opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif - opt.ec_max_ops = DFL_EC_MAX_OPS; - opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - opt.renegotiation = DFL_RENEGOTIATION; - opt.allow_legacy = DFL_ALLOW_LEGACY; - opt.renegotiate = DFL_RENEGOTIATE; - opt.exchanges = DFL_EXCHANGES; - opt.min_version = DFL_MIN_VERSION; - opt.max_version = DFL_MAX_VERSION; - opt.allow_sha1 = DFL_SHA1; - opt.auth_mode = DFL_AUTH_MODE; - opt.mfl_code = DFL_MFL_CODE; - opt.trunc_hmac = DFL_TRUNC_HMAC; - opt.recsplit = DFL_RECSPLIT; - opt.dhmlen = DFL_DHMLEN; - opt.reconnect = DFL_RECONNECT; - opt.reco_server_name = DFL_RECO_SERVER_NAME; - opt.reco_delay = DFL_RECO_DELAY; - opt.reco_mode = DFL_RECO_MODE; - opt.reconnect_hard = DFL_RECONNECT_HARD; - opt.tickets = DFL_TICKETS; - opt.alpn_string = DFL_ALPN_STRING; - opt.groups = DFL_GROUPS; - opt.sig_algs = DFL_SIG_ALGS; -#if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA; -#endif - opt.transport = DFL_TRANSPORT; - opt.hs_to_min = DFL_HS_TO_MIN; - opt.hs_to_max = DFL_HS_TO_MAX; - opt.dtls_mtu = DFL_DTLS_MTU; - opt.fallback = DFL_FALLBACK; - opt.extended_ms = DFL_EXTENDED_MS; - opt.etm = DFL_ETM; - opt.dgram_packing = DFL_DGRAM_PACKING; - opt.serialize = DFL_SERIALIZE; - opt.context_file = DFL_CONTEXT_FILE; - opt.eap_tls = DFL_EAP_TLS; - opt.reproducible = DFL_REPRODUCIBLE; - opt.nss_keylog = DFL_NSS_KEYLOG; - opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; - opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; - opt.query_config_mode = DFL_QUERY_CONFIG_MODE; - opt.use_srtp = DFL_USE_SRTP; - opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; - opt.mki = DFL_SRTP_MKI; - opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG; - opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG; - - p = q = NULL; - if (argc < 1) { -usage: - if (p != NULL && q != NULL) { - printf("unrecognized value for '%s': '%s'\n", p, q); - } else if (p != NULL && q == NULL) { - printf("unrecognized param: '%s'\n", p); - } - - mbedtls_printf("usage: ssl_client2 [param=value] [...]\n"); - mbedtls_printf(" ssl_client2 help[_theme]\n"); - mbedtls_printf("'help' lists acceptable 'param' and 'value'\n"); - mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n"); - mbedtls_printf("\n"); - - if (ret == 0) { - ret = 1; - } - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - - if (strcmp(p, "help") == 0) { - mbedtls_printf(USAGE1); - mbedtls_printf(USAGE2); - mbedtls_printf(USAGE3); - mbedtls_printf(USAGE4); - - ret = 0; - goto exit; - } - if (strcmp(p, "help_ciphersuites") == 0) { - mbedtls_printf(" acceptable ciphersuite names:\n"); - for (list = mbedtls_ssl_list_ciphersuites(); - *list != 0; - list++) { - mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); - } - - ret = 0; - goto exit; - } - - if ((q = strchr(p, '=')) == NULL) { - mbedtls_printf("param requires a value: '%s'\n", p); - p = NULL; // avoid "unrecnognized param" message - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "server_name") == 0) { - opt.server_name = q; - } else if (strcmp(p, "server_addr") == 0) { - opt.server_addr = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "dtls") == 0) { - int t = atoi(q); - if (t == 0) { - opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM; - } else if (t == 1) { - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } else { - goto usage; - } - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "build_version") == 0) { - if (strcmp(q, "1") == 0) { - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, - MBEDTLS_VERSION_NUMBER); - goto exit; - } - } else if (strcmp(p, "context_crt_cb") == 0) { - opt.context_crt_cb = atoi(q); - if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) { - goto usage; - } - } else if (strcmp(p, "nbio") == 0) { - opt.nbio = atoi(q); - if (opt.nbio < 0 || opt.nbio > 2) { - goto usage; - } - } else if (strcmp(p, "event") == 0) { - opt.event = atoi(q); - if (opt.event < 0 || opt.event > 2) { - goto usage; - } - } else if (strcmp(p, "read_timeout") == 0) { - opt.read_timeout = atoi(q); - } else if (strcmp(p, "max_resend") == 0) { - opt.max_resend = atoi(q); - if (opt.max_resend < 0) { - goto usage; - } - } else if (strcmp(p, "request_page") == 0) { - opt.request_page = q; - } else if (strcmp(p, "request_size") == 0) { - opt.request_size = atoi(q); - if (opt.request_size < 0 || - opt.request_size > MAX_REQUEST_SIZE) { - goto usage; - } - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "ca_path") == 0) { - opt.ca_path = q; - } else if (strcmp(p, "crt_file") == 0) { - opt.crt_file = q; - } else if (strcmp(p, "key_file") == 0) { - opt.key_file = q; - } else if (strcmp(p, "key_pwd") == 0) { - opt.key_pwd = q; - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "key_opaque") == 0) { - opt.key_opaque = atoi(q); - } -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - else if (strcmp(p, "cid") == 0) { - opt.cid_enabled = atoi(q); - if (opt.cid_enabled != 0 && opt.cid_enabled != 1) { - goto usage; - } - } else if (strcmp(p, "cid_renego") == 0) { - opt.cid_enabled_renego = atoi(q); - if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) { - goto usage; - } - } else if (strcmp(p, "cid_val") == 0) { - opt.cid_val = q; - } else if (strcmp(p, "cid_val_renego") == 0) { - opt.cid_val_renego = q; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if (strcmp(p, "psk") == 0) { - opt.psk = q; - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - else if (strcmp(p, "psk_opaque") == 0) { - opt.psk_opaque = atoi(q); - } -#endif -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - else if (strcmp(p, "ca_callback") == 0) { - opt.ca_callback = atoi(q); - } -#endif - else if (strcmp(p, "psk_identity") == 0) { - opt.psk_identity = q; - } else if (strcmp(p, "ecjpake_pw") == 0) { - opt.ecjpake_pw = q; - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - else if (strcmp(p, "ecjpake_pw_opaque") == 0) { - opt.ecjpake_pw_opaque = atoi(q); - } -#endif - else if (strcmp(p, "ec_max_ops") == 0) { - opt.ec_max_ops = atoi(q); - } else if (strcmp(p, "force_ciphersuite") == 0) { - opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); - - if (opt.force_ciphersuite[0] == 0) { - ret = 2; - goto usage; - } - opt.force_ciphersuite[1] = 0; - } else if (strcmp(p, "renegotiation") == 0) { - opt.renegotiation = (atoi(q)) ? - MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; - } else if (strcmp(p, "allow_legacy") == 0) { - switch (atoi(q)) { - case -1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; - break; - case 0: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - break; - case 1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; - break; - default: goto usage; - } - } else if (strcmp(p, "renegotiate") == 0) { - opt.renegotiate = atoi(q); - if (opt.renegotiate < 0 || opt.renegotiate > 1) { - goto usage; - } - } else if (strcmp(p, "exchanges") == 0) { - opt.exchanges = atoi(q); - if (opt.exchanges < 1) { - goto usage; - } - } else if (strcmp(p, "reconnect") == 0) { - opt.reconnect = atoi(q); - if (opt.reconnect < 0 || opt.reconnect > 2) { - goto usage; - } - } else if (strcmp(p, "reco_server_name") == 0) { - opt.reco_server_name = q; - } else if (strcmp(p, "reco_delay") == 0) { - opt.reco_delay = atoi(q); - if (opt.reco_delay < 0) { - goto usage; - } - } else if (strcmp(p, "reco_mode") == 0) { - opt.reco_mode = atoi(q); - if (opt.reco_mode < 0) { - goto usage; - } - } else if (strcmp(p, "reconnect_hard") == 0) { - opt.reconnect_hard = atoi(q); - if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) { - goto usage; - } - } else if (strcmp(p, "tickets") == 0) { - opt.tickets = atoi(q); - if (opt.tickets < 0) { - goto usage; - } - } else if (strcmp(p, "alpn") == 0) { - opt.alpn_string = q; - } else if (strcmp(p, "extended_ms") == 0) { - switch (atoi(q)) { - case 0: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; - break; - case 1: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "groups") == 0) { - opt.groups = q; - } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "sig_algs") == 0) { - opt.sig_algs = q; - } -#endif - else if (strcmp(p, "etm") == 0) { - switch (atoi(q)) { - case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break; - case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break; - default: goto usage; - } - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_SSL_EARLY_DATA) - else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - else if (strcmp(p, "tls13_kex_modes") == 0) { - if (strcmp(q, "psk") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } else if (strcmp(q, "psk_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } else if (strcmp(q, "ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else if (strcmp(q, "ephemeral_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL; - } else if (strcmp(q, "psk_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - } else if (strcmp(q, "all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; - } else if (strcmp(q, "psk_or_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else { - goto usage; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else if (strcmp(p, "min_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "max_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "allow_sha1") == 0) { - switch (atoi(q)) { - case 0: opt.allow_sha1 = 0; break; - case 1: opt.allow_sha1 = 1; break; - default: goto usage; - } - } else if (strcmp(p, "force_version") == 0) { - if (strcmp(q, "tls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } else if (strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "auth_mode") == 0) { - if (strcmp(q, "none") == 0) { - opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE; - } else if (strcmp(q, "optional") == 0) { - opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - } else if (strcmp(q, "required") == 0) { - opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - } else { - goto usage; - } - } else if (strcmp(p, "max_frag_len") == 0) { - if (strcmp(q, "512") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; - } else if (strcmp(q, "1024") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024; - } else if (strcmp(q, "2048") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048; - } else if (strcmp(q, "4096") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096; - } else { - goto usage; - } - } else if (strcmp(p, "trunc_hmac") == 0) { - switch (atoi(q)) { - case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break; - case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break; - default: goto usage; - } - } else if (strcmp(p, "hs_timeout") == 0) { - if ((p = strchr(q, '-')) == NULL) { - goto usage; - } - *p++ = '\0'; - opt.hs_to_min = atoi(q); - opt.hs_to_max = atoi(p); - if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) { - goto usage; - } - } else if (strcmp(p, "mtu") == 0) { - opt.dtls_mtu = atoi(q); - if (opt.dtls_mtu < 0) { - goto usage; - } - } else if (strcmp(p, "dgram_packing") == 0) { - opt.dgram_packing = atoi(q); - if (opt.dgram_packing != 0 && - opt.dgram_packing != 1) { - goto usage; - } - } else if (strcmp(p, "recsplit") == 0) { - opt.recsplit = atoi(q); - if (opt.recsplit < 0 || opt.recsplit > 1) { - goto usage; - } - } else if (strcmp(p, "dhmlen") == 0) { - opt.dhmlen = atoi(q); - if (opt.dhmlen < 0) { - goto usage; - } - } else if (strcmp(p, "query_config") == 0) { - opt.query_config_mode = 1; - query_config_ret = query_config(q); - goto exit; - } else if (strcmp(p, "serialize") == 0) { - opt.serialize = atoi(q); - if (opt.serialize < 0 || opt.serialize > 2) { - goto usage; - } - } else if (strcmp(p, "context_file") == 0) { - opt.context_file = q; - } else if (strcmp(p, "eap_tls") == 0) { - opt.eap_tls = atoi(q); - if (opt.eap_tls < 0 || opt.eap_tls > 1) { - goto usage; - } - } else if (strcmp(p, "reproducible") == 0) { - opt.reproducible = 1; - } else if (strcmp(p, "nss_keylog") == 0) { - opt.nss_keylog = atoi(q); - if (opt.nss_keylog < 0 || opt.nss_keylog > 1) { - goto usage; - } - } else if (strcmp(p, "nss_keylog_file") == 0) { - opt.nss_keylog_file = q; - } else if (strcmp(p, "skip_close_notify") == 0) { - opt.skip_close_notify = atoi(q); - if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) { - goto usage; - } - } else if (strcmp(p, "use_srtp") == 0) { - opt.use_srtp = atoi(q); - } else if (strcmp(p, "srtp_force_profile") == 0) { - opt.force_srtp_profile = atoi(q); - } else if (strcmp(p, "mki") == 0) { - opt.mki = q; - } else if (strcmp(p, "key_opaque_algs") == 0) { - if (key_opaque_alg_parse(q, &opt.key_opaque_alg1, - &opt.key_opaque_alg2) != 0) { - goto usage; - } - } else { - /* This signals that the problem is with p not q */ - q = NULL; - goto usage; - } - } - /* This signals that any further errors are not with a single option */ - p = q = NULL; - - if (opt.nss_keylog != 0 && opt.eap_tls != 0) { - mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n"); - goto usage; - } - - /* Event-driven IO is incompatible with the above custom - * receive and send functions, as the polling builds on - * refers to the underlying net_context. */ - if (opt.event == 1 && opt.nbio != 1) { - mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n"); - opt.nbio = 1; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(opt.debug_level); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - /* - * Unhexify the pre-shared key if any is given - */ - if (strlen(opt.psk)) { - if (mbedtls_test_unhexify(psk, sizeof(psk), - opt.psk, &psk_len) != 0) { - mbedtls_printf("pre-shared key not valid\n"); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_opaque != 0) { - if (opt.psk == NULL) { - mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); - ret = 2; - goto usage; - } - - if (opt.force_ciphersuite[0] <= 0) { - mbedtls_printf( - "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n"); - ret = 2; - goto usage; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (opt.force_ciphersuite[0] > 0) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]); - - if (opt.max_version != -1 && - ciphersuite_info->min_tls_version > opt.max_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - if (opt.min_version != -1 && - ciphersuite_info->max_tls_version < opt.min_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - - /* If the server selects a version that's not supported by - * this suite, then there will be no common ciphersuite... */ - if (opt.max_version == -1 || - opt.max_version > ciphersuite_info->max_tls_version) { - opt.max_version = ciphersuite_info->max_tls_version; - } - if (opt.min_version < ciphersuite_info->min_tls_version) { - opt.min_version = ciphersuite_info->min_tls_version; - /* DTLS starts with TLS 1.2 */ - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0) { - /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else -#endif /* PSA_WANT_ALG_SHA_384 */ - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (mbedtls_test_unhexify(cid, sizeof(cid), - opt.cid_val, &cid_len) != 0) { - mbedtls_printf("CID not valid\n"); - goto exit; - } - - /* Keep CID settings for renegotiation unless - * specified otherwise. */ - if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) { - opt.cid_enabled_renego = opt.cid_enabled; - } - if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) { - opt.cid_val_renego = opt.cid_val; - } - - if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego), - opt.cid_val_renego, &cid_renego_len) != 0) { - mbedtls_printf("CID not valid\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if (opt.groups != NULL) { - if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) { - goto exit; - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - p = (char *) opt.sig_algs; - i = 0; - - /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */ - while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') { - q = p; - - /* Terminate the current string */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - - if (strcmp(q, "rsa_pkcs1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - } else if (strcmp(q, "ed25519") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; - } else if (strcmp(q, "ed448") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; - } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; - } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; - } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; - } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; - } else if (strcmp(q, "ecdsa_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; - } else { - ret = -1; - mbedtls_printf("unknown signature algorithm \"%s\"\n", q); - mbedtls_print_supported_sig_algs(); - goto exit; - } - } - - if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') { - mbedtls_printf("signature algorithm list too long, maximum %d", - SIG_ALG_LIST_SIZE - 1); - goto exit; - } - - sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - p = (char *) opt.alpn_string; - i = 0; - - /* Leave room for a final NULL in alpn_list */ - while (i < ALPN_LIST_SIZE - 1 && *p != '\0') { - alpn_list[i++] = p; - - /* Terminate the current string and move on to next one */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - } - } -#endif /* MBEDTLS_SSL_ALPN */ - - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER); - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - ret = rng_seed(&rng, opt.reproducible, pers); - if (ret != 0) { - goto exit; - } - mbedtls_printf(" ok\n"); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - if (strcmp(opt.ca_path, "none") == 0 || - strcmp(opt.ca_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.ca_path)) { - ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path); - } else if (strlen(opt.ca_file)) { - ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); - } else -#endif - { -#if defined(MBEDTLS_PEM_PARSE_C) - for (i = 0; mbedtls_test_cas[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse(&cacert, - (const unsigned char *) mbedtls_test_cas[i], - mbedtls_test_cas_len[i]); - if (ret != 0) { - break; - } - } -#endif /* MBEDTLS_PEM_PARSE_C */ - if (ret == 0) { - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der(&cacert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - if (ret != 0) { - break; - } - } - } - } - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1.2. Load own certificate and private key - * - * (can be skipped if client authentication is not required) - */ - mbedtls_printf(" . Loading the client cert. and key..."); - fflush(stdout); - - if (strcmp(opt.crt_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.crt_file)) { - ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file); - } else -#endif - { ret = mbedtls_x509_crt_parse(&clicert, - (const unsigned char *) mbedtls_test_cli_crt, - mbedtls_test_cli_crt_len); } - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (strcmp(opt.key_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng); - } else -#endif - { ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); } - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.key_opaque != 0) { - psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; - psa_key_usage_t usage = 0; - - if (key_opaque_set_alg_usage(opt.key_opaque_alg1, - opt.key_opaque_alg2, - &psa_alg, &psa_alg2, - &usage, - mbedtls_pk_get_type(&pkey)) == 0) { - ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot); - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "mbedtls_pk_get_psa_attributes returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_printf(" ok (key type: %s)\n", - strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - mbedtls_pk_get_name(&pkey) : "none"); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - opt.transport, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* The default algorithms profile disables SHA-1, but our tests still - rely on it heavily. */ - if (opt.allow_sha1 > 0) { - crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1); - mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test); - mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test); - } - if (opt.context_crt_cb == 0) { - mbedtls_ssl_conf_verify(&conf, my_verify, NULL); - } - - memset(peer_crt_info, 0, sizeof(peer_crt_info)); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) { - if (opt.cid_enabled == 1 && - opt.cid_enabled_renego == 1 && - cid_len != cid_renego_len) { - mbedtls_printf("CID length must not change during renegotiation\n"); - goto usage; - } - - if (opt.cid_enabled == 1) { - ret = mbedtls_ssl_conf_cid(&conf, cid_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } else { - ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", - (unsigned int) -ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if (opt.auth_mode != DFL_AUTH_MODE) { - mbedtls_ssl_conf_authmode(&conf, opt.auth_mode); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) { - mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min, - opt.hs_to_max); - } - - if (opt.dgram_packing != DFL_DGRAM_PACKING) { - mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", - ret); - goto exit; - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - const mbedtls_ssl_srtp_profile forced_profile[] = - { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; - if (opt.use_srtp == 1) { - if (opt.force_srtp_profile != 0) { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile); - } else { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", - ret); - goto exit; - } - - } else if (opt.force_srtp_profile != 0) { - mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if (opt.extended_ms != DFL_EXTENDED_MS) { - mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms); - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (opt.etm != DFL_ETM) { - mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm); - } -#endif - -#if defined(MBEDTLS_DHM_C) - if (opt.dhmlen != DFL_DHMLEN) { - mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen); - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", - ret); - goto exit; - } - } -#endif - - if (opt.reproducible) { -#if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: reproducible option used without constant time\n"); -#endif -#endif /* MBEDTLS_HAVE_TIME */ - } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_session_tickets(&conf, opt.tickets); -#endif - - if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { - mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (opt.allow_legacy != DFL_ALLOW_LEGACY) { - mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy); - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (strcmp(opt.ca_path, "none") != 0 && - strcmp(opt.ca_file, "none") != 0) { -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (opt.ca_callback != 0) { - mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert); - } else -#endif - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - } - if (strcmp(opt.crt_file, "none") != 0 && - strcmp(opt.key_file, "none") != 0) { - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) - if (opt.groups != NULL && - strcmp(opt.groups, "default") != 0) { - mbedtls_ssl_conf_groups(&conf, group_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_opaque != 0) { - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, psk, psk_len, &slot); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n", - ret); - goto exit; - } - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (psk_len > 0) { - ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - - if (opt.min_version != DFL_MIN_VERSION) { - mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); - } - - if (opt.max_version != DFL_MAX_VERSION) { - mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version); - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (opt.early_data != DFL_EARLY_DATA) { - mbedtls_ssl_conf_early_data(&conf, opt.early_data); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.eap_tls != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation, - &eap_tls_keying); - } else if (opt.nss_keylog != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, - nss_keylog_export, - NULL); - } -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation, - &dtls_srtp_keying); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - status = psa_import_key(&attributes, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw), - &ecjpake_pw_slot); - if (status != PSA_SUCCESS) { - mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n", - status); - goto exit; - } - if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, - ecjpake_pw_slot)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n", - ret); - goto exit; - } - mbedtls_printf("using opaque password\n"); - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", - ret); - goto exit; - } - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.context_crt_cb == 1) { - mbedtls_ssl_set_verify(&ssl, my_verify, NULL); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - io_ctx.ssl = &ssl; - io_ctx.net = &server_fd; - mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb, - opt.nbio == 0 ? recv_timeout_cb : NULL); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled, - cid, cid_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.dtls_mtu != DFL_DTLS_MTU) { - mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu); - } -#endif - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (opt.ec_max_ops != DFL_EC_MAX_OPS) { - mbedtls_ecp_set_max_ops(opt.ec_max_ops); - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - if (opt.use_srtp != 0 && strlen(opt.mki) != 0) { - if (mbedtls_test_unhexify(mki, sizeof(mki), - opt.mki, &mki_len) != 0) { - mbedtls_printf("mki value not valid hex\n"); - goto exit; - } - - mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED); - if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki, - (uint16_t) strlen(opt.mki) / 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret); - goto exit; - } - } -#endif - - mbedtls_printf(" ok\n"); - - /* - * 3. Start the connection - */ - if (opt.server_addr == NULL) { - opt.server_addr = opt.server_name; - } - - mbedtls_printf(" . Connecting to %s/%s/%s...", - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp", - opt.server_addr, opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, - opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.nbio > 0) { - ret = mbedtls_net_set_nonblock(&server_fd); - } else { - ret = mbedtls_net_set_block(&server_fd); - } - if (ret != 0) { - mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", - (unsigned int) -ret); -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) { - mbedtls_printf( - " Unable to verify the server's certificate. " - "Either it is invalid,\n" - " or you didn't set ca_file or ca_path " - "to an appropriate value.\n" - " Alternatively, you may want to use " - "auth_mode=optional for testing purposes if " - "not using TLS 1.3.\n" - " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`" - "or other folder that has root certificates\n"); - - flags = mbedtls_ssl_get_verify_result(&ssl); - char vrfy_buf[512]; - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - mbedtls_printf("%s\n", vrfy_buf); - } -#endif - mbedtls_printf("\n"); - goto exit; - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - ret = idle(&server_fd, &timer, ret); -#else - ret = idle(&server_fd, ret); -#endif - if (ret != 0) { - goto exit; - } - } - } - - { - int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl); - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); - - mbedtls_printf(" ok\n [ Protocol is %s ]\n" - " [ Ciphersuite is %s ]\n" - " [ Key size is %u ]\n", - mbedtls_ssl_get_version(&ssl), - mbedtls_ssl_ciphersuite_get_name(ciphersuite_info), - (unsigned int) - mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info)); - } - - if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) { - mbedtls_printf(" [ Record expansion is %d ]\n", ret); - } else { - mbedtls_printf(" [ Record expansion is unknown ]\n"); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); - mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl)); -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl); - mbedtls_printf(" [ Application Layer Protocol is %s ]\n", - alp ? alp : "(none)"); - } -#endif - - if (opt.eap_tls != 0) { - size_t j = 0; - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, - eap_tls_keying.master_secret, - sizeof(eap_tls_keying.master_secret), - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_keymaterial, - sizeof(eap_tls_keymaterial))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" EAP-TLS key material is:"); - for (j = 0; j < sizeof(eap_tls_keymaterial); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_keymaterial[j]); - } - mbedtls_printf("\n"); - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0, - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_iv, - sizeof(eap_tls_iv))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" EAP-TLS IV is:"); - for (j = 0; j < sizeof(eap_tls_iv); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_iv[j]); - } - mbedtls_printf("\n"); - } - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - size_t j = 0; - mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; - mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result); - - if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile - == MBEDTLS_TLS_SRTP_UNSET) { - mbedtls_printf(" Unable to negotiate " - "the use of DTLS-SRTP\n"); - } else { - if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof(dtls_srtp_keying.master_secret), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof(dtls_srtp_keying.randbytes), - dtls_srtp_key_material, - sizeof(dtls_srtp_key_material))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" DTLS-SRTP key material is:"); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - /* produce a less readable output used to perform automatic checks - * - compare client and server output - * - interop test with openssl which client produces this kind of output - */ - mbedtls_printf(" Keying material: "); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - mbedtls_printf("%02X", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - if (dtls_srtp_negotiation_result.mki_len > 0) { - mbedtls_printf(" DTLS-SRTP mki value: "); - for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) { - mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]); - } - } else { - mbedtls_printf(" DTLS-SRTP no mki value negotiated"); - } - mbedtls_printf("\n"); - } - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - if (opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - mbedtls_printf(" . Saving session for reuse..."); - fflush(stdout); - - if (opt.reco_mode == 1) { - if ((ret = ssl_save_session_serialize(&ssl, - &session_data, &session_data_len)) != 0) { - mbedtls_printf(" failed\n ! ssl_save_session_serialize returned -0x%04x\n\n", - (unsigned int) -ret); - goto exit; - } - - } else { - if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - if (opt.reco_mode == 1) { - mbedtls_printf(" [ Saved %u bytes of session data]\n", - (unsigned) session_data_len); - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { - char vrfy_buf[512]; - mbedtls_printf(" failed\n"); - - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), - " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); - } else { - mbedtls_printf(" ok\n"); - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_printf(" . Peer certificate information ...\n"); - mbedtls_printf("%s\n", peer_crt_info); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "initial handshake"); - if (ret != 0) { - goto exit; - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego, - cid_renego, - cid_renego_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (opt.renegotiate) { - /* - * Perform renegotiation (this must be done when the server is waiting - * for input from our side). - */ - mbedtls_printf(" . Performing renegotiation..."); - fflush(stdout); - while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", - ret); - goto exit; - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - - } - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "after renegotiation"); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * 6. Write the GET request - */ - retry_left = opt.max_resend; -send_request: - mbedtls_printf(" > Write to server:"); - fflush(stdout); - - ret = build_http_request(buf, sizeof(buf) - 1, &len); - if (ret != 0) { - goto exit; - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - written = 0; - frags = 0; - - do { - while ((ret = mbedtls_ssl_write(&ssl, buf + written, - len - written)) < 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - frags++; - written += ret; - } while (written < len); - } else { /* Not stream, so datagram */ - while (1) { - ret = mbedtls_ssl_write(&ssl, buf, len); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", - ret); - goto exit; - } - - frags = 1; - written = ret; - - if (written < len) { - mbedtls_printf(" warning\n ! request didn't fit into single datagram and " - "was truncated to size %u", (unsigned) written); - } - } - - buf[written] = '\0'; - mbedtls_printf( - " %" MBEDTLS_PRINTF_SIZET " bytes written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n", - written, - frags, - (char *) buf); - - /* Send a non-empty request if request_size == 0 */ - if (len == 0) { - opt.request_size = DFL_REQUEST_SIZE; - goto send_request; - } - - /* - * 7. Read the HTTP response - */ - - /* - * TLS and DTLS need different reading styles (stream vs datagram) - */ - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - int ticket_id = 0; -#endif - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - ret = 0; - goto close_notify; - - case 0: - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" connection was reset by peer\n"); - ret = 0; - goto reconnect; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: - /* We were waiting for application data but got - * a NewSessionTicket instead. */ - mbedtls_printf(" got new session ticket ( %d ).\n", - ticket_id++); - if (opt.reconnect != 0) { - mbedtls_printf(" . Saving session for reuse..."); - fflush(stdout); - - if (opt.reco_mode == 1) { - if ((ret = ssl_save_session_serialize(&ssl, - &session_data, - &session_data_len)) != 0) { - mbedtls_printf( - " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n", - (unsigned int) -ret); - goto exit; - } - } else { - if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - if (opt.reco_mode == 1) { - mbedtls_printf(" [ Saved %u bytes of session data]\n", - (unsigned) session_data_len); - } - } - continue; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", - (unsigned int) -ret); - goto exit; - } - } - - len = ret; - buf[len] = '\0'; - mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s", - len, - (char *) buf); - fflush(stdout); - /* End of message should be detected according to the syntax of the - * application protocol (eg HTTP), just use a dummy test here. */ - if (ret > 0 && buf[len-1] == '\n') { - ret = 0; - break; - } - } while (1); - } else { /* Not stream, so datagram */ - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - - while (1) { - ret = mbedtls_ssl_read(&ssl, buf, len); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_TIMEOUT: - mbedtls_printf(" timeout\n"); - if (retry_left-- > 0) { - goto send_request; - } - goto exit; - - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - ret = 0; - goto close_notify; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - goto exit; - } - } - - len = ret; - buf[len] = '\0'; - mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s", - len, - (char *) buf); - ret = 0; - } - - /* - * 7b. Simulate hard reset and reconnect from same port? - */ - if (opt.reconnect_hard != 0) { - opt.reconnect_hard = 0; - - mbedtls_printf(" . Restarting connection from same port..."); - fflush(stdout); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - memset(peer_crt_info, 0, sizeof(peer_crt_info)); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - mbedtls_printf(" ok\n"); - - goto send_request; - } - - /* - * 7c. Simulate serialize/deserialize and go back to data exchange - */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (opt.serialize != 0) { - size_t buf_len; - - mbedtls_printf(" . Serializing live connection..."); - - ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) { - mbedtls_printf(" failed\n ! Couldn't allocate buffer for " - "serialized context"); - - goto exit; - } - context_buf_len = buf_len; - - if ((ret = mbedtls_ssl_context_save(&ssl, context_buf, - buf_len, &buf_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* Save serialized context to the 'opt.context_file' as a base64 code */ - if (0 < strlen(opt.context_file)) { - FILE *b64_file; - uint8_t *b64_buf; - size_t b64_len; - - mbedtls_printf(" . Save serialized context to a file... "); - - mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); - - if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) { - mbedtls_printf("failed\n ! Couldn't allocate buffer for " - "the base64 code\n"); - goto exit; - } - - if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len, - context_buf, buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_base64_encode returned " - "-0x%x\n", (unsigned int) -ret); - mbedtls_free(b64_buf); - goto exit; - } - - if ((b64_file = fopen(opt.context_file, "w")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n", - opt.context_file); - mbedtls_free(b64_buf); - goto exit; - } - - if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) { - mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n", - (long) b64_len); - mbedtls_free(b64_buf); - fclose(b64_file); - goto exit; - } - - mbedtls_free(b64_buf); - fclose(b64_file); - - mbedtls_printf("ok\n"); - } - - if (opt.serialize == 1) { - /* nothing to do here, done by context_save() already */ - mbedtls_printf(" . Context has been reset... ok\n"); - } - - if (opt.serialize == 2) { - mbedtls_printf(" . Freeing and reinitializing context..."); - - mbedtls_ssl_free(&ssl); - - mbedtls_ssl_init(&ssl); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned " - "-0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - if (opt.nbio == 2) { - mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send, - delayed_recv, NULL); - } else { - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, - mbedtls_net_recv, - opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL); - } - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif /* MBEDTLS_TIMING_C */ - - mbedtls_printf(" ok\n"); - } - - mbedtls_printf(" . Deserializing connection..."); - - if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, - buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_free(context_buf); - context_buf = NULL; - context_buf_len = 0; - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - - /* - * 7d. Continue doing data exchanges? - */ - if (--opt.exchanges > 0) { - goto send_request; - } - - /* - * 8. Done, cleanly close the connection - */ -close_notify: - mbedtls_printf(" . Closing the connection..."); - fflush(stdout); - - /* - * Most of the time sending a close_notify before closing is the right - * thing to do. However, when the server already knows how many messages - * are expected and closes the connection by itself, this alert becomes - * redundant. Sometimes with DTLS this redundancy becomes a problem by - * leading to a race condition where the server might close the connection - * before seeing the alert, and since UDP is connection-less when the - * alert arrives it will be seen as a new connection, which will fail as - * the alert is clearly not a valid ClientHello. This may cause spurious - * failures in tests that use DTLS and resumption with ssl_server2 in - * ssl-opt.sh, avoided by enabling skip_close_notify client-side. - */ - if (opt.skip_close_notify == 0) { - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - } - - mbedtls_printf(" done\n"); - - /* - * 9. Reconnect? - */ -reconnect: - if (opt.reconnect != 0) { - --opt.reconnect; - - mbedtls_net_free(&server_fd); - -#if defined(MBEDTLS_TIMING_C) - if (opt.reco_delay > 0) { - mbedtls_net_usleep(1000 * opt.reco_delay); - } -#endif - - mbedtls_printf(" . Reconnecting with saved session..."); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - memset(peer_crt_info, 0, sizeof(peer_crt_info)); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.reco_mode == 1) { - if ((ret = mbedtls_ssl_session_load(&saved_session, - session_data, - session_data_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (opt.reco_server_name != NULL && - (ret = mbedtls_ssl_set_hostname(&ssl, - opt.reco_server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; - } -#endif - - if ((ret = mbedtls_net_connect(&server_fd, - opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.nbio > 0) { - ret = mbedtls_net_set_nonblock(&server_fd); - } else { - ret = mbedtls_net_set_block(&server_fd); - } - if (ret != 0) { - mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - ret = build_http_request(buf, sizeof(buf) - 1, &len); - if (ret != 0) { - goto exit; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl.conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - frags = 0; - written = 0; - do { - while ((ret = mbedtls_ssl_write_early_data(&ssl, buf + written, - len - written)) < 0) { - if (ret == MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { - goto end_of_early_data; - } - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - frags++; - written += ret; - } while (written < len); - -end_of_early_data: - - buf[written] = '\0'; - mbedtls_printf( - " %" MBEDTLS_PRINTF_SIZET " bytes of early data written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n", - written, - frags, - (char *) buf); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - goto send_request; - } - - /* - * Cleanup and exit - */ -exit: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf); - } -#endif - - mbedtls_net_free(&server_fd); - - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_session_free(&saved_session); - - if (session_data != NULL) { - mbedtls_platform_zeroize(session_data, session_data_len); - } - mbedtls_free(session_data); -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_platform_zeroize(context_buf, context_buf_len); - } - mbedtls_free(context_buf); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_free(&clicert); - mbedtls_x509_crt_free(&cacert); - mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(key_slot); -#endif -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_opaque != 0) { - /* This is ok even if the slot hasn't been - * initialized (we might have jumed here - * immediately because of bad cmd line params, - * for example). */ - status = psa_destroy_key(slot); - if ((status != PSA_SUCCESS) && - (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) { - mbedtls_printf("Failed to destroy key slot %u - error was %d", - (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot), - (int) status); - if (ret == 0) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - /* - * In case opaque keys it's the user responsibility to keep the key valid - * for the duration of the handshake and destroy it at the end - */ - if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) { - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* Verify that the key is still valid before destroying it */ - if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) != - PSA_SUCCESS) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n"); - } else { - psa_destroy_key(ecjpake_pw_slot); - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - const char *message = mbedtls_test_helper_is_psa_leaking(); - if (message) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("PSA memory leak detected: %s\n", message); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ - !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); - -#if defined(MBEDTLS_TEST_HOOKS) - if (test_hooks_failure_detected()) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("Test hooks detected errors.\n"); - } - test_hooks_free(); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - mbedtls_memory_buffer_alloc_free(); -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - - // Shell can not handle large exit numbers -> 1 for errors - if (ret < 0) { - ret = 1; - } - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_exit(ret); - } else { - mbedtls_exit(query_config_ret); - } -} -#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c deleted file mode 100644 index cbe9c6dcc..000000000 --- a/programs/ssl/ssl_context_info.c +++ /dev/null @@ -1,1008 +0,0 @@ -/* - * Mbed TLS SSL context deserializer from base64 code - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" -#include "mbedtls/debug.h" -#include "mbedtls/platform.h" - -#include -#include - -#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \ - !defined(MBEDTLS_SSL_TLS_C) -int main(void) -{ - printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or " - "MBEDTLS_SSL_TLS_C not defined.\n"); - return 0; -} -#else - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#include -#include -#include -#if defined(MBEDTLS_HAVE_TIME) -#include -#endif -#include "mbedtls/ssl.h" -#include "mbedtls/error.h" -#include "mbedtls/base64.h" -#include "mbedtls/md.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/ssl_ciphersuites.h" - -/* - * This program version - */ -#define PROG_NAME "ssl_context_info" -#define VER_MAJOR 0 -#define VER_MINOR 1 - -/* - * Flags copied from the Mbed TLS library. - */ -#define SESSION_CONFIG_TIME_BIT (1 << 0) -#define SESSION_CONFIG_CRT_BIT (1 << 1) -#define SESSION_CONFIG_CLIENT_TICKET_BIT (1 << 2) -#define SESSION_CONFIG_MFL_BIT (1 << 3) -#define SESSION_CONFIG_TRUNC_HMAC_BIT (1 << 4) -#define SESSION_CONFIG_ETM_BIT (1 << 5) -#define SESSION_CONFIG_TICKET_BIT (1 << 6) - -#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT (1 << 0) -#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT (1 << 1) -#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT (1 << 2) -#define CONTEXT_CONFIG_ALPN_BIT (1 << 3) - -#define TRANSFORM_RANDBYTE_LEN 64 - -/* - * Minimum and maximum number of bytes for specific data: context, sessions, - * certificates, tickets and buffers in the program. The context and session - * size values have been calculated based on the 'print_deserialized_ssl_context()' - * and 'print_deserialized_ssl_session()' content. - */ -#define MIN_CONTEXT_LEN 84 -#define MIN_SESSION_LEN 88 - -#define MAX_CONTEXT_LEN 875 /* without session data */ -#define MAX_SESSION_LEN 109 /* without certificate and ticket data */ -#define MAX_CERTIFICATE_LEN ((1 << 24) - 1) -#define MAX_TICKET_LEN ((1 << 24) - 1) - -#define MIN_SERIALIZED_DATA (MIN_CONTEXT_LEN + MIN_SESSION_LEN) -#define MAX_SERIALIZED_DATA (MAX_CONTEXT_LEN + MAX_SESSION_LEN + \ - MAX_CERTIFICATE_LEN + MAX_TICKET_LEN) - -#define MIN_BASE64_LEN (MIN_SERIALIZED_DATA * 4 / 3) -#define MAX_BASE64_LEN (MAX_SERIALIZED_DATA * 4 / 3 + 3) - -/* - * A macro that prevents from reading out of the ssl buffer range. - */ -#define CHECK_SSL_END(LEN) \ - do \ - { \ - if (end - ssl < (int) (LEN)) \ - { \ - printf_err("%s", buf_ln_err); \ - return; \ - } \ - } while (0) - -/* - * Global values - */ -FILE *b64_file = NULL; /* file with base64 codes to deserialize */ -char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */ -char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */ -char debug = 0; /* flag for debug messages */ -const char alloc_err[] = "Cannot allocate memory\n"; -const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n"; - -/* - * Basic printing functions - */ -static void print_version(void) -{ - printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR); -} - -static void print_usage(void) -{ - print_version(); - printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n" - "in the text file. The program can deserialize many codes from one file, but they must be\n" - "separated, e.g. by a newline.\n\n"); - printf( - "Usage:\n" - "\t-f path - Path to the file with base64 code\n" - "\t-v - Show version\n" - "\t-h - Show this usage\n" - "\t-d - Print more information\n" - "\t--keep-peer-cert=0 - Use this option if you know that the Mbed TLS library\n" - "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n" - "\t flag. You can also use it if there are some problems with reading\n" - "\t the information about certificate\n" - "\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n" - "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n" - "\n" - ); -} - -static void printf_dbg(const char *str, ...) -{ - if (debug) { - va_list args; - va_start(args, str); - printf("debug: "); - vprintf(str, args); - fflush(stdout); - va_end(args); - } -} - -MBEDTLS_PRINTF_ATTRIBUTE(1, 2) -static void printf_err(const char *str, ...) -{ - va_list args; - va_start(args, str); - fflush(stdout); - fprintf(stderr, "ERROR: "); - vfprintf(stderr, str, args); - fflush(stderr); - va_end(args); -} - -/* - * Exit from the program in case of error - */ -static void error_exit(void) -{ - if (NULL != b64_file) { - fclose(b64_file); - } - exit(-1); -} - -/* - * This function takes the input arguments of this program - */ -static void parse_arguments(int argc, char *argv[]) -{ - int i = 1; - - if (argc < 2) { - print_usage(); - error_exit(); - } - - while (i < argc) { - if (strcmp(argv[i], "-d") == 0) { - debug = 1; - } else if (strcmp(argv[i], "-h") == 0) { - print_usage(); - } else if (strcmp(argv[i], "-v") == 0) { - print_version(); - } else if (strcmp(argv[i], "-f") == 0) { - if (++i >= argc) { - printf_err("File path is empty\n"); - error_exit(); - } - - if (NULL != b64_file) { - printf_err("Cannot specify more than one file with -f\n"); - error_exit(); - } - - if ((b64_file = fopen(argv[i], "r")) == NULL) { - printf_err("Cannot find file \"%s\"\n", argv[i]); - error_exit(); - } - } else if (strcmp(argv[i], "--keep-peer-cert=0") == 0) { - conf_keep_peer_certificate = 0; - } else if (strcmp(argv[i], "--dtls-protocol=0") == 0) { - conf_dtls_proto = 0; - } else { - print_usage(); - error_exit(); - } - - i++; - } -} - -/* - * This function prints base64 code to the stdout - */ -static void print_b64(const uint8_t *b, size_t len) -{ - size_t i = 0; - const uint8_t *end = b + len; - printf("\t"); - while (b < end) { - if (++i > 75) { - printf("\n\t"); - i = 0; - } - printf("%c", *b++); - } - printf("\n"); - fflush(stdout); -} - -/* - * This function prints hex code from the buffer to the stdout. - * - * /p b buffer with data to print - * /p len number of bytes to print - * /p in_line number of bytes in one line - * /p prefix prefix for the new lines - */ -static void print_hex(const uint8_t *b, size_t len, - const size_t in_line, const char *prefix) -{ - size_t i = 0; - const uint8_t *end = b + len; - - if (prefix == NULL) { - prefix = ""; - } - - while (b < end) { - if (++i > in_line) { - printf("\n%s", prefix); - i = 1; - } - printf("%02X ", (uint8_t) *b++); - } - printf("\n"); - fflush(stdout); -} - -/* - * Print the value of time_t in format e.g. 2020-01-23 13:05:59 - */ -static void print_time(const uint64_t *time) -{ -#if defined(MBEDTLS_HAVE_TIME) - char buf[20]; - struct tm *t = gmtime((time_t *) time); - static const char format[] = "%Y-%m-%d %H:%M:%S"; - if (NULL != t) { - strftime(buf, sizeof(buf), format, t); - printf("%s\n", buf); - } else { - printf("unknown\n"); - } -#else - (void) time; - printf("not supported\n"); -#endif -} - -/* - * Print the input string if the bit is set in the value - */ -static void print_if_bit(const char *str, int bit, int val) -{ - if (bit & val) { - printf("\t%s\n", str); - } -} - -/* - * Return pointer to hardcoded "enabled" or "disabled" depending on the input value - */ -static const char *get_enabled_str(int is_en) -{ - return (is_en) ? "enabled" : "disabled"; -} - -/* - * Return pointer to hardcoded MFL string value depending on the MFL code at the input - */ -static const char *get_mfl_str(int mfl_code) -{ - switch (mfl_code) { - case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return "none"; - case MBEDTLS_SSL_MAX_FRAG_LEN_512: - return "512"; - case MBEDTLS_SSL_MAX_FRAG_LEN_1024: - return "1024"; - case MBEDTLS_SSL_MAX_FRAG_LEN_2048: - return "2048"; - case MBEDTLS_SSL_MAX_FRAG_LEN_4096: - return "4096"; - default: - return "error"; - } -} - -/* - * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened - * previously. After each call to this function, the internal file position - * indicator of the global b64_file is advanced. - * - * Note - This function checks the size of the input buffer and if necessary, - * increases it to the maximum MAX_BASE64_LEN - * - * /p b64 pointer to the pointer of the buffer for input data - * /p max_len pointer to the current buffer capacity. It can be changed if - * the buffer needs to be increased - * - * \retval number of bytes written in to the b64 buffer or 0 in case no more - * data was found - */ -static size_t read_next_b64_code(uint8_t **b64, size_t *max_len) -{ - int valid_balance = 0; /* balance between valid and invalid characters */ - size_t len = 0; - char pad = 0; - int c = 0; - - while (EOF != c) { - char c_valid = 0; - - c = fgetc(b64_file); - - if (pad > 0) { - if (c == '=' && pad == 1) { - c_valid = 1; - pad = 2; - } - } else if ((c >= 'A' && c <= 'Z') || - (c >= 'a' && c <= 'z') || - (c >= '0' && c <= '9') || - c == '+' || c == '/') { - c_valid = 1; - } else if (c == '=') { - c_valid = 1; - pad = 1; - } else if (c == '-') { - c = '+'; - c_valid = 1; - } else if (c == '_') { - c = '/'; - c_valid = 1; - } - - if (c_valid) { - /* A string of characters that could be a base64 code. */ - valid_balance++; - - if (len < *max_len) { - (*b64)[len++] = c; - } else if (*max_len < MAX_BASE64_LEN) { - /* Current buffer is too small, but can be resized. */ - void *ptr; - size_t new_size = (MAX_BASE64_LEN - 4096 > *max_len) ? - *max_len + 4096 : MAX_BASE64_LEN; - - ptr = realloc(*b64, new_size); - if (NULL == ptr) { - printf_err(alloc_err); - return 0; - } - *b64 = ptr; - *max_len = new_size; - (*b64)[len++] = c; - } else { - /* Too much data so it will be treated as invalid */ - len++; - } - } else if (len > 0) { - /* End of a string that could be a base64 code, but need to check - * that the length of the characters is correct. */ - - valid_balance--; - - if (len < MIN_CONTEXT_LEN) { - printf_dbg("The code found is too small to be a SSL context.\n"); - len = pad = 0; - } else if (len > *max_len) { - printf_err("The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n", - len - *max_len); - len = pad = 0; - } else if (len % 4 != 0) { - printf_err("The length of the base64 code found should be a multiple of 4.\n"); - len = pad = 0; - } else { - /* Base64 code with valid character length. */ - return len; - } - } else { - valid_balance--; - } - - /* Detection of potentially wrong file format like: binary, zip, ISO, etc. */ - if (valid_balance < -100) { - printf_err("Too many bad symbols detected. File check aborted.\n"); - return 0; - } - } - - printf_dbg("End of file\n"); - return 0; -} - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * This function deserializes and prints to the stdout all obtained information - * about the certificates from provided data. - * - * /p ssl pointer to serialized certificate - * /p len number of bytes in the buffer - */ -static void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) -{ - enum { STRLEN = 4096 }; - mbedtls_x509_crt crt; - int ret; - char str[STRLEN]; - - printf("\nCertificate:\n"); - - mbedtls_x509_crt_init(&crt); - ret = mbedtls_x509_crt_parse_der(&crt, ssl, len); - if (0 != ret) { - mbedtls_strerror(ret, str, STRLEN); - printf_err("Invalid format of X.509 - %s\n", str); - printf("Cannot deserialize:\n\t"); - print_hex(ssl, len, 25, "\t"); - } else { - mbedtls_x509_crt *current = &crt; - - while (current != NULL) { - ret = mbedtls_x509_crt_info(str, STRLEN, "\t", current); - if (0 > ret) { - mbedtls_strerror(ret, str, STRLEN); - printf_err("Cannot write to the output - %s\n", str); - } else { - printf("%s", str); - } - - current = current->next; - - if (current) { - printf("\n"); - } - - } - } - - mbedtls_x509_crt_free(&crt); -} -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/* - * This function deserializes and prints to the stdout all obtained information - * about the session from provided data. This function was built based on - * mbedtls_ssl_session_load(). mbedtls_ssl_session_load() could not be used - * due to dependencies on the mbedTLS configuration. - * - * The data structure in the buffer: - * uint64 start_time; - * uint8 ciphersuite[2]; // defined by the standard - * uint8 compression; // 0 or 1 - * uint8 session_id_len; // at most 32 - * opaque session_id[32]; - * opaque master[48]; // fixed length in the standard - * uint32 verify_result; - * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert - * opaque ticket<0..2^24-1>; // length 0 means no ticket - * uint32 ticket_lifetime; - * uint8 mfl_code; // up to 255 according to standard - * uint8 trunc_hmac; // 0 or 1 - * uint8 encrypt_then_mac; // 0 or 1 - * - * /p ssl pointer to serialized session - * /p len number of bytes in the buffer - * /p session_cfg_flag session configuration flags - */ -static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, - int session_cfg_flag) -{ - const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info; - int ciphersuite_id; - uint32_t cert_len, ticket_len; - uint32_t verify_result, ticket_lifetime; - const uint8_t *end = ssl + len; - - printf("\nSession info:\n"); - - if (session_cfg_flag & SESSION_CONFIG_TIME_BIT) { - uint64_t start; - CHECK_SSL_END(8); - start = ((uint64_t) ssl[0] << 56) | - ((uint64_t) ssl[1] << 48) | - ((uint64_t) ssl[2] << 40) | - ((uint64_t) ssl[3] << 32) | - ((uint64_t) ssl[4] << 24) | - ((uint64_t) ssl[5] << 16) | - ((uint64_t) ssl[6] << 8) | - ((uint64_t) ssl[7]); - ssl += 8; - printf("\tstart time : "); - print_time(&start); - } - - CHECK_SSL_END(2); - ciphersuite_id = ((int) ssl[0] << 8) | (int) ssl[1]; - printf_dbg("Ciphersuite ID: %d\n", ciphersuite_id); - ssl += 2; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if (ciphersuite_info == NULL) { - printf_err("Cannot find ciphersuite info\n"); - } else { -#if defined(MBEDTLS_MD_C) - const mbedtls_md_info_t *md_info; -#endif - - printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); - printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); - -#if defined(MBEDTLS_CIPHER_C) - const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher)); - if (cipher_info == NULL) { - printf_err("Cannot find cipher info\n"); - } else { - printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } -#else /* MBEDTLS_CIPHER_C */ - printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); -#endif /* MBEDTLS_CIPHER_C */ - -#if defined(MBEDTLS_MD_C) - md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); - if (md_info == NULL) { - printf_err("Cannot find Message-Digest info\n"); - } else { - printf("\tMessage-Digest : %s\n", mbedtls_md_get_name(md_info)); - } -#endif /* MBEDTLS_MD_C */ - } - - CHECK_SSL_END(1); - printf("\tcompression : %s\n", get_enabled_str(*ssl++)); - - /* Note - Here we can get session ID length from serialized data, but we - * use hardcoded 32-bytes length. This approach was taken from - * 'mbedtls_ssl_session_load()'. */ - CHECK_SSL_END(1 + 32); - printf_dbg("Session id length: %u\n", (uint32_t) *ssl++); - printf("\tsession ID : "); - print_hex(ssl, 32, 16, "\t "); - ssl += 32; - - printf("\tmaster secret : "); - CHECK_SSL_END(48); - print_hex(ssl, 48, 16, "\t "); - ssl += 48; - - CHECK_SSL_END(4); - verify_result = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf("\tverify result : 0x%08X\n", verify_result); - - if (SESSION_CONFIG_CRT_BIT & session_cfg_flag) { - if (conf_keep_peer_certificate) { - CHECK_SSL_END(3); - cert_len = ((uint32_t) ssl[0] << 16) | - ((uint32_t) ssl[1] << 8) | - ((uint32_t) ssl[2]); - ssl += 3; - printf_dbg("Certificate length: %u\n", cert_len); - - if (cert_len > 0) { - CHECK_SSL_END(cert_len); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - print_deserialized_ssl_cert(ssl, cert_len); -#endif - ssl += cert_len; - } - } else { - printf("\tPeer digest : "); - - CHECK_SSL_END(1); - switch ((mbedtls_md_type_t) *ssl++) { - case MBEDTLS_MD_NONE: - printf("none\n"); - break; - case MBEDTLS_MD_MD5: - printf("MD5\n"); - break; - case MBEDTLS_MD_SHA1: - printf("SHA1\n"); - break; - case MBEDTLS_MD_SHA224: - printf("SHA224\n"); - break; - case MBEDTLS_MD_SHA256: - printf("SHA256\n"); - break; - case MBEDTLS_MD_SHA384: - printf("SHA384\n"); - break; - case MBEDTLS_MD_SHA512: - printf("SHA512\n"); - break; - case MBEDTLS_MD_RIPEMD160: - printf("RIPEMD160\n"); - break; - default: - printf("undefined or erroneous\n"); - break; - } - - CHECK_SSL_END(1); - cert_len = (uint32_t) *ssl++; - printf_dbg("Message-Digest length: %u\n", cert_len); - - if (cert_len > 0) { - printf("\tPeer digest cert : "); - CHECK_SSL_END(cert_len); - print_hex(ssl, cert_len, 16, "\t "); - ssl += cert_len; - } - } - } - - if (SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag) { - printf("\nTicket:\n"); - - CHECK_SSL_END(3); - ticket_len = ((uint32_t) ssl[0] << 16) | - ((uint32_t) ssl[1] << 8) | - ((uint32_t) ssl[2]); - ssl += 3; - printf_dbg("Ticket length: %u\n", ticket_len); - - if (ticket_len > 0) { - printf("\t"); - CHECK_SSL_END(ticket_len); - print_hex(ssl, ticket_len, 22, "\t"); - ssl += ticket_len; - printf("\n"); - } - - CHECK_SSL_END(4); - ticket_lifetime = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf("\tlifetime : %u sec.\n", ticket_lifetime); - } - - if (ssl < end) { - printf("\nSession others:\n"); - } - - if (SESSION_CONFIG_MFL_BIT & session_cfg_flag) { - CHECK_SSL_END(1); - printf("\tMFL : %s\n", get_mfl_str(*ssl++)); - } - - if (SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag) { - CHECK_SSL_END(1); - printf("\tnegotiate truncated HMAC : %s\n", get_enabled_str(*ssl++)); - } - - if (SESSION_CONFIG_ETM_BIT & session_cfg_flag) { - CHECK_SSL_END(1); - printf("\tEncrypt-then-MAC : %s\n", get_enabled_str(*ssl++)); - } - - if (0 != (end - ssl)) { - printf_err("%i bytes left to analyze from session\n", (int32_t) (end - ssl)); - } -} - -/* - * This function deserializes and prints to the stdout all obtained information - * about the context from provided data. This function was built based on - * mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used - * due to dependencies on the mbedTLS configuration and the configuration of - * the context when serialization was created. - * - * The data structure in the buffer: - * // header - * uint8 version[3]; - * uint8 configuration[5]; - * // session sub-structure - * uint32_t session_len; - * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save() - * // transform sub-structure - * uint8 random[64]; // ServerHello.random+ClientHello.random - * uint8 in_cid_len; - * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value - * uint8 out_cid_len; - * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use - * // fields from ssl_context - * uint32 badmac_seen; // DTLS: number of records with failing MAC - * uint64 in_window_top; // DTLS: last validated record seq_num - * uint64 in_window; // DTLS: bitmask for replay protection - * uint8 disable_datagram_packing; // DTLS: only one record per datagram - * uint64 cur_out_ctr; // Record layer: outgoing sequence number - * uint16 mtu; // DTLS: path mtu (max outgoing fragment size) - * uint8 alpn_chosen_len; - * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol - * - * /p ssl pointer to serialized session - * /p len number of bytes in the buffer - */ -static void print_deserialized_ssl_context(const uint8_t *ssl, size_t len) -{ - const uint8_t *end = ssl + len; - uint32_t session_len; - int session_cfg_flag; - int context_cfg_flag; - - printf("\nMbed TLS version:\n"); - - CHECK_SSL_END(3 + 2 + 3); - - printf("\tmajor %u\n", (uint32_t) *ssl++); - printf("\tminor %u\n", (uint32_t) *ssl++); - printf("\tpath %u\n", (uint32_t) *ssl++); - - printf("\nEnabled session and context configuration:\n"); - - session_cfg_flag = ((int) ssl[0] << 8) | ((int) ssl[1]); - ssl += 2; - - context_cfg_flag = ((int) ssl[0] << 16) | - ((int) ssl[1] << 8) | - ((int) ssl[2]); - ssl += 3; - - printf_dbg("Session config flags 0x%04X\n", session_cfg_flag); - printf_dbg("Context config flags 0x%06X\n", context_cfg_flag); - - print_if_bit("MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_SESSION_TICKETS and client", - SESSION_CONFIG_CLIENT_TICKET_BIT, - session_cfg_flag); - - print_if_bit("MBEDTLS_SSL_DTLS_CONNECTION_ID", - CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, - context_cfg_flag); - print_if_bit("MBEDTLS_SSL_DTLS_ANTI_REPLAY", - CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, - context_cfg_flag); - print_if_bit("MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag); - - CHECK_SSL_END(4); - session_len = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf_dbg("Session length %u\n", session_len); - - CHECK_SSL_END(session_len); - print_deserialized_ssl_session(ssl, session_len, session_cfg_flag); - ssl += session_len; - - printf("\nRandom bytes:\n\t"); - - CHECK_SSL_END(TRANSFORM_RANDBYTE_LEN); - print_hex(ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t"); - ssl += TRANSFORM_RANDBYTE_LEN; - - printf("\nContext others:\n"); - - if (CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag) { - uint8_t cid_len; - - CHECK_SSL_END(1); - cid_len = *ssl++; - printf_dbg("In CID length %u\n", (uint32_t) cid_len); - - printf("\tin CID : "); - if (cid_len > 0) { - CHECK_SSL_END(cid_len); - print_hex(ssl, cid_len, 20, "\t"); - ssl += cid_len; - } else { - printf("none\n"); - } - - CHECK_SSL_END(1); - cid_len = *ssl++; - printf_dbg("Out CID length %u\n", (uint32_t) cid_len); - - printf("\tout CID : "); - if (cid_len > 0) { - CHECK_SSL_END(cid_len); - print_hex(ssl, cid_len, 20, "\t"); - ssl += cid_len; - } else { - printf("none\n"); - } - } - - if (CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag) { - uint32_t badmac_seen; - - CHECK_SSL_END(4); - badmac_seen = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf("\tbad MAC seen number : %u\n", badmac_seen); - - /* value 'in_window_top' from mbedtls_ssl_context */ - printf("\tlast validated record sequence no. : "); - CHECK_SSL_END(8); - print_hex(ssl, 8, 20, ""); - ssl += 8; - - /* value 'in_window' from mbedtls_ssl_context */ - printf("\tbitmask for replay detection : "); - CHECK_SSL_END(8); - print_hex(ssl, 8, 20, ""); - ssl += 8; - } - - if (conf_dtls_proto) { - CHECK_SSL_END(1); - printf("\tDTLS datagram packing : %s\n", - get_enabled_str(!(*ssl++))); - } - - /* value 'cur_out_ctr' from mbedtls_ssl_context */ - printf("\toutgoing record sequence no. : "); - CHECK_SSL_END(8); - print_hex(ssl, 8, 20, ""); - ssl += 8; - - if (conf_dtls_proto) { - uint16_t mtu; - CHECK_SSL_END(2); - mtu = (ssl[0] << 8) | ssl[1]; - ssl += 2; - printf("\tMTU : %u\n", mtu); - } - - - if (CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag) { - uint8_t alpn_len; - - CHECK_SSL_END(1); - alpn_len = *ssl++; - printf_dbg("ALPN length %u\n", (uint32_t) alpn_len); - - printf("\tALPN negotiation : "); - CHECK_SSL_END(alpn_len); - if (alpn_len > 0) { - if (strlen((const char *) ssl) == alpn_len) { - printf("%s\n", ssl); - } else { - printf("\n"); - printf_err("\tALPN negotiation is incorrect\n"); - } - ssl += alpn_len; - } else { - printf("not selected\n"); - } - } - - if (0 != (end - ssl)) { - printf_err("%i bytes left to analyze from context\n", (int32_t) (end - ssl)); - } - printf("\n"); -} - -int main(int argc, char *argv[]) -{ - enum { SSL_INIT_LEN = 4096 }; - - uint32_t b64_counter = 0; - uint8_t *b64_buf = NULL; - uint8_t *ssl_buf = NULL; - size_t b64_max_len = SSL_INIT_LEN; - size_t ssl_max_len = SSL_INIT_LEN; - size_t ssl_len = 0; - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - /* The 'b64_file' is opened when parsing arguments to check that the - * file name is correct */ - parse_arguments(argc, argv); - - if (NULL != b64_file) { - b64_buf = malloc(SSL_INIT_LEN); - ssl_buf = malloc(SSL_INIT_LEN); - - if (NULL == b64_buf || NULL == ssl_buf) { - printf_err(alloc_err); - fclose(b64_file); - b64_file = NULL; - } - } - - while (NULL != b64_file) { - size_t b64_len = read_next_b64_code(&b64_buf, &b64_max_len); - if (b64_len > 0) { - int ret; - size_t ssl_required_len = b64_len * 3 / 4 + 1; - - /* Allocate more memory if necessary. */ - if (ssl_required_len > ssl_max_len) { - void *ptr = realloc(ssl_buf, ssl_required_len); - if (NULL == ptr) { - printf_err(alloc_err); - fclose(b64_file); - b64_file = NULL; - break; - } - ssl_buf = ptr; - ssl_max_len = ssl_required_len; - } - - printf("\nDeserializing number %u:\n", ++b64_counter); - - printf("\nBase64 code:\n"); - print_b64(b64_buf, b64_len); - - ret = mbedtls_base64_decode(ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len); - if (ret != 0) { - mbedtls_strerror(ret, (char *) b64_buf, b64_max_len); - printf_err("base64 code cannot be decoded - %s\n", b64_buf); - continue; - } - - if (debug) { - printf("\nDecoded data in hex:\n\t"); - print_hex(ssl_buf, ssl_len, 25, "\t"); - } - - print_deserialized_ssl_context(ssl_buf, ssl_len); - - } else { - fclose(b64_file); - b64_file = NULL; - } - } - - free(b64_buf); - free(ssl_buf); - - if (b64_counter > 0) { - printf_dbg("Finished. Found %u base64 codes\n", b64_counter); - } else { - printf("Finished. No valid base64 code found\n"); - } - - mbedtls_psa_crypto_free(); - - return 0; -} - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c deleted file mode 100644 index 1bd18c1f1..000000000 --- a/programs/ssl/ssl_fork_server.c +++ /dev/null @@ -1,376 +0,0 @@ -/* - * SSL server demonstration program using fork() for handling multiple clients - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#elif defined(_WIN32) -int main(void) -{ - mbedtls_printf("_WIN32 defined. This application requires fork() and signals " - "to work correctly.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "test/certs.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/timing.h" - -#include -#include - -#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32) -#include -#endif - -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" - -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret = 1, len, cnt = 0, pid; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context listen_fd, client_fd; - unsigned char buf[1024]; - const char *pers = "ssl_fork_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pkey); - mbedtls_x509_crt_init(&srvcert); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - signal(SIGCHLD, SIG_IGN); - - /* - * 0. Initial seeding of the RNG - */ - mbedtls_printf("\n . Initial seeding of the random generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1. Load the certificates and private RSA key - */ - mbedtls_printf(" . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1b. Prepare SSL configuration - */ - mbedtls_printf(" . Configuring SSL..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - mbedtls_printf(" failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on https://localhost:4433/ ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - while (1) { - /* - * 3. Wait until a client connects - */ - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - - mbedtls_printf(" . Waiting for a remote connection ...\n"); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* - * 3.5. Forking server thread - */ - - mbedtls_printf(" . Forking to handle connection ..."); - fflush(stdout); - - pid = fork(); - - if (pid < 0) { - mbedtls_printf(" failed! fork returned %d\n\n", pid); - goto exit; - } - - if (pid != 0) { - mbedtls_printf(" ok\n"); - mbedtls_net_close(&client_fd); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "parent", - 6)) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret); - goto exit; - } - - continue; - } - - mbedtls_net_close(&listen_fd); - - pid = getpid(); - - /* - * 4. Setup stuff - */ - mbedtls_printf("pid %d: Setting up the SSL data.\n", pid); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "child", - 5)) != 0) { - mbedtls_printf( - "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n", - pid, ret); - goto exit; - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf( - "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n", - pid, ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - mbedtls_printf("pid %d: SSL setup ok\n", pid); - - /* - * 5. Handshake - */ - mbedtls_printf("pid %d: Performing the SSL/TLS handshake.\n", pid); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf( - "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n", - pid, ret); - goto exit; - } - } - - mbedtls_printf("pid %d: SSL handshake ok\n", pid); - fflush(stdout); - - /* - * 6. Read the HTTP Request - */ - mbedtls_printf("pid %d: Start reading from client.\n", pid); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf("pid %d: connection was closed gracefully\n", pid); - break; - - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf("pid %d: connection was reset by peer\n", pid); - break; - - default: - mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret); - break; - } - fflush(stdout); - - break; - } - - len = ret; - mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf); - fflush(stdout); - - if (ret > 0) { - break; - } - } while (1); - - /* - * 7. Write the 200 Response - */ - mbedtls_printf("pid %d: Start writing to client.\n", pid); - fflush(stdout); - - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - while (cnt++ < 10) { - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf( - "pid %d: Write failed! peer closed the connection\n\n", pid); - goto exit; - } - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf( - "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n", - pid, ret); - goto exit; - } - } - len = ret; - mbedtls_printf("pid %d: %d bytes written (cnt=%d)\n\n%s\n", - pid, len, cnt, (char *) buf); - fflush(stdout); - - mbedtls_net_usleep(1000000); - } - - mbedtls_ssl_close_notify(&ssl); - mbedtls_printf("pid %d: shutting down\n", pid); - fflush(stdout); - goto exit; - } - -exit: - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && - MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C && - ! _WIN32 */ diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c deleted file mode 100644 index bdeef9b65..000000000 --- a/programs/ssl/ssl_mail_client.c +++ /dev/null @@ -1,813 +0,0 @@ -/* - * SSL client for SMTP servers - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of gethostname() even when compiling with -std=c99. Must - * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ - -#define _POSIX_C_SOURCE 200112L -#define _XOPEN_SOURCE 600 - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/base64.h" -#include "mbedtls/error.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "test/certs.h" -#include "mbedtls/x509.h" - -#include -#include - -#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32) -#include -#else -#include -#endif - -#if defined(_WIN32) || defined(_WIN32_WCE) -#include -#include - -#if defined(_MSC_VER) -#if defined(_WIN32_WCE) -#pragma comment( lib, "ws2.lib" ) -#else -#pragma comment( lib, "ws2_32.lib" ) -#endif -#endif /* _MSC_VER */ -#endif - -#define DFL_SERVER_NAME "localhost" -#define DFL_SERVER_PORT "465" -#define DFL_USER_NAME "user" -#define DFL_USER_PWD "password" -#define DFL_MAIL_FROM "" -#define DFL_MAIL_TO "" -#define DFL_DEBUG_LEVEL 0 -#define DFL_CA_FILE "" -#define DFL_CRT_FILE "" -#define DFL_KEY_FILE "" -#define DFL_FORCE_CIPHER 0 -#define DFL_MODE 0 -#define DFL_AUTHENTICATION 0 - -#define MODE_SSL_TLS 0 -#define MODE_STARTTLS 0 - -#if defined(MBEDTLS_BASE64_C) -#define USAGE_AUTH \ - " authentication=%%d default: 0 (disabled)\n" \ - " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \ - " user_pwd=%%s default: \"" \ - DFL_USER_PWD "\"\n" -#else -#define USAGE_AUTH \ - " authentication options disabled. (Require MBEDTLS_BASE64_C)\n" -#endif /* MBEDTLS_BASE64_C */ - -#if defined(MBEDTLS_FS_IO) -#define USAGE_IO \ - " ca_file=%%s default: \"\" (pre-loaded)\n" \ - " crt_file=%%s default: \"\" (pre-loaded)\n" \ - " key_file=%%s default: \"\" (pre-loaded)\n" -#else -#define USAGE_IO \ - " No file operations available (MBEDTLS_FS_IO not defined)\n" -#endif /* MBEDTLS_FS_IO */ - -#define USAGE \ - "\n usage: ssl_mail_client param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_name=%%s default: " DFL_SERVER_NAME "\n" \ - " server_port=%%d default: " \ - DFL_SERVER_PORT "\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \ - USAGE_AUTH \ - " mail_from=%%s default: \"\"\n" \ - " mail_to=%%s default: \"\"\n" \ - USAGE_IO \ - " force_ciphersuite= default: all enabled\n" \ - " acceptable ciphersuite names:\n" - - -/* - * global options - */ -struct options { - const char *server_name; /* hostname of the server (client only) */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int authentication; /* if authentication is required */ - int mode; /* SSL/TLS (0) or STARTTLS (1) */ - const char *user_name; /* username to use for authentication */ - const char *user_pwd; /* password to use for authentication */ - const char *mail_from; /* E-Mail address to use as sender */ - const char *mail_to; /* E-Mail address to use as recipient */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *crt_file; /* the file with the client certificate */ - const char *key_file; /* the file with the client key */ - int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ -} opt; - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -static int do_handshake(mbedtls_ssl_context *ssl) -{ - int ret; - uint32_t flags; - unsigned char buf[1024]; - memset(buf, 0, 1024); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { -#if defined(MBEDTLS_ERROR_C) - mbedtls_strerror(ret, (char *) buf, 1024); -#endif - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf); - return -1; - } - } - - mbedtls_printf(" ok\n [ Ciphersuite is %s ]\n", - mbedtls_ssl_get_ciphersuite(ssl)); - - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - /* In real life, we probably want to bail out when ret != 0 */ - if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - char vrfy_buf[512]; -#endif - - mbedtls_printf(" failed\n"); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); -#endif - } else { - mbedtls_printf(" ok\n"); - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_printf(" . Peer certificate information ...\n"); - mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", - mbedtls_ssl_get_peer_cert(ssl)); - mbedtls_printf("%s\n", buf); -#endif - - return 0; -} - -static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - int ret; - - mbedtls_printf("\n%s", buf); - while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - return -1; - } - } - - return 0; -} - -static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - int ret; - unsigned char data[128]; - char code[4]; - size_t i, idx = 0; - - mbedtls_printf("\n%s", buf); - while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - return -1; - } - } - - do { - len = sizeof(data) - 1; - memset(data, 0, sizeof(data)); - ret = mbedtls_ssl_read(ssl, data, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - return -1; - } - - if (ret <= 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret); - return -1; - } - - mbedtls_printf("\n%s", data); - len = ret; - for (i = 0; i < len; i++) { - if (data[i] != '\n') { - if (idx < 4) { - code[idx++] = data[i]; - } - continue; - } - - if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') { - code[3] = '\0'; - return atoi(code); - } - - idx = 0; - } - } while (1); -} - -static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len) -{ - int ret; - unsigned char data[128]; - char code[4]; - size_t i, idx = 0; - - mbedtls_printf("\n%s", buf); - if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - return -1; - } - - do { - len = sizeof(data) - 1; - memset(data, 0, sizeof(data)); - ret = mbedtls_net_recv(sock_fd, data, len); - - if (ret <= 0) { - mbedtls_printf("failed\n ! mbedtls_net_recv returned %d\n\n", ret); - return -1; - } - - data[len] = '\0'; - mbedtls_printf("\n%s", data); - len = ret; - for (i = 0; i < len; i++) { - if (data[i] != '\n') { - if (idx < 4) { - code[idx++] = data[i]; - } - continue; - } - - if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') { - code[3] = '\0'; - return atoi(code); - } - - idx = 0; - } - } while (1); -} - -int main(int argc, char *argv[]) -{ - int ret = 1, len; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context server_fd; -#if defined(MBEDTLS_BASE64_C) - unsigned char base[1024]; - /* buf is used as the destination buffer for printing base with the format: - * "%s\r\n". Hence, the size of buf should be at least the size of base - * plus 2 bytes for the \r and \n characters. - */ - unsigned char buf[sizeof(base) + 2]; -#else - unsigned char buf[1024]; -#endif - char hostname[32]; - const char *pers = "ssl_mail_client"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; - mbedtls_pk_context pkey; - int i; - size_t n; - char *p, *q; - const int *list; - - /* - * Make sure memory references are valid in case we exit early. - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - memset(&buf, 0, sizeof(buf)); - mbedtls_x509_crt_init(&cacert); - mbedtls_x509_crt_init(&clicert); - mbedtls_pk_init(&pkey); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - - list = mbedtls_ssl_list_ciphersuites(); - while (*list) { - mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); - list++; - } - mbedtls_printf("\n"); - goto exit; - } - - opt.server_name = DFL_SERVER_NAME; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.authentication = DFL_AUTHENTICATION; - opt.mode = DFL_MODE; - opt.user_name = DFL_USER_NAME; - opt.user_pwd = DFL_USER_PWD; - opt.mail_from = DFL_MAIL_FROM; - opt.mail_to = DFL_MAIL_TO; - opt.ca_file = DFL_CA_FILE; - opt.crt_file = DFL_CRT_FILE; - opt.key_file = DFL_KEY_FILE; - opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "server_name") == 0) { - opt.server_name = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "authentication") == 0) { - opt.authentication = atoi(q); - if (opt.authentication < 0 || opt.authentication > 1) { - goto usage; - } - } else if (strcmp(p, "mode") == 0) { - opt.mode = atoi(q); - if (opt.mode < 0 || opt.mode > 1) { - goto usage; - } - } else if (strcmp(p, "user_name") == 0) { - opt.user_name = q; - } else if (strcmp(p, "user_pwd") == 0) { - opt.user_pwd = q; - } else if (strcmp(p, "mail_from") == 0) { - opt.mail_from = q; - } else if (strcmp(p, "mail_to") == 0) { - opt.mail_to = q; - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "crt_file") == 0) { - opt.crt_file = q; - } else if (strcmp(p, "key_file") == 0) { - opt.key_file = q; - } else if (strcmp(p, "force_ciphersuite") == 0) { - opt.force_ciphersuite[0] = -1; - - opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); - - if (opt.force_ciphersuite[0] <= 0) { - goto usage; - } - - opt.force_ciphersuite[1] = 0; - } else { - goto usage; - } - } - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.ca_file)) { - ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); - } else -#endif -#if defined(MBEDTLS_PEM_PARSE_C) - ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); -#else - { - mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); - goto exit; - } -#endif - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1.2. Load own certificate and private key - * - * (can be skipped if client authentication is not required) - */ - mbedtls_printf(" . Loading the client cert. and key..."); - fflush(stdout); - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.crt_file)) { - ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file); - } else -#endif - ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt, - mbedtls_test_cli_crt_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "", - mbedtls_ctr_drbg_random, &ctr_drbg); - } else -#endif -#if defined(MBEDTLS_PEM_PARSE_C) - { - ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, - NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); - } -#else - { - mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); - goto exit; - } -#endif - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Start the connection - */ - mbedtls_printf(" . Connecting to tcp/%s/%s...", opt.server_name, - opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, opt.server_name, - opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 3. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - /* OPTIONAL is not optimal for security, - * but makes interop easier in this simplified example */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { - mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); - } - - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - mbedtls_printf(" ok\n"); - - if (opt.mode == MODE_SSL_TLS) { - if (do_handshake(&ssl) != 0) { - goto exit; - } - - mbedtls_printf(" > Get header from server:"); - fflush(stdout); - - ret = write_ssl_and_get_response(&ssl, buf, 0); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write EHLO to server:"); - fflush(stdout); - - gethostname(hostname, 32); - len = sprintf((char *) buf, "EHLO %s\r\n", hostname); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - } else { - mbedtls_printf(" > Get header from server:"); - fflush(stdout); - - ret = write_and_get_response(&server_fd, buf, 0); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write EHLO to server:"); - fflush(stdout); - - gethostname(hostname, 32); - len = sprintf((char *) buf, "EHLO %s\r\n", hostname); - ret = write_and_get_response(&server_fd, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write STARTTLS to server:"); - fflush(stdout); - - gethostname(hostname, 32); - len = sprintf((char *) buf, "STARTTLS\r\n"); - ret = write_and_get_response(&server_fd, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - if (do_handshake(&ssl) != 0) { - goto exit; - } - } - -#if defined(MBEDTLS_BASE64_C) - if (opt.authentication) { - mbedtls_printf(" > Write AUTH LOGIN to server:"); - fflush(stdout); - - len = sprintf((char *) buf, "AUTH LOGIN\r\n"); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write username to server: %s", opt.user_name); - fflush(stdout); - - ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name, - strlen(opt.user_name)); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret); - goto exit; - } - len = sprintf((char *) buf, "%s\r\n", base); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 300 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write password to server: %s", opt.user_pwd); - fflush(stdout); - - ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd, - strlen(opt.user_pwd)); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret); - goto exit; - } - len = sprintf((char *) buf, "%s\r\n", base); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif - - mbedtls_printf(" > Write MAIL FROM to server:"); - fflush(stdout); - - len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); - if (len < 0 || (size_t) len >= sizeof(buf)) { - mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); - goto exit; - } - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write RCPT TO to server:"); - fflush(stdout); - - len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); - if (len < 0 || (size_t) len >= sizeof(buf)) { - mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); - goto exit; - } - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write DATA to server:"); - fflush(stdout); - - len = sprintf((char *) buf, "DATA\r\n"); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 300 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write content to server:"); - fflush(stdout); - - len = mbedtls_snprintf((char *) buf, sizeof(buf), - "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" - "This is a simple test mail from the " - "Mbed TLS mail client example.\r\n" - "\r\n" - "Enjoy!", opt.mail_from); - if (len < 0 || (size_t) len >= sizeof(buf)) { - mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); - goto exit; - } - ret = write_ssl_data(&ssl, buf, len); - - len = sprintf((char *) buf, "\r\n.\r\n"); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_ssl_close_notify(&ssl); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&clicert); - mbedtls_x509_crt_free(&cacert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && - MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c deleted file mode 100644 index d8213cb14..000000000 --- a/programs/ssl/ssl_pthread_server.c +++ /dev/null @@ -1,490 +0,0 @@ -/* - * SSL server demonstration program using pthread for handling multiple - * clients. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#elif !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) -int main(void) -{ - mbedtls_printf("MBEDTLS_THREADING_PTHREAD not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#if defined(_WIN32) -#include -#endif - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - - -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" - -#define DEBUG_LEVEL 0 - -#define MAX_NUM_THREADS 5 - -mbedtls_threading_mutex_t debug_mutex; - -static void my_mutexed_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - long int thread_id = (long int) pthread_self(); - - mbedtls_mutex_lock(&debug_mutex); - - ((void) level); - mbedtls_fprintf((FILE *) ctx, "%s:%04d: [ #%ld ] %s", - file, line, thread_id, str); - fflush((FILE *) ctx); - - mbedtls_mutex_unlock(&debug_mutex); -} - -typedef struct { - mbedtls_net_context client_fd; - int thread_complete; - const mbedtls_ssl_config *config; -} thread_info_t; - -typedef struct { - int active; - thread_info_t data; - pthread_t thread; -} pthread_info_t; - -static thread_info_t base_info; -static pthread_info_t threads[MAX_NUM_THREADS]; - -static void *handle_ssl_connection(void *data) -{ - int ret, len; - thread_info_t *thread_info = (thread_info_t *) data; - mbedtls_net_context *client_fd = &thread_info->client_fd; - long int thread_id = (long int) pthread_self(); - unsigned char buf[1024]; - mbedtls_ssl_context ssl; - - /* Make sure memory references are valid */ - mbedtls_ssl_init(&ssl); - - mbedtls_printf(" [ #%ld ] Setting up SSL/TLS data\n", thread_id); - - /* - * 4. Get the SSL context ready - */ - if ((ret = mbedtls_ssl_setup(&ssl, thread_info->config)) != 0) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n", - thread_id, (unsigned int) -ret); - goto thread_exit; - } - - mbedtls_ssl_set_bio(&ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - /* - * 5. Handshake - */ - mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n", - thread_id, (unsigned int) -ret); - goto thread_exit; - } - } - - mbedtls_printf(" [ #%ld ] ok\n", thread_id); - - /* - * 6. Read the HTTP Request - */ - mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" [ #%ld ] connection was closed gracefully\n", - thread_id); - goto thread_exit; - - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" [ #%ld ] connection was reset by peer\n", - thread_id); - goto thread_exit; - - default: - mbedtls_printf(" [ #%ld ] mbedtls_ssl_read returned -0x%04x\n", - thread_id, (unsigned int) -ret); - goto thread_exit; - } - } - - len = ret; - mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n", - thread_id, len, (char *) buf); - fflush(stdout); - - if (ret > 0) { - break; - } - } while (1); - - /* - * 7. Write the 200 Response - */ - mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id); - fflush(stdout); - - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" [ #%ld ] failed: peer closed the connection\n", - thread_id); - goto thread_exit; - } - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n", - thread_id, (unsigned int) ret); - goto thread_exit; - } - } - - len = ret; - mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n", - thread_id, len, (char *) buf); - fflush(stdout); - - mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id); - - while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n", - thread_id, (unsigned int) ret); - goto thread_exit; - } - } - - mbedtls_printf(" ok\n"); - fflush(stdout); - - ret = 0; - -thread_exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n", - thread_id, (unsigned int) -ret, error_buf); - } -#endif - - mbedtls_net_free(client_fd); - mbedtls_ssl_free(&ssl); - - thread_info->thread_complete = 1; - - return NULL; -} - -static int thread_create(mbedtls_net_context *client_fd) -{ - int ret, i; - - /* - * Find in-active or finished thread slot - */ - for (i = 0; i < MAX_NUM_THREADS; i++) { - if (threads[i].active == 0) { - break; - } - - if (threads[i].data.thread_complete == 1) { - mbedtls_printf(" [ main ] Cleaning up thread %d\n", i); - pthread_join(threads[i].thread, NULL); - memset(&threads[i], 0, sizeof(pthread_info_t)); - break; - } - } - - if (i == MAX_NUM_THREADS) { - return -1; - } - - /* - * Fill thread-info for thread - */ - memcpy(&threads[i].data, &base_info, sizeof(base_info)); - threads[i].active = 1; - memcpy(&threads[i].data.client_fd, client_fd, sizeof(mbedtls_net_context)); - - if ((ret = pthread_create(&threads[i].thread, NULL, handle_ssl_connection, - &threads[i].data)) != 0) { - return ret; - } - - return 0; -} - -int main(void) -{ - int ret; - mbedtls_net_context listen_fd, client_fd; - const char pers[] = "ssl_pthread_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_x509_crt cachain; - mbedtls_pk_context pkey; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[100000]; -#endif -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif - - mbedtls_x509_crt_init(&srvcert); - mbedtls_x509_crt_init(&cachain); - - mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(threads, 0, sizeof(threads)); - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - - mbedtls_mutex_init(&debug_mutex); - - base_info.config = &conf; - - /* - * We use only a single entropy source that is used in all the threads. - */ - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - /* - * 1a. Seed the random number generator - */ - mbedtls_printf(" . Seeding the random number generator..."); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1b. Load the certificates and private RSA key - */ - mbedtls_printf("\n . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&cachain, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - mbedtls_pk_init(&pkey); - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1c. Prepare SSL configuration - */ - mbedtls_printf(" . Setting up the SSL data...."); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed: mbedtls_ssl_config_defaults returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout); - - /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if - * MBEDTLS_THREADING_C is set. - */ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - - mbedtls_ssl_conf_ca_chain(&conf, &cachain, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on https://localhost:4433/ ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - -reset: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf(" [ main ] Last error was: -0x%04x - %s\n", (unsigned int) -ret, - error_buf); - } -#endif - - /* - * 3. Wait until a client connects - */ - mbedtls_printf(" [ main ] Waiting for a remote connection\n"); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" [ main ] failed: mbedtls_net_accept returned -0x%04x\n", - (unsigned int) ret); - goto exit; - } - - mbedtls_printf(" [ main ] ok\n"); - mbedtls_printf(" [ main ] Creating a new thread\n"); - - if ((ret = thread_create(&client_fd)) != 0) { - mbedtls_printf(" [ main ] failed: thread_create returned %d\n", ret); - mbedtls_net_free(&client_fd); - goto reset; - } - - ret = 0; - goto reset; - -exit: - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_ssl_config_free(&conf); - mbedtls_net_free(&listen_fd); - mbedtls_mutex_free(&debug_mutex); -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - mbedtls_psa_crypto_free(); - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c deleted file mode 100644 index 9a90d1d44..000000000 --- a/programs/ssl/ssl_server.c +++ /dev/null @@ -1,356 +0,0 @@ -/* - * SSL server demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#if defined(_WIN32) -#include -#endif - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "mbedtls/debug.h" -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" - -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret, len; - mbedtls_net_context listen_fd, client_fd; - unsigned char buf[1024]; - const char *pers = "ssl_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 1. Seed the RNG - */ - mbedtls_printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Load the certificates and private RSA key - */ - mbedtls_printf("\n . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 3. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on https://localhost:4433/ ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 4. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL data...."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - -reset: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - - mbedtls_ssl_session_reset(&ssl); - - /* - * 3. Wait until a client connects - */ - mbedtls_printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - mbedtls_printf(" ok\n"); - - /* - * 5. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret); - goto reset; - } - } - - mbedtls_printf(" ok\n"); - - /* - * 6. Read the HTTP Request - */ - mbedtls_printf(" < Read from client:"); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - break; - - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" connection was reset by peer\n"); - break; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - break; - } - - break; - } - - len = ret; - mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf); - - if (ret > 0) { - break; - } - } while (1); - - /* - * 7. Write the 200 Response - */ - mbedtls_printf(" > Write to client:"); - fflush(stdout); - - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" failed\n ! peer closed the connection\n\n"); - goto reset; - } - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - } - - len = ret; - mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf); - - mbedtls_printf(" . Closing the connection..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret); - goto reset; - } - } - - mbedtls_printf(" ok\n"); - fflush(stdout); - - ret = 0; - goto reset; - -exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c deleted file mode 100644 index 579c0a190..000000000 --- a/programs/ssl/ssl_server2.c +++ /dev/null @@ -1,4359 +0,0 @@ -/* - * SSL client with options - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "ssl_test_lib.h" - -#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) -int main(void) -{ - mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE); - mbedtls_exit(0); -} -#elif !defined(MBEDTLS_SSL_SRV_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_SSL_SRV_C not defined.\n"); - mbedtls_exit(0); -} -#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */ - -#include - -#if !defined(_MSC_VER) -#include -#endif - -#if !defined(_WIN32) -#include -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) -#include "mbedtls/ssl_ticket.h" -#endif - -#if defined(MBEDTLS_SSL_COOKIE_C) -#include "mbedtls/ssl_cookie.h" -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_FS_IO) -#define SNI_OPTION -#endif - -#if defined(_WIN32) -#include -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#include "test/psa_crypto_helpers.h" -#endif - -#include "mbedtls/pk.h" -#include "mbedtls/dhm.h" - -/* Size of memory to be allocated for the heap, when using the library's memory - * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 180000 - -#define DFL_SERVER_ADDR NULL -#define DFL_SERVER_PORT "4433" -#define DFL_RESPONSE_SIZE -1 -#define DFL_DEBUG_LEVEL 0 -#define DFL_NBIO 0 -#define DFL_EVENT 0 -#define DFL_READ_TIMEOUT 0 -#define DFL_CA_FILE "" -#define DFL_CA_PATH "" -#define DFL_CRT_FILE "" -#define DFL_KEY_FILE "" -#define DFL_KEY_OPAQUE 0 -#define DFL_KEY_PWD "" -#define DFL_CRT_FILE2 "" -#define DFL_KEY_FILE2 "" -#define DFL_KEY_PWD2 "" -#define DFL_ASYNC_OPERATIONS "-" -#define DFL_ASYNC_PRIVATE_DELAY1 (-1) -#define DFL_ASYNC_PRIVATE_DELAY2 (-1) -#define DFL_ASYNC_PRIVATE_ERROR (0) -#define DFL_PSK "" -#define DFL_PSK_OPAQUE 0 -#define DFL_PSK_LIST_OPAQUE 0 -#define DFL_PSK_IDENTITY "Client_identity" -#define DFL_ECJPAKE_PW NULL -#define DFL_ECJPAKE_PW_OPAQUE 0 -#define DFL_PSK_LIST NULL -#define DFL_FORCE_CIPHER 0 -#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL -#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED -#define DFL_ALLOW_LEGACY -2 -#define DFL_RENEGOTIATE 0 -#define DFL_RENEGO_DELAY -2 -#define DFL_RENEGO_PERIOD ((uint64_t) -1) -#define DFL_EXCHANGES 1 -#define DFL_MIN_VERSION -1 -#define DFL_MAX_VERSION -1 -#define DFL_SHA1 -1 -#define DFL_CID_ENABLED 0 -#define DFL_CID_VALUE "" -#define DFL_CID_ENABLED_RENEGO -1 -#define DFL_CID_VALUE_RENEGO NULL -#define DFL_AUTH_MODE -1 -#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED -#define DFL_CERT_REQ_DN_HINT 0 -#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE -#define DFL_TRUNC_HMAC -1 -#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED -#define DFL_DUMMY_TICKET 0 -#define DFL_TICKET_ROTATE 0 -#define DFL_TICKET_TIMEOUT 86400 -#define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM -#define DFL_CACHE_MAX -1 -#define DFL_CACHE_TIMEOUT -1 -#define DFL_CACHE_REMOVE 0 -#define DFL_SNI NULL -#define DFL_ALPN_STRING NULL -#define DFL_GROUPS NULL -#define DFL_EARLY_DATA -1 -#define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1) -#define DFL_SIG_ALGS NULL -#define DFL_DHM_FILE NULL -#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM -#define DFL_COOKIES 1 -#define DFL_ANTI_REPLAY -1 -#define DFL_HS_TO_MIN 0 -#define DFL_HS_TO_MAX 0 -#define DFL_DTLS_MTU -1 -#define DFL_BADMAC_LIMIT -1 -#define DFL_DGRAM_PACKING 1 -#define DFL_EXTENDED_MS -1 -#define DFL_ETM -1 -#define DFL_SERIALIZE 0 -#define DFL_CONTEXT_FILE "" -#define DFL_EXTENDED_MS_ENFORCE -1 -#define DFL_CA_CALLBACK 0 -#define DFL_EAP_TLS 0 -#define DFL_REPRODUCIBLE 0 -#define DFL_NSS_KEYLOG 0 -#define DFL_NSS_KEYLOG_FILE NULL -#define DFL_QUERY_CONFIG_MODE 0 -#define DFL_USE_SRTP 0 -#define DFL_SRTP_FORCE_PROFILE 0 -#define DFL_SRTP_SUPPORT_MKI 0 -#define DFL_KEY_OPAQUE_ALG "none" - -#define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah

\r\n" - -/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer - * packets (for fragmentation purposes) */ -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" // LONG_RESPONSE - -/* - * Size of the basic I/O buffer. Able to hold our default response. - */ -#define DFL_IO_BUF_LEN 200 - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_FS_IO) -#define USAGE_IO \ - " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded) (overrides ca_file)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ - " default: see note after key_file2\n" \ - " key_file=%%s default: see note after key_file2\n" \ - " key_pwd=%%s Password for key specified by key_file argument\n" \ - " default: none\n" \ - " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \ - " default: see note after key_file2\n" \ - " key_file2=%%s default: see note below\n" \ - " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ - " preloaded certificate(s) and key(s) are used if available\n" \ - " key_pwd2=%%s Password for key specified by key_file2 argument\n" \ - " default: none\n" \ - " dhm_file=%%s File containing Diffie-Hellman parameters\n" \ - " default: preloaded parameters\n" -#else -#define USAGE_IO \ - "\n" \ - " No file operations available (MBEDTLS_FS_IO not defined)\n" \ - "\n" -#endif /* MBEDTLS_FS_IO */ -#else -#define USAGE_IO "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_KEY_OPAQUE \ - " key_opaque=%%d Handle your private keys as if they were opaque\n" \ - " default: 0 (disabled)\n" -#else -#define USAGE_KEY_OPAQUE "" -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#define USAGE_SSL_ASYNC \ - " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ - " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ - " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \ - " default: -1 (not asynchronous)\n" \ - " async_private_error=%%d Async callback error injection (default=0=none,\n" \ - " 1=start, 2=cancel, 3=resume, negative=first time only)" -#else -#define USAGE_SSL_ASYNC "" -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define USAGE_CID \ - " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \ - " default: 0 (disabled)\n" \ - " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \ - " default: same as 'cid' parameter\n" \ - " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \ - " default: \"\"\n" \ - " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \ - " default: same as 'cid_val' parameter\n" -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#define USAGE_CID "" -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#define USAGE_PSK_RAW \ - " psk=%%s default: \"\" (disabled)\n" \ - " The PSK values are in hex, without 0x.\n" \ - " psk_list=%%s default: \"\"\n" \ - " A list of (PSK identity, PSK value) pairs.\n" \ - " The PSK values are in hex, without 0x.\n" \ - " id1,psk1[,id2,psk2[,...]]\n" \ - " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define USAGE_PSK_SLOT \ - " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ - " Enable this to store the PSK configured through command line\n" \ - " parameter `psk` in a PSA-based key slot.\n" \ - " Note: Currently only supported in conjunction with\n" \ - " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \ - " to force a particular PSK-only ciphersuite.\n" \ - " Note: This is to test integration of PSA-based opaque PSKs with\n" \ - " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ - " with prepopulated key slots instead of importing raw key material.\n" \ - " psk_list_opaque=%%d default: 0 (don't use opaque dynamic PSKs)\n" \ - " Enable this to store the list of dynamically chosen PSKs configured\n" \ - " through the command line parameter `psk_list` in PSA-based key slots.\n" \ - " Note: Currently only supported in conjunction with\n" \ - " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \ - " to force a particular PSK-only ciphersuite.\n" \ - " Note: This is to test integration of PSA-based opaque PSKs with\n" \ - " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ - " with prepopulated key slots instead of importing raw key material.\n" -#else -#define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT -#else -#define USAGE_PSK "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -#define USAGE_CA_CALLBACK \ - " ca_callback=%%d default: 0 (disabled)\n" \ - " Enable this to use the trusted certificate callback function\n" -#else -#define USAGE_CA_CALLBACK "" -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) -#define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" \ - " ticket_rotate=%%d default: 0 (disabled)\n" \ - " ticket_timeout=%%d default: 86400 (one day)\n" \ - " ticket_aead=%%s default: \"AES-256-GCM\"\n" -#else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ -#define USAGE_TICKETS "" -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ - -#define USAGE_EAP_TLS \ - " eap_tls=%%d default: 0 (disabled)\n" -#define USAGE_NSS_KEYLOG \ - " nss_keylog=%%d default: 0 (disabled)\n" \ - " This cannot be used with eap_tls=1\n" -#define USAGE_NSS_KEYLOG_FILE \ - " nss_keylog_file=%%s\n" -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#define USAGE_SRTP \ - " use_srtp=%%d default: 0 (disabled)\n" \ - " srtp_force_profile=%%d default: 0 (all enabled)\n" \ - " available profiles:\n" \ - " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ - " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ - " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ - " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " support_mki=%%d default: 0 (not supported)\n" -#else /* MBEDTLS_SSL_DTLS_SRTP */ -#define USAGE_SRTP "" -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) -#define USAGE_CACHE \ - " cache_max=%%d default: cache default (50)\n" \ - " cache_remove=%%d default: 0 (don't remove)\n" -#if defined(MBEDTLS_HAVE_TIME) -#define USAGE_CACHE_TIME \ - " cache_timeout=%%d default: cache default (1d)\n" -#else -#define USAGE_CACHE_TIME "" -#endif -#else -#define USAGE_CACHE "" -#define USAGE_CACHE_TIME "" -#endif /* MBEDTLS_SSL_CACHE_C */ - -#if defined(SNI_OPTION) -#if defined(MBEDTLS_X509_CRL_PARSE_C) -#define SNI_CRL ",crl" -#else -#define SNI_CRL "" -#endif - -#define USAGE_SNI \ - " sni=%%s name1,cert1,key1,ca1"SNI_CRL ",auth1[,...]\n" \ - " default: disabled\n" -#else -#define USAGE_SNI "" -#endif /* SNI_OPTION */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -#define USAGE_MAX_FRAG_LEN \ - " max_frag_len=%%d default: 16384 (tls default)\n" \ - " options: 512, 1024, 2048, 4096\n" -#else -#define USAGE_MAX_FRAG_LEN "" -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ALPN) -#define USAGE_ALPN \ - " alpn=%%s default: \"\" (disabled)\n" \ - " example: spdy/1,http/1.1\n" -#else -#define USAGE_ALPN "" -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -#define USAGE_COOKIES \ - " cookies=0/1/-1 default: 1 (enabled)\n" \ - " 0: disabled, -1: library default (broken)\n" -#else -#define USAGE_COOKIES "" -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -#define USAGE_ANTI_REPLAY \ - " anti_replay=0/1 default: (library default: enabled)\n" -#else -#define USAGE_ANTI_REPLAY "" -#endif - -#define USAGE_BADMAC_LIMIT \ - " badmac_limit=%%d default: (library default: disabled)\n" - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#define USAGE_DTLS \ - " dtls=%%d default: 0 (TLS)\n" \ - " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \ - " range of DTLS handshake timeouts in millisecs\n" \ - " mtu=%%d default: (library default: unlimited)\n" \ - " dgram_packing=%%d default: 1 (allowed)\n" \ - " allow or forbid packing of multiple\n" \ - " records within a single datgram.\n" -#else -#define USAGE_DTLS "" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -#define USAGE_EMS \ - " extended_ms=0/1 default: (library default: on)\n" -#else -#define USAGE_EMS "" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define USAGE_ETM \ - " etm=0/1 default: (library default: on)\n" -#else -#define USAGE_ETM "" -#endif - -#define USAGE_REPRODUCIBLE \ - " reproducible=0/1 default: 0 (disabled)\n" - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -#define USAGE_RENEGO \ - " renegotiation=%%d default: 0 (disabled)\n" \ - " renegotiate=%%d default: 0 (disabled)\n" \ - " renego_delay=%%d default: -2 (library default)\n" \ - " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n" -#else -#define USAGE_RENEGO "" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" \ - " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#define USAGE_ECJPAKE "" -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#define USAGE_EARLY_DATA \ - " early_data=%%d default: library default\n" \ - " options: 0 (disabled), 1 (enabled)\n" \ - " max_early_data_size=%%d default: library default\n" \ - " options: max amount of early data\n" -#else -#define USAGE_EARLY_DATA "" -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) -#define USAGE_GROUPS \ - " groups=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"secp521r1,brainpoolP512r1\"\n" \ - " - use \"none\" for empty list\n" \ - " - see mbedtls_ecp_curve_list()\n" \ - " for acceptable EC group names\n" \ - " - the following ffdh groups are supported:\n" \ - " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \ - " ffdhe8192\n" -#else -#define USAGE_GROUPS "" -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_SIG_ALGS \ - " sig_algs=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n" -#else -#define USAGE_SIG_ALGS "" -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -#define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" \ - " context_file=%%s The file path to write a serialized connection\n" \ - " in the form of base64 code (serialize option\n" \ - " must be set)\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" -#else -#define USAGE_SERIALIZATION "" -#endif - -#define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" \ - " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " tls13_kex_modes=%%s default: all\n" \ - " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \ - " ephemeral_all, all, psk_or_ephemeral\n" -#else -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - -/* USAGE is arbitrarily split to stay under the portable string literal - * length limit: 4095 bytes in C99. */ -#define USAGE1 \ - "\n usage: ssl_server2 param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_addr=%%s default: (all interfaces)\n" \ - " server_port=%%d default: 4433\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " build_version=%%d default: none (disabled)\n" \ - " option: 1 (print build version only and stop)\n" \ - " buffer_size=%%d default: 200 \n" \ - " (minimum: 1)\n" \ - " response_size=%%d default: about 152 (basic response)\n" \ - " (minimum: 0, max: 16384)\n" \ - " increases buffer_size if bigger\n" \ - " nbio=%%d default: 0 (blocking I/O)\n" \ - " options: 1 (non-blocking), 2 (added delays)\n" \ - " event=%%d default: 0 (loop)\n" \ - " options: 1 (level-triggered, implies nbio=1),\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ - "\n" \ - USAGE_DTLS \ - USAGE_SRTP \ - USAGE_COOKIES \ - USAGE_ANTI_REPLAY \ - USAGE_BADMAC_LIMIT \ - "\n" -#define USAGE2 \ - " auth_mode=%%s default: (library default: none)\n" \ - " options: none, optional, required\n" \ - " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ - " options: 1 (send ca list), 0 (don't send)\n" \ - " 2 (send conf dn hint), 3 (send hs dn hint)\n" \ - USAGE_IO \ - USAGE_KEY_OPAQUE \ - "\n" \ - USAGE_PSK \ - USAGE_CA_CALLBACK \ - USAGE_ECJPAKE \ - "\n" -#define USAGE3 \ - " allow_legacy=%%d default: (library default: no)\n" \ - USAGE_RENEGO \ - " exchanges=%%d default: 1\n" \ - "\n" \ - USAGE_TICKETS \ - USAGE_EAP_TLS \ - USAGE_REPRODUCIBLE \ - USAGE_NSS_KEYLOG \ - USAGE_NSS_KEYLOG_FILE \ - USAGE_CACHE \ - USAGE_CACHE_TIME \ - USAGE_MAX_FRAG_LEN \ - USAGE_ALPN \ - USAGE_EMS \ - USAGE_ETM \ - USAGE_GROUPS \ - USAGE_SIG_ALGS \ - USAGE_KEY_OPAQUE_ALGS \ - USAGE_EARLY_DATA \ - "\n" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define TLS1_3_VERSION_OPTIONS ", tls13" -#else /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#define TLS1_3_VERSION_OPTIONS "" -#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ - -#define USAGE4 \ - USAGE_SSL_ASYNC \ - USAGE_SNI \ - " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls12)\n" \ - " max_version=%%s default: (library default: tls12)\n" \ - " force_version=%%s default: \"\" (none)\n" \ - " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \ - "\n\n" \ - " force_ciphersuite= default: all enabled\n" \ - USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " query_config= return 0 if the specified\n" \ - " configuration macro is defined and 1\n" \ - " otherwise. The expansion of the macro\n" \ - " is printed if it is defined\n" \ - USAGE_SERIALIZATION \ - "\n" - -#define PUT_UINT64_BE(out_be, in_le, i) \ - { \ - (out_be)[(i) + 0] = (unsigned char) (((in_le) >> 56) & 0xFF); \ - (out_be)[(i) + 1] = (unsigned char) (((in_le) >> 48) & 0xFF); \ - (out_be)[(i) + 2] = (unsigned char) (((in_le) >> 40) & 0xFF); \ - (out_be)[(i) + 3] = (unsigned char) (((in_le) >> 32) & 0xFF); \ - (out_be)[(i) + 4] = (unsigned char) (((in_le) >> 24) & 0xFF); \ - (out_be)[(i) + 5] = (unsigned char) (((in_le) >> 16) & 0xFF); \ - (out_be)[(i) + 6] = (unsigned char) (((in_le) >> 8) & 0xFF); \ - (out_be)[(i) + 7] = (unsigned char) (((in_le) >> 0) & 0xFF); \ - } - -/* This is global so it can be easily accessed by callback functions */ -rng_context_t rng; - -/* - * global options - */ -struct options { - const char *server_addr; /* address on which the ssl service runs */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int nbio; /* should I/O be blocking? */ - int event; /* loop or event-driven IO? level or edge triggered? */ - uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ - int response_size; /* pad response with header to requested size */ - uint16_t buffer_size; /* IO buffer size */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *ca_path; /* the path with the CA certificate(s) reside */ - const char *crt_file; /* the file with the server certificate */ - const char *key_file; /* the file with the server key */ - int key_opaque; /* handle private key as if it were opaque */ - const char *key_pwd; /* the password for the server key */ - const char *crt_file2; /* the file with the 2nd server certificate */ - const char *key_file2; /* the file with the 2nd server key */ - const char *key_pwd2; /* the password for the 2nd server key */ - const char *async_operations; /* supported SSL asynchronous operations */ - int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ - int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ - int async_private_error; /* inject error in async private callback */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - int psk_opaque; - int psk_list_opaque; -#endif -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - int ca_callback; /* Use callback for trusted certificate list */ -#endif - const char *psk; /* the pre-shared key */ - const char *psk_identity; /* the pre-shared key identity */ - char *psk_list; /* list of PSK id/key pairs for callback */ - const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif - int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - int renegotiation; /* enable / disable renegotiation */ - int allow_legacy; /* allow legacy renegotiation */ - int renegotiate; /* attempt renegotiation? */ - int renego_delay; /* delay before enforcing renegotiation */ - uint64_t renego_period; /* period for automatic renegotiation */ - int exchanges; /* number of data exchanges */ - int min_version; /* minimum protocol version accepted */ - int max_version; /* maximum protocol version accepted */ - int allow_sha1; /* flag for SHA-1 support */ - int auth_mode; /* verify mode for connection */ - int cert_req_ca_list; /* should we send the CA list? */ - int cert_req_dn_hint; /* mode to set DN hints for CA list to send */ - unsigned char mfl_code; /* code for maximum fragment length */ - int trunc_hmac; /* accept truncated hmac? */ - int tickets; /* enable / disable session tickets */ - int dummy_ticket; /* enable / disable dummy ticket generator */ - int ticket_rotate; /* session ticket rotate (code coverage) */ - int ticket_timeout; /* session ticket lifetime */ - int ticket_aead; /* session ticket protection */ - int cache_max; /* max number of session cache entries */ -#if defined(MBEDTLS_HAVE_TIME) - int cache_timeout; /* expiration delay of session cache entries*/ -#endif - int cache_remove; /* enable / disable cache entry removal */ - char *sni; /* string describing sni information */ - const char *groups; /* list of supported groups */ - const char *sig_algs; /* supported TLS 1.3 signature algorithms */ - const char *alpn_string; /* ALPN supported protocols */ - const char *dhm_file; /* the file with the DH parameters */ - int extended_ms; /* allow negotiation of extended MS? */ - int etm; /* allow negotiation of encrypt-then-MAC? */ - int transport; /* TLS or DTLS? */ - int cookies; /* Use cookies for DTLS? -1 to break them */ - int anti_replay; /* Use anti-replay for DTLS? -1 for default */ - uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ - uint32_t hs_to_max; /* Max value of DTLS handshake timer */ - int dtls_mtu; /* UDP Maximum transport unit for DTLS */ - int dgram_packing; /* allow/forbid datagram packing */ - int badmac_limit; /* Limit of records with bad MAC */ - int eap_tls; /* derive EAP-TLS keying material? */ - int nss_keylog; /* export NSS key log material */ - const char *nss_keylog_file; /* NSS key log file */ - int cid_enabled; /* whether to use the CID extension or not */ - int cid_enabled_renego; /* whether to use the CID extension or not - * during renegotiation */ - const char *cid_val; /* the CID to use for incoming messages */ - int serialize; /* serialize/deserialize connection */ - const char *context_file; /* the file to write a serialized connection - * in the form of base64 code (serialize - * option must be set) */ - const char *cid_val_renego; /* the CID to use for incoming messages - * after renegotiation */ - int reproducible; /* make communication reproducible */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* early data enablement flag */ - uint32_t max_early_data_size; /* max amount of early data */ -#endif - int query_config_mode; /* whether to read config */ - int use_srtp; /* Support SRTP */ - int force_srtp_profile; /* SRTP protection profile to use or all */ - int support_mki; /* The dtls mki mki support */ - const char *key1_opaque_alg1; /* Allowed opaque key 1 alg 1 */ - const char *key1_opaque_alg2; /* Allowed opaque key 1 alg 2 */ - const char *key2_opaque_alg1; /* Allowed opaque key 2 alg 1 */ - const char *key2_opaque_alg2; /* Allowed opaque key 2 alg 2 */ -} opt; - -#include "ssl_test_common_source.c" - -/* - * Return authmode from string, or -1 on error - */ -static int get_auth_mode(const char *s) -{ - if (strcmp(s, "none") == 0) { - return MBEDTLS_SSL_VERIFY_NONE; - } - if (strcmp(s, "optional") == 0) { - return MBEDTLS_SSL_VERIFY_OPTIONAL; - } - if (strcmp(s, "required") == 0) { - return MBEDTLS_SSL_VERIFY_REQUIRED; - } - - return -1; -} - -/* - * Used by sni_parse and psk_parse to handle comma-separated lists - */ -#define GET_ITEM(dst) \ - do \ - { \ - (dst) = p; \ - while (*p != ',') \ - if (++p > end) \ - goto error; \ - *p++ = '\0'; \ - } while (0) - -#if defined(SNI_OPTION) -typedef struct _sni_entry sni_entry; - -struct _sni_entry { - const char *name; - mbedtls_x509_crt *cert; - mbedtls_pk_context *key; - mbedtls_x509_crt *ca; - mbedtls_x509_crl *crl; - int authmode; - sni_entry *next; -}; - -static void sni_free(sni_entry *head) -{ - sni_entry *cur = head, *next; - - while (cur != NULL) { - mbedtls_x509_crt_free(cur->cert); - mbedtls_free(cur->cert); - - mbedtls_pk_free(cur->key); - mbedtls_free(cur->key); - - mbedtls_x509_crt_free(cur->ca); - mbedtls_free(cur->ca); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - mbedtls_x509_crl_free(cur->crl); - mbedtls_free(cur->crl); -#endif - next = cur->next; - mbedtls_free(cur); - cur = next; - } -} - -/* - * Parse a string of sextuples name1,crt1,key1,ca1,crl1,auth1[,...] - * into a usable sni_entry list. For ca1, crl1, auth1, the special value - * '-' means unset. If ca1 is unset, then crl1 is ignored too. - * - * Modifies the input string! This is not production quality! - */ -static sni_entry *sni_parse(char *sni_string) -{ - sni_entry *cur = NULL, *new = NULL; - char *p = sni_string; - char *end = p; - char *crt_file, *key_file, *ca_file, *auth_str; -#if defined(MBEDTLS_X509_CRL_PARSE_C) - char *crl_file; -#endif - - while (*end != '\0') { - ++end; - } - *end = ','; - - while (p <= end) { - if ((new = mbedtls_calloc(1, sizeof(sni_entry))) == NULL) { - sni_free(cur); - return NULL; - } - - GET_ITEM(new->name); - GET_ITEM(crt_file); - GET_ITEM(key_file); - GET_ITEM(ca_file); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - GET_ITEM(crl_file); -#endif - GET_ITEM(auth_str); - - if ((new->cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL || - (new->key = mbedtls_calloc(1, sizeof(mbedtls_pk_context))) == NULL) { - goto error; - } - - mbedtls_x509_crt_init(new->cert); - mbedtls_pk_init(new->key); - - if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 || - mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) { - goto error; - } - - if (strcmp(ca_file, "-") != 0) { - if ((new->ca = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) { - goto error; - } - - mbedtls_x509_crt_init(new->ca); - - if (mbedtls_x509_crt_parse_file(new->ca, ca_file) != 0) { - goto error; - } - } - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - if (strcmp(crl_file, "-") != 0) { - if ((new->crl = mbedtls_calloc(1, sizeof(mbedtls_x509_crl))) == NULL) { - goto error; - } - - mbedtls_x509_crl_init(new->crl); - - if (mbedtls_x509_crl_parse_file(new->crl, crl_file) != 0) { - goto error; - } - } -#endif - - if (strcmp(auth_str, "-") != 0) { - if ((new->authmode = get_auth_mode(auth_str)) < 0) { - goto error; - } - } else { - new->authmode = DFL_AUTH_MODE; - } - - new->next = cur; - cur = new; - } - - return cur; - -error: - sni_free(new); - sni_free(cur); - return NULL; -} - -/* - * SNI callback. - */ -static int sni_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - const sni_entry *cur = (const sni_entry *) p_info; - - /* preserve behavior which checks for SNI match in sni_callback() for - * the benefits of tests using sni_callback(), even though the actual - * certificate assignment has moved to certificate selection callback - * in this application. This exercises sni_callback and cert_callback - * even though real applications might choose to do this differently. - * Application might choose to save name and name_len in user_data for - * later use in certificate selection callback. - */ - while (cur != NULL) { - if (name_len == strlen(cur->name) && - memcmp(name, cur->name, name_len) == 0) { - void *p; - *(const void **)&p = cur; - mbedtls_ssl_set_user_data_p(ssl, p); - return 0; - } - - cur = cur->next; - } - - return -1; -} - -/* - * server certificate selection callback. - */ -static int cert_callback(mbedtls_ssl_context *ssl) -{ - const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p(ssl); - if (cur != NULL) { - /*(exercise mbedtls_ssl_get_hs_sni(); not otherwise used here)*/ - size_t name_len; - const unsigned char *name = mbedtls_ssl_get_hs_sni(ssl, &name_len); - if (strlen(cur->name) != name_len || - memcmp(cur->name, name, name_len) != 0) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (cur->ca != NULL) { - mbedtls_ssl_set_hs_ca_chain(ssl, cur->ca, cur->crl); - } - - if (cur->authmode != DFL_AUTH_MODE) { - mbedtls_ssl_set_hs_authmode(ssl, cur->authmode); - } - - return mbedtls_ssl_set_hs_own_cert(ssl, cur->cert, cur->key); - } - - return 0; -} - -#endif /* SNI_OPTION */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - -typedef struct _psk_entry psk_entry; - -struct _psk_entry { - const char *name; - size_t key_len; - unsigned char key[MBEDTLS_PSK_MAX_LEN]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t slot; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - psk_entry *next; -}; - -/* - * Free a list of psk_entry's - */ -static int psk_free(psk_entry *head) -{ - psk_entry *next; - - while (head != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; - mbedtls_svc_key_id_t const slot = head->slot; - - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot) != 0) { - status = psa_destroy_key(slot); - if (status != PSA_SUCCESS) { - return status; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - next = head->next; - mbedtls_free(head); - head = next; - } - - return 0; -} - -/* - * Parse a string of pairs name1,key1[,name2,key2[,...]] - * into a usable psk_entry list. - * - * Modifies the input string! This is not production quality! - */ -static psk_entry *psk_parse(char *psk_string) -{ - psk_entry *cur = NULL, *new = NULL; - char *p = psk_string; - char *end = p; - char *key_hex; - - while (*end != '\0') { - ++end; - } - *end = ','; - - while (p <= end) { - if ((new = mbedtls_calloc(1, sizeof(psk_entry))) == NULL) { - goto error; - } - - memset(new, 0, sizeof(psk_entry)); - - GET_ITEM(new->name); - GET_ITEM(key_hex); - - if (mbedtls_test_unhexify(new->key, MBEDTLS_PSK_MAX_LEN, - key_hex, &new->key_len) != 0) { - goto error; - } - - new->next = cur; - cur = new; - } - - return cur; - -error: - psk_free(new); - psk_free(cur); - return 0; -} - -/* - * PSK callback - */ -static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - psk_entry *cur = (psk_entry *) p_info; - - while (cur != NULL) { - if (name_len == strlen(cur->name) && - memcmp(name, cur->name, name_len) == 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { - return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); - } else -#endif - return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); - } - - cur = cur->next; - } - - return -1; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -static mbedtls_net_context listen_fd, client_fd; - -/* Interruption handler to ensure clean exit (for valgrind testing) */ -#if !defined(_WIN32) -static int received_sigterm = 0; -static void term_handler(int sig) -{ - ((void) sig); - received_sigterm = 1; - mbedtls_net_free(&listen_fd); /* causes mbedtls_net_accept() to abort */ - mbedtls_net_free(&client_fd); /* causes net_read() to abort */ -} -#endif - -/** Return true if \p ret is a status code indicating that there is an - * operation in progress on an SSL connection, and false if it indicates - * success or a fatal error. - * - * The possible operations in progress are: - * - * - A read, when the SSL input buffer does not contain a full message. - * - A write, when the SSL output buffer contains some data that has not - * been sent over the network yet. - * - An asynchronous callback that has not completed yet. */ -static int mbedtls_status_is_ssl_in_progress(int ret) -{ - return ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE || - ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; -} - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -typedef struct { - mbedtls_x509_crt *cert; /*!< Certificate corresponding to the key */ - mbedtls_pk_context *pk; /*!< Private key */ - unsigned delay; /*!< Number of resume steps to go through */ - unsigned pk_owned : 1; /*!< Whether to free the pk object on exit */ -} ssl_async_key_slot_t; - -typedef enum { - SSL_ASYNC_INJECT_ERROR_NONE = 0, /*!< Let the callbacks succeed */ - SSL_ASYNC_INJECT_ERROR_START, /*!< Inject error during start */ - SSL_ASYNC_INJECT_ERROR_CANCEL, /*!< Close the connection after async start */ - SSL_ASYNC_INJECT_ERROR_RESUME, /*!< Inject error during resume */ -#define SSL_ASYNC_INJECT_ERROR_MAX SSL_ASYNC_INJECT_ERROR_RESUME -} ssl_async_inject_error_t; - -typedef struct { - ssl_async_key_slot_t slots[4]; /* key, key2, sni1, sni2 */ - size_t slots_used; - ssl_async_inject_error_t inject_error; - int (*f_rng)(void *, unsigned char *, size_t); - void *p_rng; -} ssl_async_key_context_t; - -static int ssl_async_set_key(ssl_async_key_context_t *ctx, - mbedtls_x509_crt *cert, - mbedtls_pk_context *pk, - int pk_take_ownership, - unsigned delay) -{ - if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) { - return -1; - } - ctx->slots[ctx->slots_used].cert = cert; - ctx->slots[ctx->slots_used].pk = pk; - ctx->slots[ctx->slots_used].delay = delay; - ctx->slots[ctx->slots_used].pk_owned = pk_take_ownership; - ++ctx->slots_used; - return 0; -} - -#define SSL_ASYNC_INPUT_MAX_SIZE 512 - -typedef enum { - ASYNC_OP_SIGN, - ASYNC_OP_DECRYPT, -} ssl_async_operation_type_t; - -typedef struct { - unsigned slot; - ssl_async_operation_type_t operation_type; - mbedtls_md_type_t md_alg; - unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE]; - size_t input_len; - unsigned remaining_delay; -} ssl_async_operation_context_t; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* Note that ssl_async_operation_type_t and the array below need to be kept in sync! - * `ssl_async_operation_names[op]` is the name of op for each value `op` - * of type `ssl_async_operation_type_t`. */ -static const char *const ssl_async_operation_names[] = -{ - "sign", - "decrypt", -}; - -static int ssl_async_start(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - ssl_async_operation_type_t op_type, - mbedtls_md_type_t md_alg, - const unsigned char *input, - size_t input_len) -{ - ssl_async_key_context_t *config_data = - mbedtls_ssl_conf_get_async_config_data(ssl->conf); - unsigned slot; - ssl_async_operation_context_t *ctx = NULL; - const char *op_name = ssl_async_operation_names[op_type]; - - { - char dn[100]; - if (mbedtls_x509_dn_gets(dn, sizeof(dn), &cert->subject) > 0) { - mbedtls_printf("Async %s callback: looking for DN=%s\n", - op_name, dn); - } - } - - /* Look for a private key that matches the public key in cert. - * Since this test code has the private key inside Mbed TLS, - * we call mbedtls_pk_check_pair to match a private key with the - * public key. */ - for (slot = 0; slot < config_data->slots_used; slot++) { - if (mbedtls_pk_check_pair(&cert->pk, - config_data->slots[slot].pk, - rng_get, &rng) == 0) { - break; - } - } - if (slot == config_data->slots_used) { - mbedtls_printf("Async %s callback: no key matches this certificate.\n", - op_name); - return MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH; - } - mbedtls_printf("Async %s callback: using key slot %u, delay=%u.\n", - op_name, slot, config_data->slots[slot].delay); - - if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START) { - mbedtls_printf("Async %s callback: injected error\n", op_name); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - if (input_len > SSL_ASYNC_INPUT_MAX_SIZE) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ctx = mbedtls_calloc(1, sizeof(*ctx)); - if (ctx == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - ctx->slot = slot; - ctx->operation_type = op_type; - ctx->md_alg = md_alg; - memcpy(ctx->input, input, input_len); - ctx->input_len = input_len; - ctx->remaining_delay = config_data->slots[slot].delay; - mbedtls_ssl_set_async_operation_data(ssl, ctx); - - if (ctx->remaining_delay == 0) { - return 0; - } else { - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - } -} - -static int ssl_async_sign(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_SIGN, md_alg, - hash, hash_len); -} - -static int ssl_async_decrypt(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, - input, input_len); -} - -static int ssl_async_resume(mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size) -{ - ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl); - ssl_async_key_context_t *config_data = - mbedtls_ssl_conf_get_async_config_data(ssl->conf); - ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot]; - int ret; - const char *op_name; - - if (ctx->remaining_delay > 0) { - --ctx->remaining_delay; - mbedtls_printf("Async resume (slot %u): call %u more times.\n", - ctx->slot, ctx->remaining_delay); - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - } - - switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size, - config_data->f_rng, config_data->p_rng); - break; - case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len, - config_data->f_rng, config_data->p_rng); - break; - default: - mbedtls_printf( - "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n", - ctx->slot, - (long) ctx->operation_type); - mbedtls_free(ctx); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - break; - } - - op_name = ssl_async_operation_names[ctx->operation_type]; - - if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME) { - mbedtls_printf("Async resume callback: %s done but injected error\n", - op_name); - mbedtls_free(ctx); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - mbedtls_printf("Async resume (slot %u): %s done, status=%d.\n", - ctx->slot, op_name, ret); - mbedtls_free(ctx); - return ret; -} - -static void ssl_async_cancel(mbedtls_ssl_context *ssl) -{ - ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl); - mbedtls_printf("Async cancel callback.\n"); - mbedtls_free(ctx); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, - psa_algorithm_t alg, - unsigned char *psk, - size_t psk_len) -{ - psa_status_t status; - psa_key_attributes_t key_attributes; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, psk, psk_len, slot); - if (status != PSA_SUCCESS) { - fprintf(stderr, "IMPORT\n"); - return status; - } - - return PSA_SUCCESS; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int report_cid_usage(mbedtls_ssl_context *ssl, - const char *additional_description) -{ - int ret; - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; - size_t peer_cid_len; - int cid_negotiated; - - if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } - - /* Check if the use of a CID has been negotiated */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - peer_cid, &peer_cid_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - - if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) { - if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) { - mbedtls_printf("(%s) Use of Connection ID was not offered by client.\n", - additional_description); - } - } else { - size_t idx = 0; - mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n", - additional_description); - mbedtls_printf("(%s) Peer CID (length %u Bytes): ", - additional_description, - (unsigned) peer_cid_len); - while (idx < peer_cid_len) { - mbedtls_printf("%02x ", peer_cid[idx]); - idx++; - } - mbedtls_printf("\n"); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) && \ - defined(MBEDTLS_HAVE_TIME) -static inline void put_unaligned_uint32(void *p, uint32_t x) -{ - memcpy(p, &x, sizeof(x)); -} - -/* Functions for session ticket tests */ -static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *ticket_lifetime) -{ - int ret; - unsigned char *p = start; - size_t clear_len; - ((void) p_ticket); - - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - put_unaligned_uint32(p, 7 * 24 * 3600); - *ticket_lifetime = 7 * 24 * 3600; - p += 4; - - /* Dump session state */ - if ((ret = mbedtls_ssl_session_save(session, p, end - p, - &clear_len)) != 0) { - return ret; - } - - *tlen = 4 + clear_len; - - return 0; -} - -static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len) -{ - int ret; - ((void) p_ticket); - - if ((ret = mbedtls_ssl_session_load(session, buf + 4, len - 4)) != 0) { - return ret; - } - - switch (opt.dummy_ticket % 11) { - case 1: - return MBEDTLS_ERR_SSL_INVALID_MAC; - case 2: - return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - case 3: - /* Creation time in the future. */ - session->ticket_creation_time = mbedtls_ms_time() + 1000; - break; - case 4: - /* Ticket has reached the end of lifetime. */ - session->ticket_creation_time = mbedtls_ms_time() - - (7 * 24 * 3600 * 1000 + 1000); - break; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case 5: - /* Ticket is valid, but client age is below the lower bound of the tolerance window. */ - session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; - /* Make sure the execution time does not affect the result */ - session->ticket_creation_time = mbedtls_ms_time(); - break; - - case 6: - /* Ticket is valid, but client age is beyond the upper bound of the tolerance window. */ - session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; - /* Make sure the execution time does not affect the result */ - session->ticket_creation_time = mbedtls_ms_time(); - break; - case 7: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - break; - case 8: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - break; - case 9: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - break; - case 10: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - break; -#endif - default: - break; - } - - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C && MBEDTLS_HAVE_TIME */ - -static int parse_cipher(char *buf) -{ - if (strcmp(buf, "AES-128-CCM")) { - return MBEDTLS_CIPHER_AES_128_CCM; - } else if (strcmp(buf, "AES-128-GCM")) { - return MBEDTLS_CIPHER_AES_128_GCM; - } else if (strcmp(buf, "AES-192-CCM")) { - return MBEDTLS_CIPHER_AES_192_CCM; - } else if (strcmp(buf, "AES-192-GCM")) { - return MBEDTLS_CIPHER_AES_192_GCM; - } else if (strcmp(buf, "AES-256-CCM")) { - return MBEDTLS_CIPHER_AES_256_CCM; - } else if (strcmp(buf, "ARIA-128-CCM")) { - return MBEDTLS_CIPHER_ARIA_128_CCM; - } else if (strcmp(buf, "ARIA-128-GCM")) { - return MBEDTLS_CIPHER_ARIA_128_GCM; - } else if (strcmp(buf, "ARIA-192-CCM")) { - return MBEDTLS_CIPHER_ARIA_192_CCM; - } else if (strcmp(buf, "ARIA-192-GCM")) { - return MBEDTLS_CIPHER_ARIA_192_GCM; - } else if (strcmp(buf, "ARIA-256-CCM")) { - return MBEDTLS_CIPHER_ARIA_256_CCM; - } else if (strcmp(buf, "ARIA-256-GCM")) { - return MBEDTLS_CIPHER_ARIA_256_GCM; - } else if (strcmp(buf, "CAMELLIA-128-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_128_CCM; - } else if (strcmp(buf, "CAMELLIA-192-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_192_CCM; - } else if (strcmp(buf, "CAMELLIA-256-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_256_CCM; - } else if (strcmp(buf, "CHACHA20-POLY1305")) { - return MBEDTLS_CIPHER_CHACHA20_POLY1305; - } - return MBEDTLS_CIPHER_NONE; -} - -int main(int argc, char *argv[]) -{ - int ret = 0, len, written, frags, exchanges_left; - int query_config_ret = 0; - io_ctx_t io_ctx; - unsigned char *buf = 0; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t alg = 0; - mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - unsigned char psk[MBEDTLS_PSK_MAX_LEN]; - size_t psk_len = 0; - psk_entry *psk_info = NULL; -#endif - const char *pers = "ssl_server2"; - unsigned char client_ip[16] = { 0 }; - size_t cliip_len; -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_ctx cookie_ctx; -#endif - - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - unsigned char renego_period[8] = { 0 }; -#endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint32_t flags; - mbedtls_x509_crt cacert; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; - mbedtls_x509_crt srvcert2; - mbedtls_pk_context pkey2; - mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ - mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif - int key_cert_init = 0, key_cert_init2 = 0; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - ssl_async_key_context_t ssl_async_keys; -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_context dhm; -#endif -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_context ticket_ctx; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ -#if defined(SNI_OPTION) - sni_entry *sni_info = NULL; -#endif - uint16_t group_list[GROUP_LIST_SIZE]; -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[ALPN_LIST_SIZE]; -#endif -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[MEMORY_HEAP_SIZE]; -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; - size_t cid_len = 0; - size_t cid_renego_len = 0; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len = 0; -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; -#endif - - int i; - char *p, *q; - const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif - unsigned char eap_tls_keymaterial[16]; - unsigned char eap_tls_iv[8]; - const char *eap_tls_label = "client EAP encryption"; - eap_tls_keys eap_tls_keying; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp"; - dtls_srtp_keys dtls_srtp_keying; - const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_UNSET - }; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#if defined(MBEDTLS_MEMORY_DEBUG) - size_t current_heap_memory, peak_heap_memory, heap_blocks; -#endif /* MBEDTLS_MEMORY_DEBUG */ -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - -#if defined(MBEDTLS_TEST_HOOKS) - test_hooks_init(); -#endif /* MBEDTLS_TEST_HOOKS */ - - /* - * Make sure memory references are valid in case we exit early. - */ - mbedtls_net_init(&client_fd); - mbedtls_net_init(&listen_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - rng_init(&rng); -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_init(&cacert); - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); - mbedtls_x509_crt_init(&srvcert2); - mbedtls_pk_init(&pkey2); -#endif -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - memset(&ssl_async_keys, 0, sizeof(ssl_async_keys)); -#endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_init(&dhm); -#endif -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_init(&ticket_ctx); -#endif -#if defined(MBEDTLS_SSL_ALPN) - memset((void *) alpn_list, 0, sizeof(alpn_list)); -#endif -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_init(&cookie_ctx); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - mbedtls_test_enable_insecure_external_rng(); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -#if !defined(_WIN32) - /* Abort cleanly on SIGTERM and SIGINT */ - signal(SIGTERM, term_handler); - signal(SIGINT, term_handler); -#endif - - opt.buffer_size = DFL_IO_BUF_LEN; - opt.server_addr = DFL_SERVER_ADDR; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.event = DFL_EVENT; - opt.response_size = DFL_RESPONSE_SIZE; - opt.nbio = DFL_NBIO; - opt.cid_enabled = DFL_CID_ENABLED; - opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO; - opt.cid_val = DFL_CID_VALUE; - opt.cid_val_renego = DFL_CID_VALUE_RENEGO; - opt.read_timeout = DFL_READ_TIMEOUT; - opt.ca_file = DFL_CA_FILE; - opt.ca_path = DFL_CA_PATH; - opt.crt_file = DFL_CRT_FILE; - opt.key_file = DFL_KEY_FILE; - opt.key_opaque = DFL_KEY_OPAQUE; - opt.key_pwd = DFL_KEY_PWD; - opt.crt_file2 = DFL_CRT_FILE2; - opt.key_file2 = DFL_KEY_FILE2; - opt.key_pwd2 = DFL_KEY_PWD2; - opt.async_operations = DFL_ASYNC_OPERATIONS; - opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1; - opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; - opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; - opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - opt.psk_opaque = DFL_PSK_OPAQUE; - opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#endif -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - opt.ca_callback = DFL_CA_CALLBACK; -#endif - opt.psk_identity = DFL_PSK_IDENTITY; - opt.psk_list = DFL_PSK_LIST; - opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif - opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - opt.renegotiation = DFL_RENEGOTIATION; - opt.allow_legacy = DFL_ALLOW_LEGACY; - opt.renegotiate = DFL_RENEGOTIATE; - opt.renego_delay = DFL_RENEGO_DELAY; - opt.renego_period = DFL_RENEGO_PERIOD; - opt.exchanges = DFL_EXCHANGES; - opt.min_version = DFL_MIN_VERSION; - opt.max_version = DFL_MAX_VERSION; - opt.allow_sha1 = DFL_SHA1; - opt.auth_mode = DFL_AUTH_MODE; - opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST; - opt.cert_req_dn_hint = DFL_CERT_REQ_DN_HINT; - opt.mfl_code = DFL_MFL_CODE; - opt.trunc_hmac = DFL_TRUNC_HMAC; - opt.tickets = DFL_TICKETS; - opt.dummy_ticket = DFL_DUMMY_TICKET; - opt.ticket_rotate = DFL_TICKET_ROTATE; - opt.ticket_timeout = DFL_TICKET_TIMEOUT; - opt.ticket_aead = DFL_TICKET_AEAD; - opt.cache_max = DFL_CACHE_MAX; -#if defined(MBEDTLS_HAVE_TIME) - opt.cache_timeout = DFL_CACHE_TIMEOUT; -#endif - opt.cache_remove = DFL_CACHE_REMOVE; - opt.sni = DFL_SNI; - opt.alpn_string = DFL_ALPN_STRING; - opt.groups = DFL_GROUPS; -#if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA; - opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE; -#endif - opt.sig_algs = DFL_SIG_ALGS; - opt.dhm_file = DFL_DHM_FILE; - opt.transport = DFL_TRANSPORT; - opt.cookies = DFL_COOKIES; - opt.anti_replay = DFL_ANTI_REPLAY; - opt.hs_to_min = DFL_HS_TO_MIN; - opt.hs_to_max = DFL_HS_TO_MAX; - opt.dtls_mtu = DFL_DTLS_MTU; - opt.dgram_packing = DFL_DGRAM_PACKING; - opt.badmac_limit = DFL_BADMAC_LIMIT; - opt.extended_ms = DFL_EXTENDED_MS; - opt.etm = DFL_ETM; - opt.serialize = DFL_SERIALIZE; - opt.context_file = DFL_CONTEXT_FILE; - opt.eap_tls = DFL_EAP_TLS; - opt.reproducible = DFL_REPRODUCIBLE; - opt.nss_keylog = DFL_NSS_KEYLOG; - opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; - opt.query_config_mode = DFL_QUERY_CONFIG_MODE; - opt.use_srtp = DFL_USE_SRTP; - opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; - opt.support_mki = DFL_SRTP_SUPPORT_MKI; - opt.key1_opaque_alg1 = DFL_KEY_OPAQUE_ALG; - opt.key1_opaque_alg2 = DFL_KEY_OPAQUE_ALG; - opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG; - opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG; - - p = q = NULL; - if (argc < 1) { -usage: - if (p != NULL && q != NULL) { - printf("unrecognized value for '%s': '%s'\n", p, q); - } else if (p != NULL && q == NULL) { - printf("unrecognized param: '%s'\n", p); - } - - mbedtls_printf("usage: ssl_client2 [param=value] [...]\n"); - mbedtls_printf(" ssl_client2 help[_theme]\n"); - mbedtls_printf("'help' lists acceptable 'param' and 'value'\n"); - mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n"); - mbedtls_printf("\n"); - - if (ret == 0) { - ret = 1; - } - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - - if (strcmp(p, "help") == 0) { - mbedtls_printf(USAGE1); - mbedtls_printf(USAGE2); - mbedtls_printf(USAGE3); - mbedtls_printf(USAGE4); - - ret = 0; - goto exit; - } - if (strcmp(p, "help_ciphersuites") == 0) { - mbedtls_printf(" acceptable ciphersuite names:\n"); - for (list = mbedtls_ssl_list_ciphersuites(); - *list != 0; - list++) { - mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); - } - - ret = 0; - goto exit; - } - - if ((q = strchr(p, '=')) == NULL) { - mbedtls_printf("param requires a value: '%s'\n", p); - p = NULL; // avoid "unrecnognized param" message - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "server_addr") == 0) { - opt.server_addr = q; - } else if (strcmp(p, "dtls") == 0) { - int t = atoi(q); - if (t == 0) { - opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM; - } else if (t == 1) { - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } else { - goto usage; - } - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "build_version") == 0) { - if (strcmp(q, "1") == 0) { - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, - MBEDTLS_VERSION_NUMBER); - goto exit; - } - } else if (strcmp(p, "nbio") == 0) { - opt.nbio = atoi(q); - if (opt.nbio < 0 || opt.nbio > 2) { - goto usage; - } - } else if (strcmp(p, "event") == 0) { - opt.event = atoi(q); - if (opt.event < 0 || opt.event > 2) { - goto usage; - } - } else if (strcmp(p, "read_timeout") == 0) { - opt.read_timeout = atoi(q); - } else if (strcmp(p, "buffer_size") == 0) { - opt.buffer_size = atoi(q); - if (opt.buffer_size < 1) { - goto usage; - } - } else if (strcmp(p, "response_size") == 0) { - opt.response_size = atoi(q); - if (opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_OUT_CONTENT_LEN) { - goto usage; - } - if (opt.buffer_size < opt.response_size) { - opt.buffer_size = opt.response_size; - } - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "ca_path") == 0) { - opt.ca_path = q; - } else if (strcmp(p, "crt_file") == 0) { - opt.crt_file = q; - } else if (strcmp(p, "key_file") == 0) { - opt.key_file = q; - } else if (strcmp(p, "key_pwd") == 0) { - opt.key_pwd = q; - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "key_opaque") == 0) { - opt.key_opaque = atoi(q); - } -#endif - else if (strcmp(p, "crt_file2") == 0) { - opt.crt_file2 = q; - } else if (strcmp(p, "key_file2") == 0) { - opt.key_file2 = q; - } else if (strcmp(p, "key_pwd2") == 0) { - opt.key_pwd2 = q; - } else if (strcmp(p, "dhm_file") == 0) { - opt.dhm_file = q; - } -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - else if (strcmp(p, "async_operations") == 0) { - opt.async_operations = q; - } else if (strcmp(p, "async_private_delay1") == 0) { - opt.async_private_delay1 = atoi(q); - } else if (strcmp(p, "async_private_delay2") == 0) { - opt.async_private_delay2 = atoi(q); - } else if (strcmp(p, "async_private_error") == 0) { - int n = atoi(q); - if (n < -SSL_ASYNC_INJECT_ERROR_MAX || - n > SSL_ASYNC_INJECT_ERROR_MAX) { - ret = 2; - goto usage; - } - opt.async_private_error = n; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - else if (strcmp(p, "cid") == 0) { - opt.cid_enabled = atoi(q); - if (opt.cid_enabled != 0 && opt.cid_enabled != 1) { - goto usage; - } - } else if (strcmp(p, "cid_renego") == 0) { - opt.cid_enabled_renego = atoi(q); - if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) { - goto usage; - } - } else if (strcmp(p, "cid_val") == 0) { - opt.cid_val = q; - } else if (strcmp(p, "cid_val_renego") == 0) { - opt.cid_val_renego = q; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if (strcmp(p, "psk") == 0) { - opt.psk = q; - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - else if (strcmp(p, "psk_opaque") == 0) { - opt.psk_opaque = atoi(q); - } else if (strcmp(p, "psk_list_opaque") == 0) { - opt.psk_list_opaque = atoi(q); - } -#endif -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - else if (strcmp(p, "ca_callback") == 0) { - opt.ca_callback = atoi(q); - } -#endif - else if (strcmp(p, "psk_identity") == 0) { - opt.psk_identity = q; - } else if (strcmp(p, "psk_list") == 0) { - opt.psk_list = q; - } else if (strcmp(p, "ecjpake_pw") == 0) { - opt.ecjpake_pw = q; - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - else if (strcmp(p, "ecjpake_pw_opaque") == 0) { - opt.ecjpake_pw_opaque = atoi(q); - } -#endif - else if (strcmp(p, "force_ciphersuite") == 0) { - opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); - - if (opt.force_ciphersuite[0] == 0) { - ret = 2; - goto usage; - } - opt.force_ciphersuite[1] = 0; - } else if (strcmp(p, "groups") == 0) { - opt.groups = q; - } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "sig_algs") == 0) { - opt.sig_algs = q; - } -#endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "max_early_data_size") == 0) { - opt.max_early_data_size = (uint32_t) atoll(q); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - else if (strcmp(p, "renegotiation") == 0) { - opt.renegotiation = (atoi(q)) ? - MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; - } else if (strcmp(p, "allow_legacy") == 0) { - switch (atoi(q)) { - case -1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; - break; - case 0: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - break; - case 1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; - break; - default: goto usage; - } - } else if (strcmp(p, "renegotiate") == 0) { - opt.renegotiate = atoi(q); - if (opt.renegotiate < 0 || opt.renegotiate > 1) { - goto usage; - } - } else if (strcmp(p, "renego_delay") == 0) { - opt.renego_delay = atoi(q); - } else if (strcmp(p, "renego_period") == 0) { -#if defined(_MSC_VER) - opt.renego_period = _strtoui64(q, NULL, 10); -#else - if (sscanf(q, "%" SCNu64, &opt.renego_period) != 1) { - goto usage; - } -#endif /* _MSC_VER */ - if (opt.renego_period < 2) { - goto usage; - } - } else if (strcmp(p, "exchanges") == 0) { - opt.exchanges = atoi(q); - if (opt.exchanges < 0) { - goto usage; - } - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(p, "tls13_kex_modes") == 0) { - if (strcmp(q, "psk") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } else if (strcmp(q, "psk_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } else if (strcmp(q, "ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else if (strcmp(q, "ephemeral_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL; - } else if (strcmp(q, "psk_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - } else if (strcmp(q, "all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; - } - /* The purpose of `psk_or_ephemeral` is to improve test coverage. That - * is not recommended in practice. - * `psk_or_ephemeral` exists in theory, we need this mode to test if - * this setting work correctly. With this key exchange setting, server - * should always perform `ephemeral` handshake. `psk` or `psk_ephemeral` - * is not expected. - */ - else if (strcmp(q, "psk_or_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else { - goto usage; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - else if (strcmp(p, "min_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "max_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "allow_sha1") == 0) { - switch (atoi(q)) { - case 0: opt.allow_sha1 = 0; break; - case 1: opt.allow_sha1 = 1; break; - default: goto usage; - } - } else if (strcmp(p, "force_version") == 0) { - if (strcmp(q, "tls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } else if (strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "auth_mode") == 0) { - if ((opt.auth_mode = get_auth_mode(q)) < 0) { - goto usage; - } - } else if (strcmp(p, "cert_req_ca_list") == 0) { - opt.cert_req_ca_list = atoi(q); - if (opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 3) { - goto usage; - } - if (opt.cert_req_ca_list > 1) { - opt.cert_req_dn_hint = opt.cert_req_ca_list; - opt.cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; - } - } else if (strcmp(p, "max_frag_len") == 0) { - if (strcmp(q, "512") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; - } else if (strcmp(q, "1024") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024; - } else if (strcmp(q, "2048") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048; - } else if (strcmp(q, "4096") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096; - } else { - goto usage; - } - } else if (strcmp(p, "alpn") == 0) { - opt.alpn_string = q; - } else if (strcmp(p, "trunc_hmac") == 0) { - switch (atoi(q)) { - case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break; - case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break; - default: goto usage; - } - } else if (strcmp(p, "extended_ms") == 0) { - switch (atoi(q)) { - case 0: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; - break; - case 1: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "etm") == 0) { - switch (atoi(q)) { - case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break; - case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break; - default: goto usage; - } - } else if (strcmp(p, "tickets") == 0) { - opt.tickets = atoi(q); - if (opt.tickets < 0) { - goto usage; - } - } else if (strcmp(p, "dummy_ticket") == 0) { - opt.dummy_ticket = atoi(q); - if (opt.dummy_ticket < 0) { - goto usage; - } - } else if (strcmp(p, "ticket_rotate") == 0) { - opt.ticket_rotate = atoi(q); - if (opt.ticket_rotate < 0 || opt.ticket_rotate > 1) { - goto usage; - } - } else if (strcmp(p, "ticket_timeout") == 0) { - opt.ticket_timeout = atoi(q); - if (opt.ticket_timeout < 0) { - goto usage; - } - } else if (strcmp(p, "ticket_aead") == 0) { - opt.ticket_aead = parse_cipher(q); - - if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) { - goto usage; - } - } else if (strcmp(p, "cache_max") == 0) { - opt.cache_max = atoi(q); - if (opt.cache_max < 0) { - goto usage; - } - } -#if defined(MBEDTLS_HAVE_TIME) - else if (strcmp(p, "cache_timeout") == 0) { - opt.cache_timeout = atoi(q); - if (opt.cache_timeout < 0) { - goto usage; - } - } -#endif - else if (strcmp(p, "cache_remove") == 0) { - opt.cache_remove = atoi(q); - if (opt.cache_remove < 0 || opt.cache_remove > 1) { - goto usage; - } - } else if (strcmp(p, "cookies") == 0) { - opt.cookies = atoi(q); - if (opt.cookies < -1 || opt.cookies > 1) { - goto usage; - } - } else if (strcmp(p, "anti_replay") == 0) { - opt.anti_replay = atoi(q); - if (opt.anti_replay < 0 || opt.anti_replay > 1) { - goto usage; - } - } else if (strcmp(p, "badmac_limit") == 0) { - opt.badmac_limit = atoi(q); - if (opt.badmac_limit < 0) { - goto usage; - } - } else if (strcmp(p, "hs_timeout") == 0) { - if ((p = strchr(q, '-')) == NULL) { - goto usage; - } - *p++ = '\0'; - opt.hs_to_min = atoi(q); - opt.hs_to_max = atoi(p); - if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) { - goto usage; - } - } else if (strcmp(p, "mtu") == 0) { - opt.dtls_mtu = atoi(q); - if (opt.dtls_mtu < 0) { - goto usage; - } - } else if (strcmp(p, "dgram_packing") == 0) { - opt.dgram_packing = atoi(q); - if (opt.dgram_packing != 0 && - opt.dgram_packing != 1) { - goto usage; - } - } else if (strcmp(p, "sni") == 0) { - opt.sni = q; - } else if (strcmp(p, "query_config") == 0) { - opt.query_config_mode = 1; - query_config_ret = query_config(q); - goto exit; - } else if (strcmp(p, "serialize") == 0) { - opt.serialize = atoi(q); - if (opt.serialize < 0 || opt.serialize > 2) { - goto usage; - } - } else if (strcmp(p, "context_file") == 0) { - opt.context_file = q; - } else if (strcmp(p, "eap_tls") == 0) { - opt.eap_tls = atoi(q); - if (opt.eap_tls < 0 || opt.eap_tls > 1) { - goto usage; - } - } else if (strcmp(p, "reproducible") == 0) { - opt.reproducible = 1; - } else if (strcmp(p, "nss_keylog") == 0) { - opt.nss_keylog = atoi(q); - if (opt.nss_keylog < 0 || opt.nss_keylog > 1) { - goto usage; - } - } else if (strcmp(p, "nss_keylog_file") == 0) { - opt.nss_keylog_file = q; - } else if (strcmp(p, "use_srtp") == 0) { - opt.use_srtp = atoi(q); - } else if (strcmp(p, "srtp_force_profile") == 0) { - opt.force_srtp_profile = atoi(q); - } else if (strcmp(p, "support_mki") == 0) { - opt.support_mki = atoi(q); - } else if (strcmp(p, "key_opaque_algs") == 0) { - if (key_opaque_alg_parse(q, &opt.key1_opaque_alg1, - &opt.key1_opaque_alg2) != 0) { - goto usage; - } - } else if (strcmp(p, "key_opaque_algs2") == 0) { - if (key_opaque_alg_parse(q, &opt.key2_opaque_alg1, - &opt.key2_opaque_alg2) != 0) { - goto usage; - } - } else { - /* This signals that the problem is with p not q */ - q = NULL; - goto usage; - } - } - /* This signals that any further erorrs are not with a single option */ - p = q = NULL; - - if (opt.nss_keylog != 0 && opt.eap_tls != 0) { - mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n"); - goto usage; - } - - /* Event-driven IO is incompatible with the above custom - * receive and send functions, as the polling builds on - * refers to the underlying net_context. */ - if (opt.event == 1 && opt.nbio != 1) { - mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n"); - opt.nbio = 1; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(opt.debug_level); -#endif - - /* buf will alternatively contain the input read from the client and the - * response that's about to be sent, plus a null byte in each case. */ - size_t buf_content_size = opt.buffer_size; - /* The default response contains the ciphersuite name. Leave enough - * room for that plus some margin. */ - if (buf_content_size < strlen(HTTP_RESPONSE) + 80) { - buf_content_size = strlen(HTTP_RESPONSE) + 80; - } - if (opt.response_size != DFL_RESPONSE_SIZE && - buf_content_size < (size_t) opt.response_size) { - buf_content_size = opt.response_size; - } - buf = mbedtls_calloc(1, buf_content_size + 1); - if (buf == NULL) { - mbedtls_printf("Could not allocate %lu bytes\n", - (unsigned long) buf_content_size + 1); - ret = 3; - goto exit; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_opaque != 0) { - if (strlen(opt.psk) == 0) { - mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); - ret = 2; - goto usage; - } - - if (opt.force_ciphersuite[0] <= 0) { - mbedtls_printf( - "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n"); - ret = 2; - goto usage; - } - } - - if (opt.psk_list_opaque != 0) { - if (opt.psk_list == NULL) { - mbedtls_printf("psk_slot set but no psk to be imported specified.\n"); - ret = 2; - goto usage; - } - - if (opt.force_ciphersuite[0] <= 0) { - mbedtls_printf( - "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n"); - ret = 2; - goto usage; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (opt.force_ciphersuite[0] > 0) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]); - - if (opt.max_version != -1 && - ciphersuite_info->min_tls_version > opt.max_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - if (opt.min_version != -1 && - ciphersuite_info->max_tls_version < opt.min_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - - /* If we select a version that's not supported by - * this suite, then there will be no common ciphersuite... */ - if (opt.max_version == -1 || - opt.max_version > ciphersuite_info->max_tls_version) { - opt.max_version = ciphersuite_info->max_tls_version; - } - if (opt.min_version < ciphersuite_info->min_tls_version) { - opt.min_version = ciphersuite_info->min_tls_version; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { - /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else -#endif /* PSA_WANT_ALG_SHA_384 */ - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (mbedtls_test_unhexify(cid, sizeof(cid), - opt.cid_val, &cid_len) != 0) { - mbedtls_printf("CID not valid hex\n"); - goto exit; - } - - /* Keep CID settings for renegotiation unless - * specified otherwise. */ - if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) { - opt.cid_enabled_renego = opt.cid_enabled; - } - if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) { - opt.cid_val_renego = opt.cid_val; - } - - if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego), - opt.cid_val_renego, &cid_renego_len) != 0) { - mbedtls_printf("CID not valid hex\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - /* - * Unhexify the pre-shared key and parse the list if any given - */ - if (mbedtls_test_unhexify(psk, sizeof(psk), - opt.psk, &psk_len) != 0) { - mbedtls_printf("pre-shared key not valid hex\n"); - goto exit; - } - - if (opt.psk_list != NULL) { - if ((psk_info = psk_parse(opt.psk_list)) == NULL) { - mbedtls_printf("psk_list invalid"); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - - if (opt.groups != NULL) { - if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) { - goto exit; - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - p = (char *) opt.sig_algs; - i = 0; - - /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */ - while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') { - q = p; - - /* Terminate the current string */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - - if (strcmp(q, "rsa_pkcs1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - } else if (strcmp(q, "ed25519") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; - } else if (strcmp(q, "ed448") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; - } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; - } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; - } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; - } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; - } else if (strcmp(q, "ecdsa_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; - } else { - ret = -1; - mbedtls_printf("unknown signature algorithm \"%s\"\n", q); - mbedtls_print_supported_sig_algs(); - goto exit; - } - } - - if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') { - mbedtls_printf("signature algorithm list too long, maximum %d", - SIG_ALG_LIST_SIZE - 1); - goto exit; - } - - sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE; - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - p = (char *) opt.alpn_string; - i = 0; - - /* Leave room for a final NULL in alpn_list */ - while (i < ALPN_LIST_SIZE - 1 && *p != '\0') { - alpn_list[i++] = p; - - /* Terminate the current string and move on to next one */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - } - } -#endif /* MBEDTLS_SSL_ALPN */ - - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER); - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - ret = rng_seed(&rng, opt.reproducible, pers); - if (ret != 0) { - goto exit; - } - mbedtls_printf(" ok\n"); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - if (strcmp(opt.ca_path, "none") == 0 || - strcmp(opt.ca_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.ca_path)) { - ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path); - } else if (strlen(opt.ca_file)) { - ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); - } else -#endif - { -#if defined(MBEDTLS_PEM_PARSE_C) - for (i = 0; mbedtls_test_cas[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse(&cacert, - (const unsigned char *) mbedtls_test_cas[i], - mbedtls_test_cas_len[i]); - if (ret != 0) { - break; - } - } -#endif /* MBEDTLS_PEM_PARSE_C */ - if (ret == 0) { - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der(&cacert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - if (ret != 0) { - break; - } - } - } - } - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1.2. Load own certificate and private key - */ - mbedtls_printf(" . Loading the server cert. and key..."); - fflush(stdout); - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.crt_file) && strcmp(opt.crt_file, "none") != 0) { - key_cert_init++; - if ((ret = mbedtls_x509_crt_parse_file(&srvcert, opt.crt_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) { - key_cert_init++; - if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, - opt.key_pwd, rng_get, &rng)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (key_cert_init == 1) { - mbedtls_printf(" failed\n ! crt_file without key_file or vice-versa\n\n"); - goto exit; - } - - if (strlen(opt.crt_file2) && strcmp(opt.crt_file2, "none") != 0) { - key_cert_init2++; - if ((ret = mbedtls_x509_crt_parse_file(&srvcert2, opt.crt_file2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) { - key_cert_init2++; - if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2, - opt.key_pwd2, rng_get, &rng)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (key_cert_init2 == 1) { - mbedtls_printf(" failed\n ! crt_file2 without key_file2 or vice-versa\n\n"); - goto exit; - } -#endif - if (key_cert_init == 0 && - strcmp(opt.crt_file, "none") != 0 && - strcmp(opt.key_file, "none") != 0 && - key_cert_init2 == 0 && - strcmp(opt.crt_file2, "none") != 0 && - strcmp(opt.key_file2, "none") != 0) { -#if defined(MBEDTLS_RSA_C) - if ((ret = mbedtls_x509_crt_parse(&srvcert, - (const unsigned char *) mbedtls_test_srv_crt_rsa, - mbedtls_test_srv_crt_rsa_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - if ((ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa, - mbedtls_test_srv_key_rsa_len, NULL, 0, - rng_get, &rng)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - key_cert_init = 2; -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) - if ((ret = mbedtls_x509_crt_parse(&srvcert2, - (const unsigned char *) mbedtls_test_srv_crt_ec, - mbedtls_test_srv_crt_ec_len)) != 0) { - mbedtls_printf(" failed\n ! x509_crt_parse2 returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - if ((ret = mbedtls_pk_parse_key(&pkey2, - (const unsigned char *) mbedtls_test_srv_key_ec, - mbedtls_test_srv_key_ec_len, NULL, 0, - rng_get, &rng)) != 0) { - mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - key_cert_init2 = 2; -#endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.key_opaque != 0) { - psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; - psa_key_usage_t psa_usage = 0; - - if (key_opaque_set_alg_usage(opt.key1_opaque_alg1, - opt.key1_opaque_alg2, - &psa_alg, &psa_alg2, - &psa_usage, - mbedtls_pk_get_type(&pkey)) == 0) { - ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot); - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "pk_wrap_as_opaque returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE; - psa_usage = 0; - - if (key_opaque_set_alg_usage(opt.key2_opaque_alg1, - opt.key2_opaque_alg2, - &psa_alg, &psa_alg2, - &psa_usage, - mbedtls_pk_get_type(&pkey2)) == 0) { - ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2); - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "mbedtls_pk_get_psa_attributes returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", - key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - mbedtls_printf(" . Loading DHM parameters..."); - fflush(stdout); - - if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif - -#if defined(SNI_OPTION) - if (opt.sni != NULL) { - mbedtls_printf(" . Setting up SNI information..."); - fflush(stdout); - - if ((sni_info = sni_parse(opt.sni)) == NULL) { - mbedtls_printf(" failed\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif /* SNI_OPTION */ - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - opt.transport, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* The default algorithms profile disables SHA-1, but our tests still - rely on it heavily. Hence we allow it here. A real-world server - should use the default profile unless there is a good reason not to. */ - if (opt.allow_sha1 > 0) { - crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1); - mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test); - mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if (opt.auth_mode != DFL_AUTH_MODE) { - mbedtls_ssl_conf_authmode(&conf, opt.auth_mode); - } - - if (opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST) { - mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (opt.early_data != DFL_EARLY_DATA) { - mbedtls_ssl_conf_early_data(&conf, opt.early_data); - } - if (opt.max_early_data_size != DFL_MAX_EARLY_DATA_SIZE) { - mbedtls_ssl_conf_max_early_data_size( - &conf, opt.max_early_data_size); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - /* exercise setting DN hints for server certificate request - * (Intended for use where the client cert expected has been signed by - * a specific CA which is an intermediate in a CA chain, not the root) */ - if (opt.cert_req_dn_hint == 2 && key_cert_init2) { - mbedtls_ssl_conf_dn_hints(&conf, &srvcert2); - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) { - mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min, opt.hs_to_max); - } - - if (opt.dgram_packing != DFL_DGRAM_PACKING) { - mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret); - goto exit; - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) { - if (opt.cid_enabled == 1 && - opt.cid_enabled_renego == 1 && - cid_len != cid_renego_len) { - mbedtls_printf("CID length must not change during renegotiation\n"); - goto usage; - } - - if (opt.cid_enabled == 1) { - ret = mbedtls_ssl_conf_cid(&conf, cid_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } else { - ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", - (unsigned int) -ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - const mbedtls_ssl_srtp_profile forced_profile[] = - { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; - if (opt.use_srtp == 1) { - if (opt.force_srtp_profile != 0) { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile); - } else { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles); - } - - if (ret != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", - ret); - goto exit; - } - - mbedtls_ssl_conf_srtp_mki_value_supported(&conf, - opt.support_mki ? - MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED : - MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED); - - } else if (opt.force_srtp_profile != 0) { - mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if (opt.extended_ms != DFL_EXTENDED_MS) { - mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms); - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (opt.etm != DFL_ETM) { - mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm); - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret); - goto exit; - } - } -#endif - - if (opt.reproducible) { -#if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: reproducible option used without constant time\n"); -#endif -#endif /* MBEDTLS_HAVE_TIME */ - } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - -#if defined(MBEDTLS_SSL_CACHE_C) - if (opt.cache_max != -1) { - mbedtls_ssl_cache_set_max_entries(&cache, opt.cache_max); - } - -#if defined(MBEDTLS_HAVE_TIME) - if (opt.cache_timeout != -1) { - mbedtls_ssl_cache_set_timeout(&cache, opt.cache_timeout); - } -#endif - - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - if (opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED) { -#if defined(MBEDTLS_HAVE_TIME) - if (opt.dummy_ticket) { - mbedtls_ssl_conf_session_tickets_cb(&conf, - dummy_ticket_write, - dummy_ticket_parse, - NULL); - } else -#endif /* MBEDTLS_HAVE_TIME */ - { - if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx, - rng_get, &rng, - opt.ticket_aead, - opt.ticket_timeout)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", - ret); - goto exit; - } - - mbedtls_ssl_conf_session_tickets_cb(&conf, - mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, - &ticket_ctx); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_new_session_tickets(&conf, opt.tickets); -#endif - /* exercise manual ticket rotation (not required for typical use) - * (used for external synchronization of session ticket encryption keys) - */ - if (opt.ticket_rotate) { - unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES]; - unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; - if ((ret = rng_get(&rng, name, sizeof(name))) != 0 || - (ret = rng_get(&rng, kbuf, sizeof(kbuf))) != 0 || - (ret = mbedtls_ssl_ticket_rotate(&ticket_ctx, - name, sizeof(name), kbuf, sizeof(kbuf), - opt.ticket_timeout)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_ticket_rotate returned %d\n\n", ret); - goto exit; - } - } - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if defined(MBEDTLS_SSL_COOKIE_C) - if (opt.cookies > 0) { - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx, - rng_get, &rng)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, - &cookie_ctx); - } else -#endif /* MBEDTLS_SSL_COOKIE_C */ -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (opt.cookies == 0) { - mbedtls_ssl_conf_dtls_cookies(&conf, NULL, NULL, NULL); - } else -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - { - ; /* Nothing to do */ - } - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (opt.anti_replay != DFL_ANTI_REPLAY) { - mbedtls_ssl_conf_dtls_anti_replay(&conf, opt.anti_replay); - } -#endif - - if (opt.badmac_limit != DFL_BADMAC_LIMIT) { - mbedtls_ssl_conf_dtls_badmac_limit(&conf, opt.badmac_limit); - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { - mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (opt.allow_legacy != DFL_ALLOW_LEGACY) { - mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy); - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); - - if (opt.renego_delay != DFL_RENEGO_DELAY) { - mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay); - } - - if (opt.renego_period != DFL_RENEGO_PERIOD) { - PUT_UINT64_BE(renego_period, opt.renego_period, 0); - mbedtls_ssl_conf_renegotiation_period(&conf, renego_period); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (strcmp(opt.ca_path, "none") != 0 && - strcmp(opt.ca_file, "none") != 0) { -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (opt.ca_callback != 0) { - mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert); - } else -#endif - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - } - if (key_cert_init) { - mbedtls_pk_context *pk = &pkey; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_delay1 >= 0) { - ret = ssl_async_set_key(&ssl_async_keys, &srvcert, pk, 0, - opt.async_private_delay1); - if (ret < 0) { - mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n", - ret); - goto exit; - } - pk = NULL; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, pk)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - } - if (key_cert_init2) { - mbedtls_pk_context *pk = &pkey2; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_delay2 >= 0) { - ret = ssl_async_set_key(&ssl_async_keys, &srvcert2, pk, 0, - opt.async_private_delay2); - if (ret < 0) { - mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n", - ret); - goto exit; - } - pk = NULL; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert2, pk)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - } - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_operations[0] != '-') { - mbedtls_ssl_async_sign_t *sign = NULL; - mbedtls_ssl_async_decrypt_t *decrypt = NULL; - const char *r; - for (r = opt.async_operations; *r; r++) { - switch (*r) { - case 'd': - decrypt = ssl_async_decrypt; - break; - case 's': - sign = ssl_async_sign; - break; - } - } - ssl_async_keys.inject_error = (opt.async_private_error < 0 ? - -opt.async_private_error : - opt.async_private_error); - ssl_async_keys.f_rng = rng_get; - ssl_async_keys.p_rng = &rng; - mbedtls_ssl_conf_async_private_cb(&conf, - sign, - decrypt, - ssl_async_resume, - ssl_async_cancel, - &ssl_async_keys); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(SNI_OPTION) - if (opt.sni != NULL) { - mbedtls_ssl_conf_sni(&conf, sni_callback, sni_info); - mbedtls_ssl_conf_cert_cb(&conf, cert_callback); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_delay2 >= 0) { - sni_entry *cur; - for (cur = sni_info; cur != NULL; cur = cur->next) { - ret = ssl_async_set_key(&ssl_async_keys, - cur->cert, cur->key, 1, - opt.async_private_delay2); - if (ret < 0) { - mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n", - ret); - goto exit; - } - cur->key = NULL; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - } -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) - if (opt.groups != NULL && - strcmp(opt.groups, "default") != 0) { - mbedtls_ssl_conf_groups(&conf, group_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - - if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_opaque != 0) { - /* The algorithm has already been determined earlier. */ - status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); - if (status != PSA_SUCCESS) { - fprintf(stderr, "SETUP FAIL\n"); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, psk_slot, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n", - ret); - goto exit; - } - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (psk_len > 0) { - ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity)); - if (ret != 0) { - mbedtls_printf(" failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } - } - } - - if (opt.psk_list != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_list_opaque != 0) { - psk_entry *cur_psk; - for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { - - status = psa_setup_psk_key_slot(&cur_psk->slot, alg, - cur_psk->key, - cur_psk->key_len); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); - } -#endif - -#if defined(MBEDTLS_DHM_C) - /* - * Use different group than default DHM group - */ -#if defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm); - } -#endif - if (ret != 0) { - mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } -#endif - - if (opt.min_version != DFL_MIN_VERSION) { - mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); - } - - if (opt.max_version != DFL_MIN_VERSION) { - mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version); - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - if (opt.eap_tls != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation, - &eap_tls_keying); - } else if (opt.nss_keylog != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, - nss_keylog_export, - NULL); - } -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation, - &dtls_srtp_keying); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - io_ctx.ssl = &ssl; - io_ctx.net = &client_fd; - mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb, - opt.nbio == 0 ? recv_timeout_cb : NULL); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled, - cid, cid_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.dtls_mtu != DFL_DTLS_MTU) { - mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu); - } -#endif - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - - mbedtls_printf(" ok\n"); - - /* - * 3. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on %s://%s:%s/ ...", - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp", - opt.server_addr ? opt.server_addr : "*", - opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - mbedtls_printf(" ok\n"); - -reset: -#if !defined(_WIN32) - if (received_sigterm) { - mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); - if (ret == MBEDTLS_ERR_NET_INVALID_CONTEXT) { - ret = 0; - } - - goto exit; - } -#endif - - if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) { - mbedtls_printf(" ! Client initiated reconnection from same port\n"); - goto handshake; - } - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - - mbedtls_ssl_session_reset(&ssl); - - /* - * 3. Wait until a client connects - */ - mbedtls_printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - client_ip, sizeof(client_ip), &cliip_len)) != 0) { -#if !defined(_WIN32) - if (received_sigterm) { - mbedtls_printf(" interrupted by SIGTERM (in net_accept())\n"); - if (ret == MBEDTLS_ERR_NET_ACCEPT_FAILED) { - ret = 0; - } - - goto exit; - } -#endif - - mbedtls_printf(" failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - if (opt.nbio > 0) { - ret = mbedtls_net_set_nonblock(&client_fd); - } else { - ret = mbedtls_net_set_block(&client_fd); - } - if (ret != 0) { - mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_client_transport_id(&ssl, - client_ip, cliip_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - status = psa_import_key(&attributes, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw), - &ecjpake_pw_slot); - if (status != PSA_SUCCESS) { - mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n", - status); - goto exit; - } - if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, - ecjpake_pw_slot)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n", - ret); - goto exit; - } - mbedtls_printf("using opaque password\n"); - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", - ret); - goto exit; - } - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - /* exercise setting DN hints for server certificate request - * (Intended for use where the client cert expected has been signed by - * a specific CA which is an intermediate in a CA chain, not the root) - * (Additionally, the CA choice would typically be influenced by SNI - * if being set per-handshake using mbedtls_ssl_set_hs_dn_hints()) */ - if (opt.cert_req_dn_hint == 3 && key_cert_init2) { - mbedtls_ssl_set_hs_dn_hints(&ssl, &srvcert2); - } -#endif -#endif - - mbedtls_printf(" ok\n"); - - /* - * 4. Handshake - */ -handshake: - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { - memset(buf, 0, opt.buffer_size); - ret = mbedtls_ssl_read_early_data(&ssl, buf, opt.buffer_size); - if (ret > 0) { - buf[ret] = '\0'; - mbedtls_printf(" %d early data bytes read\n\n%s\n", - ret, (char *) buf); - } - continue; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS && - ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL) { - mbedtls_printf(" cancelling on injected error\n"); - break; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (!mbedtls_status_is_ssl_in_progress(ret)) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - ret = idle(&client_fd, &timer, ret); -#else - ret = idle(&client_fd, ret); -#endif - if (ret != 0) { - goto reset; - } - } - } - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - mbedtls_printf(" hello verification requested\n"); - ret = 0; - goto reset; - } else if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) { - char vrfy_buf[512]; - flags = mbedtls_ssl_get_verify_result(&ssl); - - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); - } -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_error < 0) { - /* Injected error only the first time round, to test reset */ - ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE; - } -#endif - goto reset; - } else { /* ret == 0 */ - int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl); - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); - - mbedtls_printf(" ok\n [ Protocol is %s ]\n" - " [ Ciphersuite is %s ]\n" - " [ Key size is %u ]\n", - mbedtls_ssl_get_version(&ssl), - mbedtls_ssl_ciphersuite_get_name(ciphersuite_info), - (unsigned int) - mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info)); - } - - if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) { - mbedtls_printf(" [ Record expansion is %d ]\n", ret); - } else { - mbedtls_printf(" [ Record expansion is unknown ]\n"); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); - mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl)); -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl); - mbedtls_printf(" [ Application Layer Protocol is %s ]\n", - alp ? alp : "(none)"); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 5. Verify the client certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { - char vrfy_buf[512]; - - mbedtls_printf(" failed\n"); - - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - mbedtls_printf("%s\n", vrfy_buf); - } else { - mbedtls_printf(" ok\n"); - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (mbedtls_ssl_get_peer_cert(&ssl) != NULL) { - char crt_buf[512]; - - mbedtls_printf(" . Peer certificate information ...\n"); - mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ", - mbedtls_ssl_get_peer_cert(&ssl)); - mbedtls_printf("%s\n", crt_buf); - } -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if (opt.eap_tls != 0) { - size_t j = 0; - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, - eap_tls_keying.master_secret, - sizeof(eap_tls_keying.master_secret), - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_keymaterial, - sizeof(eap_tls_keymaterial))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto reset; - } - - mbedtls_printf(" EAP-TLS key material is:"); - for (j = 0; j < sizeof(eap_tls_keymaterial); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_keymaterial[j]); - } - mbedtls_printf("\n"); - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0, - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_iv, - sizeof(eap_tls_iv))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto reset; - } - - mbedtls_printf(" EAP-TLS IV is:"); - for (j = 0; j < sizeof(eap_tls_iv); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_iv[j]); - } - mbedtls_printf("\n"); - } - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - size_t j = 0; - mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; - mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result); - - if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile - == MBEDTLS_TLS_SRTP_UNSET) { - mbedtls_printf(" Unable to negotiate " - "the use of DTLS-SRTP\n"); - } else { - if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof(dtls_srtp_keying.master_secret), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof(dtls_srtp_keying.randbytes), - dtls_srtp_key_material, - sizeof(dtls_srtp_key_material))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" DTLS-SRTP key material is:"); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - /* produce a less readable output used to perform automatic checks - * - compare client and server output - * - interop test with openssl which client produces this kind of output - */ - mbedtls_printf(" Keying material: "); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - mbedtls_printf("%02X", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - if (dtls_srtp_negotiation_result.mki_len > 0) { - mbedtls_printf(" DTLS-SRTP mki value: "); - for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) { - mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]); - } - } else { - mbedtls_printf(" DTLS-SRTP no mki value negotiated"); - } - mbedtls_printf("\n"); - - } - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "initial handshake"); - if (ret != 0) { - goto exit; - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego, - cid_renego, cid_renego_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_cur_get(¤t_heap_memory, &heap_blocks); - mbedtls_memory_buffer_alloc_max_get(&peak_heap_memory, &heap_blocks); - mbedtls_printf("Heap memory usage after handshake: %lu bytes. Peak memory usage was %lu\n", - (unsigned long) current_heap_memory, (unsigned long) peak_heap_memory); -#endif /* MBEDTLS_MEMORY_DEBUG */ - - if (opt.exchanges == 0) { - goto close_notify; - } - - exchanges_left = opt.exchanges; -data_exchange: - /* - * 6. Read the HTTP Request - */ - mbedtls_printf(" < Read from client:"); - fflush(stdout); - - /* - * TLS and DTLS need different reading styles (stream vs datagram) - */ - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - do { - int terminated = 0; - len = opt.buffer_size; - memset(buf, 0, opt.buffer_size); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (mbedtls_status_is_ssl_in_progress(ret)) { - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - goto close_notify; - - case 0: - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" connection was reset by peer\n"); - ret = MBEDTLS_ERR_NET_CONN_RESET; - goto reset; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - goto reset; - } - } - - if (mbedtls_ssl_get_bytes_avail(&ssl) == 0) { - len = ret; - buf[len] = '\0'; - mbedtls_printf(" %d bytes read\n\n%s\n", len, (char *) buf); - - /* End of message should be detected according to the syntax of the - * application protocol (eg HTTP), just use a dummy test here. */ - if (buf[len - 1] == '\n') { - terminated = 1; - } - } else { - int extra_len, ori_len; - unsigned char *larger_buf; - - ori_len = ret; - extra_len = (int) mbedtls_ssl_get_bytes_avail(&ssl); - - larger_buf = mbedtls_calloc(1, ori_len + extra_len + 1); - if (larger_buf == NULL) { - mbedtls_printf(" ! memory allocation failed\n"); - ret = 1; - goto reset; - } - - memset(larger_buf, 0, ori_len + extra_len); - memcpy(larger_buf, buf, ori_len); - - /* This read should never fail and get the whole cached data */ - ret = mbedtls_ssl_read(&ssl, larger_buf + ori_len, extra_len); - if (ret != extra_len || - mbedtls_ssl_get_bytes_avail(&ssl) != 0) { - mbedtls_printf(" ! mbedtls_ssl_read failed on cached data\n"); - ret = 1; - goto reset; - } - - larger_buf[ori_len + extra_len] = '\0'; - mbedtls_printf(" %d bytes read (%d + %d)\n\n%s\n", - ori_len + extra_len, ori_len, extra_len, - (char *) larger_buf); - - /* End of message should be detected according to the syntax of the - * application protocol (eg HTTP), just use a dummy test here. */ - if (larger_buf[ori_len + extra_len - 1] == '\n') { - terminated = 1; - } - - mbedtls_free(larger_buf); - } - - if (terminated) { - ret = 0; - break; - } - } while (1); - } else { /* Not stream, so datagram */ - len = opt.buffer_size; - memset(buf, 0, opt.buffer_size); - - do { - /* Without the call to `mbedtls_ssl_check_pending`, it might - * happen that the client sends application data in the same - * datagram as the Finished message concluding the handshake. - * In this case, the application data would be ready to be - * processed while the underlying transport wouldn't signal - * any further incoming data. - * - * See the test 'Event-driven I/O: session-id resume, UDP packing' - * in tests/ssl-opt.sh. - */ - - /* For event-driven IO, wait for socket to become available */ - if (mbedtls_ssl_check_pending(&ssl) == 0 && - opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ); -#else - idle(&client_fd, MBEDTLS_ERR_SSL_WANT_READ); -#endif - } - - ret = mbedtls_ssl_read(&ssl, buf, len); - - /* Note that even if `mbedtls_ssl_check_pending` returns true, - * it can happen that the subsequent call to `mbedtls_ssl_read` - * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages - * might be discarded (e.g. because they are retransmissions). */ - } while (mbedtls_status_is_ssl_in_progress(ret)); - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - goto close_notify; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - goto reset; - } - } - - len = ret; - buf[len] = '\0'; - mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf); - ret = 0; - } - - /* - * 7a. Request renegotiation while client is waiting for input from us. - * (only on the first exchange, to be able to test retransmission) - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (opt.renegotiate && exchanges_left == opt.exchanges) { - mbedtls_printf(" . Requestion renegotiation..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) { - if (!mbedtls_status_is_ssl_in_progress(ret)) { - mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret); - goto reset; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - } - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "after renegotiation"); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * 7. Write the 200 Response - */ - mbedtls_printf(" > Write to client:"); - fflush(stdout); - - /* If the format of the response changes, make sure there is enough - * room in buf (buf_content_size calculation above). */ - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - /* Add padding to the response to reach opt.response_size in length */ - if (opt.response_size != DFL_RESPONSE_SIZE && - len < opt.response_size) { - memset(buf + len, 'B', opt.response_size - len); - len += opt.response_size - len; - } - - /* Truncate if response size is smaller than the "natural" size */ - if (opt.response_size != DFL_RESPONSE_SIZE && - len > opt.response_size) { - len = opt.response_size; - - /* Still end with \r\n unless that's really not possible */ - if (len >= 2) { - buf[len - 2] = '\r'; - } - if (len >= 1) { - buf[len - 1] = '\n'; - } - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - for (written = 0, frags = 0; written < len; written += ret, frags++) { - while ((ret = mbedtls_ssl_write(&ssl, buf + written, len - written)) - <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" failed\n ! peer closed the connection\n\n"); - goto reset; - } - - if (!mbedtls_status_is_ssl_in_progress(ret)) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto reset; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - } - } - } else { /* Not stream, so datagram */ - while (1) { - ret = mbedtls_ssl_write(&ssl, buf, len); - - if (!mbedtls_status_is_ssl_in_progress(ret)) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - } - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto reset; - } - - frags = 1; - written = ret; - } - - buf[written] = '\0'; - mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf); - ret = 0; - - /* - * 7b. Simulate serialize/deserialize and go back to data exchange - */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (opt.serialize != 0) { - size_t buf_len; - - mbedtls_printf(" . Serializing live connection..."); - - ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) { - mbedtls_printf(" failed\n ! Couldn't allocate buffer for " - "serialized context"); - - goto exit; - } - context_buf_len = buf_len; - - if ((ret = mbedtls_ssl_context_save(&ssl, context_buf, - buf_len, &buf_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* Save serialized context to the 'opt.context_file' as a base64 code */ - if (0 < strlen(opt.context_file)) { - FILE *b64_file; - uint8_t *b64_buf; - size_t b64_len; - - mbedtls_printf(" . Save serialized context to a file... "); - - mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); - - if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) { - mbedtls_printf("failed\n ! Couldn't allocate buffer for " - "the base64 code\n"); - goto exit; - } - - if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len, - context_buf, buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_base64_encode returned " - "-0x%x\n", (unsigned int) -ret); - mbedtls_free(b64_buf); - goto exit; - } - - if ((b64_file = fopen(opt.context_file, "w")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n", - opt.context_file); - mbedtls_free(b64_buf); - goto exit; - } - - if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) { - mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n", - (long) b64_len); - mbedtls_free(b64_buf); - fclose(b64_file); - goto exit; - } - - mbedtls_free(b64_buf); - fclose(b64_file); - - mbedtls_printf("ok\n"); - } - - /* - * This simulates a workflow where you have a long-lived server - * instance, potentially with a pool of ssl_context objects, and you - * just want to re-use one while the connection is inactive: in that - * case you can just reset() it, and then it's ready to receive - * serialized data from another connection (or the same here). - */ - if (opt.serialize == 1) { - /* nothing to do here, done by context_save() already */ - mbedtls_printf(" . Context has been reset... ok\n"); - } - - /* - * This simulates a workflow where you have one server instance per - * connection, and want to release it entire when the connection is - * inactive, and spawn it again when needed again - this would happen - * between ssl_free() and ssl_init() below, together with any other - * teardown/startup code needed - for example, preparing the - * ssl_config again (see section 3 "setup stuff" in this file). - */ - if (opt.serialize == 2) { - mbedtls_printf(" . Freeing and reinitializing context..."); - - mbedtls_ssl_free(&ssl); - - mbedtls_ssl_init(&ssl); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned " - "-0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - /* - * This illustrates the minimum amount of things you need to set - * up, however you could set up much more if desired, for example - * if you want to share your set up code between the case of - * establishing a new connection and this case. - */ - if (opt.nbio == 2) { - mbedtls_ssl_set_bio(&ssl, &client_fd, delayed_send, - delayed_recv, NULL); - } else { - mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, - mbedtls_net_recv, - opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL); - } - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif /* MBEDTLS_TIMING_C */ - - mbedtls_printf(" ok\n"); - } - - mbedtls_printf(" . Deserializing connection..."); - - if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, - buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_free(context_buf); - context_buf = NULL; - context_buf_len = 0; - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - - /* - * 7c. Continue doing data exchanges? - */ - if (--exchanges_left > 0) { - goto data_exchange; - } - - /* - * 8. Done, cleanly close the connection - */ -close_notify: - mbedtls_printf(" . Closing the connection..."); - - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - - mbedtls_printf(" done\n"); - -#if defined(MBEDTLS_SSL_CACHE_C) - if (opt.cache_remove > 0) { - mbedtls_ssl_cache_remove(&cache, ssl.session->id, ssl.session->id_len); - } -#endif - - goto reset; - - /* - * Cleanup and exit - */ -exit: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf); - } -#endif - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_printf(" . Cleaning up..."); - fflush(stdout); - } - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_free(&ticket_ctx); -#endif -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_free(&cookie_ctx); -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_platform_zeroize(context_buf, context_buf_len); - } - mbedtls_free(context_buf); -#endif - -#if defined(SNI_OPTION) - sni_free(sni_info); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - ret = psk_free(psk_info); - if ((ret != 0) && (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) { - mbedtls_printf("Failed to list of opaque PSKs - error was %d\n", ret); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_free(&cacert); - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_x509_crt_free(&srvcert2); - mbedtls_pk_free(&pkey2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(key_slot); - psa_destroy_key(key_slot2); -#endif -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_free(&dhm); -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { - if (ssl_async_keys.slots[i].pk_owned) { - mbedtls_pk_free(ssl_async_keys.slots[i].pk); - mbedtls_free(ssl_async_keys.slots[i].pk); - ssl_async_keys.slots[i].pk = NULL; - } - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - if (opt.psk_opaque != 0) { - /* This is ok even if the slot hasn't been - * initialized (we might have jumed here - * immediately because of bad cmd line params, - * for example). */ - status = psa_destroy_key(psk_slot); - if ((status != PSA_SUCCESS) && - (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) { - mbedtls_printf("Failed to destroy key slot %u - error was %d", - (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psk_slot), - (int) status); - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) - /* - * In case opaque keys it's the user responsibility to keep the key valid - * for the duration of the handshake and destroy it at the end - */ - if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) { - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* Verify that the key is still valid before destroying it */ - if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) != - PSA_SUCCESS) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n"); - } else { - psa_destroy_key(ecjpake_pw_slot); - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - const char *message = mbedtls_test_helper_is_psa_leaking(); - if (message) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("PSA memory leak detected: %s\n", message); - } -#endif - - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ - && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); - - mbedtls_free(buf); - -#if defined(MBEDTLS_TEST_HOOKS) - /* Let test hooks detect errors such as resource leaks. - * Don't do it in query_config mode, because some test code prints - * information to stdout and this gets mixed with the regular output. */ - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - if (test_hooks_failure_detected()) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("Test hooks detected errors.\n"); - } - } - test_hooks_free(); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - mbedtls_memory_buffer_alloc_free(); -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_printf(" done.\n"); - } - - // Shell can not handle large exit numbers -> 1 for errors - if (ret < 0) { - ret = 1; - } - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_exit(ret); - } else { - mbedtls_exit(query_config_ret); - } -} -#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c deleted file mode 100644 index 6c7eed5e5..000000000 --- a/programs/ssl/ssl_test_common_source.c +++ /dev/null @@ -1,377 +0,0 @@ -/* - * Common source code for SSL test programs. This file is included by - * both ssl_client2.c and ssl_server2.c and is intended for source - * code that is textually identical in both programs, but that cannot be - * compiled separately because it refers to types or macros that are - * different in the two programs, or because it would have an incomplete - * type. - * - * This file is meant to be #include'd and cannot be compiled separately. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -static void eap_tls_key_derivation(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) -{ - eap_tls_keys *keys = (eap_tls_keys *) p_expkey; - - /* We're only interested in the TLS 1.2 master secret */ - if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { - return; - } - if (secret_len != sizeof(keys->master_secret)) { - return; - } - - memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); - memcpy(keys->randbytes, client_random, 32); - memcpy(keys->randbytes + 32, server_random, 32); - keys->tls_prf_type = tls_prf_type; -} - -static void nss_keylog_export(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) -{ - char nss_keylog_line[200]; - size_t const client_random_len = 32; - size_t len = 0; - size_t j; - - /* We're only interested in the TLS 1.2 master secret */ - if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { - return; - } - - ((void) p_expkey); - ((void) server_random); - ((void) tls_prf_type); - - len += sprintf(nss_keylog_line + len, - "%s", "CLIENT_RANDOM "); - - for (j = 0; j < client_random_len; j++) { - len += sprintf(nss_keylog_line + len, - "%02x", client_random[j]); - } - - len += sprintf(nss_keylog_line + len, " "); - - for (j = 0; j < secret_len; j++) { - len += sprintf(nss_keylog_line + len, - "%02x", secret[j]); - } - - len += sprintf(nss_keylog_line + len, "\n"); - nss_keylog_line[len] = '\0'; - - mbedtls_printf("\n"); - mbedtls_printf("---------------- NSS KEYLOG -----------------\n"); - mbedtls_printf("%s", nss_keylog_line); - mbedtls_printf("---------------------------------------------\n"); - - if (opt.nss_keylog_file != NULL) { - FILE *f; - - if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) { - goto exit; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be - * wiped. */ - mbedtls_setbuf(f, NULL); - - if (fwrite(nss_keylog_line, 1, len, f) != len) { - fclose(f); - goto exit; - } - - fclose(f); - } - -exit: - mbedtls_platform_zeroize(nss_keylog_line, - sizeof(nss_keylog_line)); -} - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -static void dtls_srtp_key_derivation(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) -{ - dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; - - /* We're only interested in the TLS 1.2 master secret */ - if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { - return; - } - if (secret_len != sizeof(keys->master_secret)) { - return; - } - - memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); - memcpy(keys->randbytes, client_random, 32); - memcpy(keys->randbytes + 32, server_random, 32); - keys->tls_prf_type = tls_prf_type; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -static int ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char const *buf, size_t len) -{ - int my_ret = 0, ret_cr1, ret_cr2; - unsigned char *tmp_buf; - - /* Record checking may modify the input buffer, - * so make a copy. */ - tmp_buf = mbedtls_calloc(1, len); - if (tmp_buf == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(tmp_buf, buf, len); - - ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len); - if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) { - /* Test-only: Make sure that mbedtls_ssl_check_record() - * doesn't alter state. */ - memcpy(tmp_buf, buf, len); /* Restore buffer */ - ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len); - if (ret_cr2 != ret_cr1) { - mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n"); - my_ret = -1; - goto cleanup; - } - - switch (ret_cr1) { - case 0: - break; - - case MBEDTLS_ERR_SSL_INVALID_RECORD: - if (opt.debug_level > 1) { - mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n"); - } - break; - - case MBEDTLS_ERR_SSL_INVALID_MAC: - if (opt.debug_level > 1) { - mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n"); - } - break; - - case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: - if (opt.debug_level > 1) { - mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n"); - } - break; - - default: - mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n", - (unsigned int) -ret_cr1); - my_ret = -1; - goto cleanup; - } - - /* Regardless of the outcome, forward the record to the stack. */ - } - -cleanup: - mbedtls_free(tmp_buf); - - return my_ret; -} - -static int recv_cb(void *ctx, unsigned char *buf, size_t len) -{ - io_ctx_t *io_ctx = (io_ctx_t *) ctx; - size_t recv_len; - int ret; - - if (opt.nbio == 2) { - ret = delayed_recv(io_ctx->net, buf, len); - } else { - ret = mbedtls_net_recv(io_ctx->net, buf, len); - } - if (ret < 0) { - return ret; - } - recv_len = (size_t) ret; - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Here's the place to do any datagram/record checking - * in between receiving the packet from the underlying - * transport and passing it on to the TLS stack. */ - if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { - return -1; - } - } - - return (int) recv_len; -} - -static int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - io_ctx_t *io_ctx = (io_ctx_t *) ctx; - int ret; - size_t recv_len; - - ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout); - if (ret < 0) { - return ret; - } - recv_len = (size_t) ret; - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Here's the place to do any datagram/record checking - * in between receiving the packet from the underlying - * transport and passing it on to the TLS stack. */ - if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { - return -1; - } - } - - return (int) recv_len; -} - -static int send_cb(void *ctx, unsigned char const *buf, size_t len) -{ - io_ctx_t *io_ctx = (io_ctx_t *) ctx; - - if (opt.nbio == 2) { - return delayed_send(io_ctx->net, buf, len); - } - - return mbedtls_net_send(io_ctx->net, buf, len); -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(PSA_HAVE_ALG_SOME_ECDSA) && defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* - * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate - * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if - * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message. As Mbed TLS 1.2 does not - * support them, the handshake fails. - */ -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ - ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ - (0x800 | hash), -#else -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ - ((hash << 8) | MBEDTLS_SSL_SIG_RSA), -#endif -#elif defined(PSA_HAVE_ALG_SOME_ECDSA) -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), -#elif defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* See above */ -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ - (0x800 | hash), -#else -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), -#endif -#else -#define MBEDTLS_SSL_SIG_ALG(hash) -#endif - -uint16_t ssl_sig_algs_for_test[] = { -#if defined(PSA_WANT_ALG_SHA_512) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512) -#endif -#if defined(PSA_WANT_ALG_SHA_384) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384) -#endif -#if defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256) -#endif -#if defined(PSA_WANT_ALG_SHA_224) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224) -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - /* Allow SHA-1 as we use it extensively in tests. */ - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) -#endif - MBEDTLS_TLS1_3_SIG_NONE -}; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function - * for more info. - */ -static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags) -{ -#if !defined(MBEDTLS_X509_REMOVE_INFO) - return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); - -#else /* !MBEDTLS_X509_REMOVE_INFO */ - int ret; - char *p = buf; - size_t n = size; - -#define X509_CRT_ERROR_INFO(err, err_str, info) \ - if ((flags & err) != 0) \ - { \ - ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - flags ^= err; \ - } - - MBEDTLS_X509_CRT_ERROR_INFO_LIST -#undef X509_CRT_ERROR_INFO - - if (flags != 0) { - ret = mbedtls_snprintf(p, n, "%sUnknown reason " - "(this should not happen)\n", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -#endif /* MBEDTLS_X509_REMOVE_INFO */ -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static void mbedtls_print_supported_sig_algs(void) -{ - mbedtls_printf("supported signature algorithms:\n"); - mbedtls_printf("\trsa_pkcs1_sha256 "); - mbedtls_printf("rsa_pkcs1_sha384 "); - mbedtls_printf("rsa_pkcs1_sha512\n"); - mbedtls_printf("\tecdsa_secp256r1_sha256 "); - mbedtls_printf("ecdsa_secp384r1_sha384 "); - mbedtls_printf("ecdsa_secp521r1_sha512\n"); - mbedtls_printf("\trsa_pss_rsae_sha256 "); - mbedtls_printf("rsa_pss_rsae_sha384 "); - mbedtls_printf("rsa_pss_rsae_sha512\n"); - mbedtls_printf("\trsa_pss_pss_sha256 "); - mbedtls_printf("rsa_pss_pss_sha384 "); - mbedtls_printf("rsa_pss_pss_sha512\n"); - mbedtls_printf("\ted25519 "); - mbedtls_printf("ed448 "); - mbedtls_printf("rsa_pkcs1_sha1 "); - mbedtls_printf("ecdsa_sha1\n"); - mbedtls_printf("\n"); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c deleted file mode 100644 index 2aa2d8884..000000000 --- a/programs/ssl/ssl_test_lib.c +++ /dev/null @@ -1,648 +0,0 @@ -/* - * Common code library for SSL test programs. - * - * In addition to the functions in this file, there is shared source code - * that cannot be compiled separately in "ssl_test_common_source.c". - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "ssl_test_lib.h" - -#if defined(MBEDTLS_TEST_HOOKS) -#include "test/threading_helpers.h" -#endif - -#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) - -#define ARRAY_LENGTH(x) (sizeof(x)/sizeof(x[0])) - -void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - const char *p, *basename; - - /* Extract basename from file */ - for (p = basename = file; *p != '\0'; p++) { - if (*p == '/' || *p == '\\') { - basename = p + 1; - } - } - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s", - basename, line, level, str); - fflush((FILE *) ctx); -} - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -static int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - int ret; - (void) data; - - ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} -#endif - -void rng_init(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - psa_crypto_init(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_init(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_init(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_init(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - -int rng_seed(rng_context_t *rng, int reproducible, const char *pers) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (reproducible) { - mbedtls_fprintf(stderr, - "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n"); - return -1; - } -#endif -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - /* The PSA crypto RNG does its own seeding. */ - (void) rng; - (void) pers; - if (reproducible) { - mbedtls_fprintf(stderr, - "The PSA RNG does not support reproducible mode.\n"); - return -1; - } - return 0; -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - int (*f_entropy)(void *, unsigned char *, size_t) = - (reproducible ? dummy_entropy : mbedtls_entropy_func); - - if (reproducible) { - srand(1); - } - -#if defined(MBEDTLS_CTR_DRBG_C) - int ret = mbedtls_ctr_drbg_seed(&rng->drbg, - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#elif defined(MBEDTLS_HMAC_DRBG_C) -#if defined(PSA_WANT_ALG_SHA_256) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256; -#elif defined(PSA_WANT_ALG_SHA_512) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512; -#else -#error "No message digest available for HMAC_DRBG" -#endif - int ret = mbedtls_hmac_drbg_seed(&rng->drbg, - mbedtls_md_info_from_type(md_type), - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ -#error "No DRBG available" -#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret); - return ret; - } -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - - return 0; -} - -void rng_free(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs. - * This is ok because none of our applications try to do any crypto after - * deinitializing the RNG. */ - mbedtls_psa_crypto_free(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_free(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_free(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_free(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - -int rng_get(void *p_rng, unsigned char *output, size_t output_len) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) p_rng; - return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, - output, output_len); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - rng_context_t *rng = p_rng; - -#if defined(MBEDTLS_CTR_DRBG_C) - return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len); -#elif defined(MBEDTLS_HMAC_DRBG_C) - return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len); -#else -#error "No DRBG available" -#endif - -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - -int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) -{ - char *separator; - if ((separator = strchr(arg, ',')) == NULL) { - return 1; - } - *separator = '\0'; - - *alg1 = arg; - *alg2 = separator + 1; - - if (strcmp(*alg1, "rsa-sign-pkcs1") != 0 && - strcmp(*alg1, "rsa-sign-pss") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg1, "rsa-decrypt") != 0 && - strcmp(*alg1, "ecdsa-sign") != 0 && - strcmp(*alg1, "ecdh") != 0) { - return 1; - } - - if (strcmp(*alg2, "rsa-sign-pkcs1") != 0 && - strcmp(*alg2, "rsa-sign-pss") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg2, "rsa-decrypt") != 0 && - strcmp(*alg2, "ecdsa-sign") != 0 && - strcmp(*alg2, "ecdh") != 0 && - strcmp(*alg2, "none") != 0) { - return 1; - } - - return 0; -} - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int key_opaque_set_alg_usage(const char *alg1, const char *alg2, - psa_algorithm_t *psa_alg1, - psa_algorithm_t *psa_alg2, - psa_key_usage_t *usage, - mbedtls_pk_type_t key_type) -{ - if (strcmp(alg1, "none") != 0) { - const char *algs[] = { alg1, alg2 }; - psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 }; - - for (int i = 0; i < 2; i++) { - if (strcmp(algs[i], "rsa-sign-pkcs1") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss-sha256") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss-sha384") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_384); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-decrypt") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage |= PSA_KEY_USAGE_DECRYPT; - } else if (strcmp(algs[i], "ecdsa-sign") == 0) { - *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "ecdh") == 0) { - *psa_algs[i] = PSA_ALG_ECDH; - *usage |= PSA_KEY_USAGE_DERIVE; - } else if (strcmp(algs[i], "none") == 0) { - *psa_algs[i] = PSA_ALG_NONE; - } - } - } else { - if (key_type == MBEDTLS_PK_ECKEY) { - *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); - *psa_alg2 = PSA_ALG_ECDH; - *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; - } else if (key_type == MBEDTLS_PK_RSA) { - *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH); - *psa_alg2 = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH); - *usage = PSA_KEY_USAGE_SIGN_HASH; - } else { - return 1; - } - } - - return 0; -} - -#if defined(MBEDTLS_PK_C) -int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, - psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id) -{ - int ret; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr); - if (ret != 0) { - return ret; - } - psa_set_key_usage_flags(&key_attr, psa_usage); - psa_set_key_algorithm(&key_attr, psa_alg); - if (psa_alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&key_attr, psa_alg2); - } - ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id); - if (ret != 0) { - return ret; - } - mbedtls_pk_free(pk); - mbedtls_pk_init(pk); - ret = mbedtls_pk_setup_opaque(pk, *key_id); - if (ret != 0) { - return ret; - } - - return 0; -} -#endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) -{ - int ret = 0; - mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - mbedtls_x509_crt *first; - - /* This is a test-only implementation of the CA callback - * which always returns the entire list of trusted certificates. - * Production implementations managing a large number of CAs - * should use an efficient presentation and lookup for the - * set of trusted certificates (such as a hashtable) and only - * return those trusted certificates which satisfy basic - * parental checks, such as the matching of child `Issuer` - * and parent `Subject` field or matching key identifiers. */ - ((void) child); - - first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (first == NULL) { - ret = -1; - goto exit; - } - mbedtls_x509_crt_init(first); - - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - - while (ca->next != NULL) { - ca = ca->next; - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - } - -exit: - - if (ret != 0) { - mbedtls_x509_crt_free(first); - mbedtls_free(first); - first = NULL; - } - - *candidates = first; - return ret; -} -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -int delayed_recv(void *ctx, unsigned char *buf, size_t len) -{ - static int first_try = 1; - int ret; - - if (first_try) { - first_try = 0; - return MBEDTLS_ERR_SSL_WANT_READ; - } - - ret = mbedtls_net_recv(ctx, buf, len); - if (ret != MBEDTLS_ERR_SSL_WANT_READ) { - first_try = 1; /* Next call will be a new operation */ - } - return ret; -} - -int delayed_send(void *ctx, const unsigned char *buf, size_t len) -{ - static int first_try = 1; - int ret; - - if (first_try) { - first_try = 0; - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - ret = mbedtls_net_send(ctx, buf, len); - if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - first_try = 1; /* Next call will be a new operation */ - } - return ret; -} - -#if !defined(MBEDTLS_TIMING_C) -int idle(mbedtls_net_context *fd, - int idle_reason) -#else -int idle(mbedtls_net_context *fd, - mbedtls_timing_delay_context *timer, - int idle_reason) -#endif -{ - int ret; - int poll_type = 0; - - if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) { - poll_type = MBEDTLS_NET_POLL_WRITE; - } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) { - poll_type = MBEDTLS_NET_POLL_READ; - } -#if !defined(MBEDTLS_TIMING_C) - else { - return 0; - } -#endif - - while (1) { - /* Check if timer has expired */ -#if defined(MBEDTLS_TIMING_C) - if (timer != NULL && - mbedtls_timing_get_delay(timer) == 2) { - break; - } -#endif /* MBEDTLS_TIMING_C */ - - /* Check if underlying transport became available */ - if (poll_type != 0) { - ret = mbedtls_net_poll(fd, poll_type, 0); - if (ret < 0) { - return ret; - } - if (ret == poll_type) { - break; - } - } - } - - return 0; -} - -#if defined(MBEDTLS_TEST_HOOKS) - -void test_hooks_init(void) -{ - mbedtls_test_info_reset(); - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif -} - -int test_hooks_failure_detected(void) -{ -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - /* Errors are reported via mbedtls_test_info. */ - mbedtls_test_mutex_usage_check(); -#endif - - if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) { - return 1; - } - return 0; -} - -void test_hooks_free(void) -{ -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_end(); -#endif -} - -#endif /* MBEDTLS_TEST_HOOKS */ - -static const struct { - uint16_t tls_id; - const char *name; - uint8_t is_supported; -} tls_id_group_name_table[] = -{ -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 }, -#endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) -#if defined(PSA_WANT_DH_RFC7919_2048) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 }, -#else /* PSA_WANT_DH_RFC7919_2048 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 }, -#endif /* PSA_WANT_DH_RFC7919_2048 */ -#if defined(PSA_WANT_DH_RFC7919_3072) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 }, -#else /* PSA_WANT_DH_RFC7919_3072 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 }, -#endif /* PSA_WANT_DH_RFC7919_3072 */ -#if defined(PSA_WANT_DH_RFC7919_4096) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 }, -#else /* PSA_WANT_DH_RFC7919_4096 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 }, -#endif /* PSA_WANT_DH_RFC7919_4096 */ -#if defined(PSA_WANT_DH_RFC7919_6144) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 }, -#else /* PSA_WANT_DH_RFC7919_6144 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 }, -#endif /* PSA_WANT_DH_RFC7919_6144 */ -#if defined(PSA_WANT_DH_RFC7919_8192) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 }, -#else /* PSA_WANT_DH_RFC7919_8192 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 }, -#endif /* PSA_WANT_DH_RFC7919_8192 */ -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ - { 0, NULL, 0 }, -}; - -static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) -{ - if (name == NULL) { - return 0; - } - - for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { - if (strcmp(tls_id_group_name_table[i].name, name) == 0) { - return tls_id_group_name_table[i].tls_id; - } - } - - return 0; -} - -static void mbedtls_ssl_print_supported_groups_list(void) -{ - for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { - if (tls_id_group_name_table[i].is_supported == 1) { - mbedtls_printf("%s ", tls_id_group_name_table[i].name); - } - } -} - -int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len) -{ - char *p = (char *) groups; - char *q = NULL; - size_t i = 0; - - if (strcmp(p, "none") == 0) { - group_list[0] = 0; - } else if (strcmp(p, "default") != 0) { - /* Leave room for a final NULL in group list */ - while (i < group_list_len - 1 && *p != '\0') { - uint16_t curve_tls_id; - q = p; - - /* Terminate the current string */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - - if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { - group_list[i++] = curve_tls_id; - } else { - mbedtls_printf("unknown group %s\n", q); - mbedtls_printf("supported groups: "); - mbedtls_ssl_print_supported_groups_list(); - mbedtls_printf("\n"); - return -1; - } - } - - mbedtls_printf("Number of groups: %u\n", (unsigned int) i); - - if (i == group_list_len - 1 && *p != '\0') { - mbedtls_printf("groups list too long, maximum %u", - (unsigned int) (group_list_len - 1)); - return -1; - } - - group_list[i] = 0; - } - - return 0; -} - -#endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h deleted file mode 100644 index a8387d719..000000000 --- a/programs/ssl/ssl_test_lib.h +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Common code for SSL test programs - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H -#define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -#include "mbedtls/md.h" - -#undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)) -#define HAVE_RNG -#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#define HAVE_RNG -#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \ - (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) -#define HAVE_RNG -#endif - -#if !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_SSL_TLS_C) -#define MBEDTLS_SSL_TEST_IMPOSSIBLE \ - "MBEDTLS_NET_C and/or " \ - "MBEDTLS_SSL_TLS_C not defined." -#elif !defined(HAVE_RNG) -#define MBEDTLS_SSL_TEST_IMPOSSIBLE \ - "No random generator is available.\n" -#else -#undef MBEDTLS_SSL_TEST_IMPOSSIBLE - -#undef HAVE_RNG - -#include -#include -#include - -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/error.h" -#include "mbedtls/debug.h" -#include "mbedtls/timing.h" -#include "mbedtls/base64.h" -#include "test/certs.h" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#include - -#include "../test/query_config.h" - -#define ALPN_LIST_SIZE 10 -#define GROUP_LIST_SIZE 25 -#define SIG_ALG_LIST_SIZE 5 - -typedef struct eap_tls_keys { - unsigned char master_secret[48]; - unsigned char randbytes[64]; - mbedtls_tls_prf_types tls_prf_type; -} eap_tls_keys; - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - -/* Supported SRTP mode needs a maximum of : - * - 16 bytes for key (AES-128) - * - 14 bytes SALT - * One for sender, one for receiver context - */ -#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 - -typedef struct dtls_srtp_keys { - unsigned char master_secret[48]; - unsigned char randbytes[64]; - mbedtls_tls_prf_types tls_prf_type; -} dtls_srtp_keys; - -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -typedef struct { - mbedtls_ssl_context *ssl; - mbedtls_net_context *net; -} io_ctx_t; - -void my_debug(void *ctx, int level, - const char *file, int line, - const char *str); - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use - * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. - * - * The constraints are: - * - Without the entropy module, the PSA RNG is the only option. - * - Without at least one of the DRBG modules, the PSA RNG is the only option. - * - The PSA RNG does not support explicit seeding, so it is incompatible with - * the reproducible mode used by test programs. - * - For good overall test coverage, there should be at least one configuration - * where the test programs use the PSA RNG while the PSA RNG is itself based - * on entropy+DRBG, and at least one configuration where the test programs - * do not use the PSA RNG even though it's there. - * - * A simple choice that meets the constraints is to use the PSA RNG whenever - * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the - * choice to use the PSA RNG in the test programs and the choice to use - * PSA crypto when TLS code needs crypto have to be tied together, but it - * happens to be a good match. It's also a good match from an application - * perspective: either PSA is preferred for TLS (both for crypto and for - * random generation) or it isn't. - */ -#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG -#endif - -/** A context for random number generation (RNG). - */ -typedef struct { -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - unsigned char dummy; -#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_context drbg; -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_context drbg; -#else -#error "No DRBG available" -#endif -#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} rng_context_t; - -/** Initialize the RNG. - * - * This function only initializes the memory used by the RNG context. - * Before using the RNG, it must be seeded with rng_seed(). - */ -void rng_init(rng_context_t *rng); - -/* Seed the random number generator. - * - * \param rng The RNG context to use. It must have been initialized - * with rng_init(). - * \param reproducible If zero, seed the RNG from entropy. - * If nonzero, use a fixed seed, so that the program - * will produce the same sequence of random numbers - * each time it is invoked. - * \param pers A null-terminated string. Different values for this - * string cause the RNG to emit different output for - * the same seed. - * - * return 0 on success, a negative value on error. - */ -int rng_seed(rng_context_t *rng, int reproducible, const char *pers); - -/** Deinitialize the RNG. Free any embedded resource. - * - * \param rng The RNG context to deinitialize. It must have been - * initialized with rng_init(). - */ -void rng_free(rng_context_t *rng); - -/** Generate random data. - * - * This function is suitable for use as the \c f_rng argument to Mbed TLS - * library functions. - * - * \param p_rng The random generator context. This must be a pointer to - * a #rng_context_t structure. - * \param output The buffer to fill. - * \param output_len The length of the buffer in bytes. - * - * \return \c 0 on success. - * \return An Mbed TLS error code on error. - */ -int rng_get(void *p_rng, unsigned char *output, size_t output_len); - -/** Parse command-line option: key_opaque_algs - * - * - * \param arg String value of key_opaque_algs - * Coma-separated pair of values among the following: - * - "rsa-sign-pkcs1" - * - "rsa-sign-pss" - * - "rsa-decrypt" - * - "ecdsa-sign" - * - "ecdh" - * - "none" (only acceptable for the second value). - * \param alg1 Address of pointer to alg #1 - * \param alg2 Address of pointer to alg #2 - * - * \return \c 0 on success. - * \return \c 1 on parse failure. - */ -int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** Parse given opaque key algorithms to obtain psa algs and usage - * that will be passed to mbedtls_pk_wrap_as_opaque(). - * - * - * \param alg1 input string opaque key algorithm #1 - * \param alg2 input string opaque key algorithm #2 - * \param psa_alg1 output PSA algorithm #1 - * \param psa_alg2 output PSA algorithm #2 - * \param usage output key usage - * \param key_type key type used to set default psa algorithm/usage - * when alg1 in "none" - * - * \return \c 0 on success. - * \return \c 1 on parse failure. - */ -int key_opaque_set_alg_usage(const char *alg1, const char *alg2, - psa_algorithm_t *psa_alg1, - psa_algorithm_t *psa_alg2, - psa_key_usage_t *usage, - mbedtls_pk_type_t key_type); - -#if defined(MBEDTLS_PK_C) -/** Turn a non-opaque PK context into an opaque one with folowing steps: - * - extract the key data and attributes from the PK context. - * - import the key material into PSA. - * - free the provided PK context and re-initilize it as an opaque PK context - * wrapping the PSA key imported in the above step. - * - * \param[in/out] pk On input the non-opaque PK context which contains the - * key to be wrapped. On output the re-initialized PK - * context which represents the opaque version of the one - * provided as input. - * \param[in] psa_alg The primary algorithm that will be associated to the - * PSA key. - * \param[in] psa_alg2 The enrollment algorithm that will be associated to the - * PSA key. - * \param[in] psa_usage The PSA key usage policy. - * \param[out] key_id The PSA key identifier of the imported key. - * - * \return \c 0 on sucess. - * \return \c -1 on failure. - */ -int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, - psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); -#endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -/* The test implementation of the PSA external RNG is insecure. When - * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto - * function that makes use of an RNG, you must call - * mbedtls_test_enable_insecure_external_rng(). */ -#include -#endif - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/* - * Test recv/send functions that make sure each try returns - * WANT_READ/WANT_WRITE at least once before succeeding - */ -int delayed_recv(void *ctx, unsigned char *buf, size_t len); -int delayed_send(void *ctx, const unsigned char *buf, size_t len); - -/* - * Wait for an event from the underlying transport or the timer - * (Used in event-driven IO mode). - */ -int idle(mbedtls_net_context *fd, -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context *timer, -#endif - int idle_reason); - -#if defined(MBEDTLS_TEST_HOOKS) -/** Initialize whatever test hooks are enabled by the compile-time - * configuration and make sense for the TLS test programs. */ -void test_hooks_init(void); - -/** Check if any test hooks detected a problem. - * - * If a problem was detected, it's ok for the calling program to keep going, - * but it should ultimately exit with an error status. - * - * \note When implementing a test hook that detects errors on its own - * (as opposed to e.g. leaving the error for a memory sanitizer to - * report), make sure to print a message to standard error either at - * the time the problem is detected or during the execution of this - * function. This function does not indicate what problem was detected, - * so printing a message is the only way to provide feedback in the - * logs of the calling program. - * - * \return Nonzero if a problem was detected. - * \c 0 if no problem was detected. - */ -int test_hooks_failure_detected(void); - -/** Free any resources allocated for the sake of test hooks. - * - * Call this at the end of the program so that resource leak analyzers - * don't complain. - */ -void test_hooks_free(void); - -#endif /* !MBEDTLS_TEST_HOOKS */ - -/* Helper functions for FFDH groups. */ -int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len); - -#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ -#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt deleted file mode 100644 index dec1e8c28..000000000 --- a/programs/test/CMakeLists.txt +++ /dev/null @@ -1,111 +0,0 @@ -set(libs - ${mbedtls_target} -) - -set(executables_libs - metatest - query_compile_time_config - query_included_headers - selftest - udp_proxy -) -add_dependencies(${programs_target} ${executables_libs}) -add_dependencies(${ssl_opt_target} udp_proxy) - -set(executables_mbedcrypto - benchmark - zeroize -) -add_dependencies(${programs_target} ${executables_mbedcrypto}) -add_dependencies(${ssl_opt_target} query_compile_time_config) - -if(TEST_CPP) - set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp") - set(generate_cpp_dummy_build "${CMAKE_CURRENT_SOURCE_DIR}/generate_cpp_dummy_build.sh") - add_custom_command( - OUTPUT "${cpp_dummy_build_cpp}" - COMMAND "${generate_cpp_dummy_build}" "${cpp_dummy_build_cpp}" - DEPENDS "${generate_cpp_dummy_build}" - WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" - ) - add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") - set_base_compile_options(cpp_dummy_build) - target_include_directories(cpp_dummy_build - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include) - target_link_libraries(cpp_dummy_build ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) -endif() - -if(USE_SHARED_MBEDTLS_LIBRARY AND - NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]") - add_executable(dlopen "dlopen.c") - set_base_compile_options(dlopen) - target_include_directories(dlopen - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include) - target_link_libraries(dlopen ${CMAKE_DL_LIBS}) -endif() - -if(GEN_FILES) - find_package(Perl REQUIRED) - - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/query_config.c - COMMAND - ${PERL} - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt - ${CMAKE_CURRENT_BINARY_DIR}/query_config.c - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt - ) - # this file will also be used in another directory, so create a target, see - # https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory - add_custom_target(generate_query_config_c - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) -else() - link_to_source(query_config.c) -endif() - -foreach(exe IN LISTS executables_libs executables_mbedcrypto) - set(extra_sources "") - if(exe STREQUAL "query_compile_time_config") - list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h - ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) - endif() - add_executable(${exe} ${exe}.c $ - ${extra_sources}) - set_base_compile_options(${exe}) - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core) - if(exe STREQUAL "query_compile_time_config") - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}) - endif() - - # Request C11, required for memory poisoning - set_target_properties(${exe} PROPERTIES C_STANDARD 11) - - # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 - list(FIND executables_libs ${exe} exe_index) - if (${exe_index} GREATER -1) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - else() - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - endif() -endforeach() - -install(TARGETS ${executables_libs} ${executables_mbedcrypto} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c deleted file mode 100644 index c878e3426..000000000 --- a/programs/test/benchmark.c +++ /dev/null @@ -1,1272 +0,0 @@ -/* - * Benchmark demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_HAVE_TIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" - -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/camellia.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cmac.h" -#include "mbedtls/poly1305.h" - -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" - -#include "mbedtls/rsa.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecdh.h" - -#include "mbedtls/error_common.h" - -/* *INDENT-OFF* */ -#ifndef asm -#define asm __asm -#endif -/* *INDENT-ON* */ - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -#include -#include - -struct _hr_time { - struct timeval start; -}; - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#ifdef MBEDTLS_TIMING_ALT -void mbedtls_set_alarm(int seconds); -unsigned long mbedtls_timing_hardclock(void); -extern volatile int mbedtls_timing_alarmed; -#else -static void mbedtls_set_alarm(int seconds); -static unsigned long mbedtls_timing_hardclock(void); -#endif - -/* - * For heap usage estimates, we need an estimate of the overhead per allocated - * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block, - * so use that as our baseline. - */ -#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t)) - -/* - * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined. - */ -#define HEAP_SIZE (1u << 16) /* 64k */ - -#define BUFSIZE 1024 -#define HEADER_FORMAT " %-24s : " -#define TITLE_LEN 25 - -#define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ - "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \ - "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ - "rsa, dhm, ecdsa, ecdh.\n" - -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_printf("Error code: %d", ret); -/* mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \ - mbedtls_printf("FAILED: %s\n", tmp); */ -#else -#define PRINT_ERROR \ - mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret); -#endif - -#define TIME_AND_TSC(TITLE, CODE) \ - do { \ - unsigned long ii, jj, tsc; \ - int ret = 0; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - \ - mbedtls_set_alarm(1); \ - for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \ - { \ - ret = CODE; \ - } \ - \ - tsc = mbedtls_timing_hardclock(); \ - for (jj = 0; ret == 0 && jj < 1024; jj++) \ - { \ - ret = CODE; \ - } \ - \ - if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \ - ii * BUFSIZE / 1024, \ - (mbedtls_timing_hardclock() - tsc) \ - / (jj * BUFSIZE)); \ - } \ - } while (0) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - -/* How much space to reserve for the title when printing heap usage results. - * Updated manually as the output of the following command: - * - * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c | - * awk '{print length+3}' | sort -rn | head -n1 - * - * This computes the maximum length of a title +3, because we appends "/s" and - * want at least one space. (If the value is too small, the only consequence - * is poor alignment.) */ -#define TITLE_SPACE 17 - -#define MEMORY_MEASURE_INIT \ - size_t max_used, max_blocks, max_bytes; \ - size_t prv_used, prv_blocks; \ - size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \ - mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \ - mbedtls_memory_buffer_alloc_max_reset(); - -#define MEMORY_MEASURE_RESET \ - mbedtls_memory_buffer_alloc_count_get(&prv_alloc, &prv_free); - -#define MEMORY_MEASURE_PRINT(title_len) \ - mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \ - mbedtls_memory_buffer_alloc_count_get(&alloc_cnt, &free_cnt); \ - ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \ - while (ii--) mbedtls_printf(" "); \ - max_used -= prv_used; \ - max_blocks -= prv_blocks; \ - max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ - mbedtls_printf("%6u heap bytes, %6u allocs", \ - (unsigned) max_bytes, \ - (unsigned) (alloc_cnt - prv_alloc)); - -#else -#define MEMORY_MEASURE_INIT -#define MEMORY_MEASURE_RESET -#define MEMORY_MEASURE_PRINT(title_len) -#endif - -#define TIME_PUBLIC(TITLE, TYPE, CODE) \ - do { \ - unsigned long ii; \ - int ret; \ - MEMORY_MEASURE_INIT; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - mbedtls_set_alarm(3); \ - \ - ret = 0; \ - for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \ - { \ - MEMORY_MEASURE_RESET; \ - CODE; \ - } \ - \ - if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \ - { \ - mbedtls_printf("Feature Not Supported. Skipping.\n"); \ - ret = 0; \ - } \ - else if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%6lu " TYPE "/s", ii / 3); \ - MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \ - mbedtls_printf("\n"); \ - } \ - } while (0) - -#if !defined(MBEDTLS_TIMING_ALT) -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tsc; - __asm rdtsc - __asm mov[tsc], eax - return tsc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ - -/* some versions of mingw-64 have 32-bit longs even on x84_64 */ -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__i386__) || ( \ - (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __i386__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo | (hi << 32); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __amd64__ || __x86_64__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tbl, tbu0, tbu1; - - do { - asm volatile ("mftbu %0" : "=r" (tbu0)); - asm volatile ("mftb %0" : "=r" (tbl)); - asm volatile ("mftbu %0" : "=r" (tbu1)); - } while (tbu0 != tbu1); - - return tbl; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __powerpc__ || __ppc__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc64__) - -#if defined(__OpenBSD__) -#warning OpenBSD does not allow access to tick register using software version instead -#else -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile ("rdpr %%tick, %0;" : "=&r" (tick)); - return tick; -} -#endif /* __OpenBSD__ */ -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile (".byte 0x83, 0x41, 0x00, 0x00"); - asm volatile ("mov %%g1, %0" : "=r" (tick)); - return tick; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc__ && !__sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__alpha__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long cc; - asm volatile ("rpcc %0" : "=r" (cc)); - return cc & 0xFFFFFFFF; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __alpha__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__ia64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long itc; - asm volatile ("mov %0 = ar.itc" : "=r" (itc)); - return itc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __ia64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \ - !defined(EFIX64) && !defined(EFI32) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - LARGE_INTEGER offset; - - QueryPerformanceCounter(&offset); - - return (unsigned long) (offset.QuadPart); -} -#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */ - -#if !defined(HAVE_HARDCLOCK) - -#define HAVE_HARDCLOCK - -static int hardclock_init = 0; -static struct timeval tv_init; - -static unsigned long mbedtls_timing_hardclock(void) -{ - struct timeval tv_cur; - - if (hardclock_init == 0) { - gettimeofday(&tv_init, NULL); - hardclock_init = 1; - } - - gettimeofday(&tv_cur, NULL); - return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U - + (tv_cur.tv_usec - tv_init.tv_usec); -} -#endif /* !HAVE_HARDCLOCK */ - -volatile int mbedtls_timing_alarmed = 0; - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -/* It's OK to use a global because alarm() is supposed to be global anyway */ -static DWORD alarmMs; - -static void TimerProc(void *TimerContext) -{ - (void) TimerContext; - Sleep(alarmMs); - mbedtls_timing_alarmed = 1; - /* _endthread will be called implicitly on return - * That ensures execution of thread function's epilogue */ -} - -static void mbedtls_set_alarm(int seconds) -{ - if (seconds == 0) { - /* No need to create a thread for this simple case. - * Also, this shorcut is more reliable at least on MinGW32 */ - mbedtls_timing_alarmed = 1; - return; - } - - mbedtls_timing_alarmed = 0; - alarmMs = seconds * 1000; - (void) _beginthread(TimerProc, 0, NULL); -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -static void sighandler(int signum) -{ - mbedtls_timing_alarmed = 1; - signal(signum, sighandler); -} - -static void mbedtls_set_alarm(int seconds) -{ - mbedtls_timing_alarmed = 0; - signal(SIGALRM, sighandler); - alarm(seconds); - if (seconds == 0) { - /* alarm(0) cancelled any previous pending alarm, but the - handler won't fire, so raise the flag straight away. */ - mbedtls_timing_alarmed = 1; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ -#endif /* !MBEDTLS_TIMING_ALT */ - -static int myrand(void *rng_state, unsigned char *output, size_t len) -{ - size_t use_len; - int rnd; - - if (rng_state != NULL) { - rng_state = NULL; - } - - while (len > 0) { - use_len = len; - if (use_len > sizeof(int)) { - use_len = sizeof(int); - } - - rnd = rand(); - memcpy(output, &rnd, use_len); - output += use_len; - len -= use_len; - } - - return 0; -} - -#define CHECK_AND_CONTINUE(R) \ - { \ - int CHECK_AND_CONTINUE_ret = (R); \ - if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \ - mbedtls_printf("Feature not supported. Skipping.\n"); \ - continue; \ - } \ - else if (CHECK_AND_CONTINUE_ret != 0) { \ - mbedtls_exit(1); \ - } \ - } - -#if defined(MBEDTLS_ECP_C) -static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve) -{ - const mbedtls_ecp_curve_info *found = - mbedtls_ecp_curve_info_from_name(string); - if (found != NULL) { - *curve = *found; - return 1; - } else { - return 0; - } -} -#endif - -unsigned char buf[BUFSIZE]; - -typedef struct { - char md5, ripemd160, sha1, sha256, sha512, - sha3_224, sha3_256, sha3_384, sha3_512, - des3, des, - aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly, - aes_cmac, des3_cmac, - aria, camellia, chacha20, - poly1305, - ctr_drbg, hmac_drbg, - rsa, dhm, ecdsa, ecdh; -} todo_list; - - -int main(int argc, char *argv[]) -{ - int i; - unsigned char tmp[200]; - char title[TITLE_LEN]; - todo_list todo; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[HEAP_SIZE] = { 0 }; -#endif -#if defined(MBEDTLS_ECP_C) - mbedtls_ecp_curve_info single_curve[2] = { - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - }; - const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list(); -#endif - -#if defined(MBEDTLS_ECP_C) - (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */ -#endif - - if (argc <= 1) { - memset(&todo, 1, sizeof(todo)); - } else { - memset(&todo, 0, sizeof(todo)); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "md5") == 0) { - todo.md5 = 1; - } else if (strcmp(argv[i], "ripemd160") == 0) { - todo.ripemd160 = 1; - } else if (strcmp(argv[i], "sha1") == 0) { - todo.sha1 = 1; - } else if (strcmp(argv[i], "sha256") == 0) { - todo.sha256 = 1; - } else if (strcmp(argv[i], "sha512") == 0) { - todo.sha512 = 1; - } else if (strcmp(argv[i], "sha3_224") == 0) { - todo.sha3_224 = 1; - } else if (strcmp(argv[i], "sha3_256") == 0) { - todo.sha3_256 = 1; - } else if (strcmp(argv[i], "sha3_384") == 0) { - todo.sha3_384 = 1; - } else if (strcmp(argv[i], "sha3_512") == 0) { - todo.sha3_512 = 1; - } else if (strcmp(argv[i], "des3") == 0) { - todo.des3 = 1; - } else if (strcmp(argv[i], "des") == 0) { - todo.des = 1; - } else if (strcmp(argv[i], "aes_cbc") == 0) { - todo.aes_cbc = 1; - } else if (strcmp(argv[i], "aes_cfb128") == 0) { - todo.aes_cfb128 = 1; - } else if (strcmp(argv[i], "aes_cfb8") == 0) { - todo.aes_cfb8 = 1; - } else if (strcmp(argv[i], "aes_ctr") == 0) { - todo.aes_ctr = 1; - } else if (strcmp(argv[i], "aes_xts") == 0) { - todo.aes_xts = 1; - } else if (strcmp(argv[i], "aes_gcm") == 0) { - todo.aes_gcm = 1; - } else if (strcmp(argv[i], "aes_ccm") == 0) { - todo.aes_ccm = 1; - } else if (strcmp(argv[i], "chachapoly") == 0) { - todo.chachapoly = 1; - } else if (strcmp(argv[i], "aes_cmac") == 0) { - todo.aes_cmac = 1; - } else if (strcmp(argv[i], "des3_cmac") == 0) { - todo.des3_cmac = 1; - } else if (strcmp(argv[i], "aria") == 0) { - todo.aria = 1; - } else if (strcmp(argv[i], "camellia") == 0) { - todo.camellia = 1; - } else if (strcmp(argv[i], "chacha20") == 0) { - todo.chacha20 = 1; - } else if (strcmp(argv[i], "poly1305") == 0) { - todo.poly1305 = 1; - } else if (strcmp(argv[i], "ctr_drbg") == 0) { - todo.ctr_drbg = 1; - } else if (strcmp(argv[i], "hmac_drbg") == 0) { - todo.hmac_drbg = 1; - } else if (strcmp(argv[i], "rsa") == 0) { - todo.rsa = 1; - } else if (strcmp(argv[i], "dhm") == 0) { - todo.dhm = 1; - } else if (strcmp(argv[i], "ecdsa") == 0) { - todo.ecdsa = 1; - } else if (strcmp(argv[i], "ecdh") == 0) { - todo.ecdh = 1; - } -#if defined(MBEDTLS_ECP_C) - else if (set_ecp_curve(argv[i], single_curve)) { - curve_list = single_curve; - } -#endif - else { - mbedtls_printf("Unrecognized option: %s\n", argv[i]); - mbedtls_printf("Available options: " OPTIONS); - } - } - } - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - memset(buf, 0xAA, sizeof(buf)); - memset(tmp, 0xBB, sizeof(tmp)); - - /* Avoid "unused static function" warning in configurations without - * symmetric crypto. */ - (void) mbedtls_timing_hardclock; - -#if defined(MBEDTLS_MD5_C) - if (todo.md5) { - TIME_AND_TSC("MD5", mbedtls_md5(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if (todo.ripemd160) { - TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA1_C) - if (todo.sha1) { - TIME_AND_TSC("SHA-1", mbedtls_sha1(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA256_C) - if (todo.sha256) { - TIME_AND_TSC("SHA-256", mbedtls_sha256(buf, BUFSIZE, tmp, 0)); - } -#endif - -#if defined(MBEDTLS_SHA512_C) - if (todo.sha512) { - TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0)); - } -#endif -#if defined(MBEDTLS_SHA3_C) - if (todo.sha3_224) { - TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28)); - } - if (todo.sha3_256) { - TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32)); - } - if (todo.sha3_384) { - TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48)); - } - if (todo.sha3_512) { - TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64)); - } -#endif - -#if defined(MBEDTLS_DES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.des3) { - mbedtls_des3_context des3; - - mbedtls_des3_init(&des3); - if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("3DES", - mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des3_free(&des3); - } - - if (todo.des) { - mbedtls_des_context des; - - mbedtls_des_init(&des); - if (mbedtls_des_setkey_enc(&des, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("DES", - mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des_free(&des); - } - -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CMAC_C) - if (todo.des3_cmac) { - unsigned char output[8]; - const mbedtls_cipher_info_t *cipher_info; - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB); - - TIME_AND_TSC("3DES-CMAC", - mbedtls_cipher_cmac(cipher_info, tmp, 192, buf, - BUFSIZE, output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_DES_C */ - -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aes_cbc) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - if (todo.aes_cfb128) { - int keysize; - size_t iv_off = 0; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, - &iv_off, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } - if (todo.aes_cfb8) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - if (todo.aes_ctr) { - int keysize; - mbedtls_aes_context aes; - - uint8_t stream_block[16]; - size_t nc_off; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - memset(stream_block, 0, sizeof(stream_block)); - nc_off = 0; - - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block, - buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) - if (todo.aes_xts) { - int keysize; - mbedtls_aes_xts_context ctx; - - mbedtls_aes_xts_init(&ctx); - for (keysize = 128; keysize <= 256; keysize += 128) { - mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE, - tmp, buf, buf)); - - mbedtls_aes_xts_free(&ctx); - } - } -#endif -#if defined(MBEDTLS_GCM_C) - if (todo.aes_gcm) { - int keysize; - mbedtls_gcm_context gcm; - - mbedtls_gcm_init(&gcm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, 16, tmp)); - - mbedtls_gcm_free(&gcm); - } - } -#endif -#if defined(MBEDTLS_CCM_C) - if (todo.aes_ccm) { - int keysize; - mbedtls_ccm_context ccm; - - mbedtls_ccm_init(&ccm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, tmp, 16)); - - mbedtls_ccm_free(&ccm); - } - } -#endif -#if defined(MBEDTLS_CHACHAPOLY_C) - if (todo.chachapoly) { - mbedtls_chachapoly_context chachapoly; - - mbedtls_chachapoly_init(&chachapoly); - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305"); - - mbedtls_chachapoly_setkey(&chachapoly, tmp); - - TIME_AND_TSC(title, - mbedtls_chachapoly_encrypt_and_tag(&chachapoly, - BUFSIZE, tmp, NULL, 0, buf, buf, tmp)); - - mbedtls_chachapoly_free(&chachapoly); - } -#endif -#if defined(MBEDTLS_CMAC_C) - if (todo.aes_cmac) { - unsigned char output[16]; - const mbedtls_cipher_info_t *cipher_info; - mbedtls_cipher_type_t cipher_type; - int keysize; - - for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; - keysize <= 256; - keysize += 64, cipher_type++) { - mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(cipher_type); - - TIME_AND_TSC(title, - mbedtls_cipher_cmac(cipher_info, tmp, keysize, - buf, BUFSIZE, output)); - } - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - TIME_AND_TSC("AES-CMAC-PRF-128", - mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE, - output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aria) { - int keysize; - mbedtls_aria_context aria; - - mbedtls_aria_init(&aria); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_aria_setkey_enc(&aria, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_aria_free(&aria); - } -#endif - -#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.camellia) { - int keysize; - mbedtls_camellia_context camellia; - - mbedtls_camellia_init(&camellia); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_camellia_setkey_enc(&camellia, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_camellia_free(&camellia); - } -#endif - -#if defined(MBEDTLS_CHACHA20_C) - if (todo.chacha20) { - TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf)); - } -#endif - -#if defined(MBEDTLS_POLY1305_C) - if (todo.poly1305) { - TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf)); - } -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if (todo.ctr_drbg) { - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("CTR_DRBG (NOPR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON); - TIME_AND_TSC("CTR_DRBG (PR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - } -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) && \ - (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C)) - if (todo.hmac_drbg) { - mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; - - mbedtls_hmac_drbg_init(&hmac_drbg); - -#if defined(MBEDTLS_SHA1_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - -#if defined(MBEDTLS_SHA256_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - mbedtls_hmac_drbg_free(&hmac_drbg); - } -#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (todo.rsa) { - int keysize; - mbedtls_rsa_context rsa; - - for (keysize = 2048; keysize <= 4096; keysize += 1024) { - mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); - - mbedtls_rsa_init(&rsa); - mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537); - - TIME_PUBLIC(title, " public", - buf[0] = 0; - ret = mbedtls_rsa_public(&rsa, buf, buf)); - - TIME_PUBLIC(title, "private", - buf[0] = 0; - ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf)); - - mbedtls_rsa_free(&rsa); - } - } -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C) - if (todo.dhm) { - int dhm_sizes[] = { 2048, 3072 }; - static const unsigned char dhm_P_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - static const unsigned char dhm_P_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; - static const unsigned char dhm_G_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - static const unsigned char dhm_G_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; - - const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; - const size_t dhm_P_size[] = { sizeof(dhm_P_2048), - sizeof(dhm_P_3072) }; - - const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; - const size_t dhm_G_size[] = { sizeof(dhm_G_2048), - sizeof(dhm_G_3072) }; - - mbedtls_dhm_context dhm; - size_t olen; - size_t n; - mbedtls_mpi P, G; - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - - for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { - mbedtls_dhm_init(&dhm); - - if (mbedtls_mpi_read_binary(&P, dhm_P[i], - dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&G, dhm_G[i], - dhm_G_size[i]) != 0 || - mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { - mbedtls_exit(1); - } - - n = mbedtls_dhm_get_len(&dhm); - mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - - if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - myrand, NULL); - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_dhm_free(&dhm); - mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); - } - } -#endif - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) - if (todo.ecdsa) { - mbedtls_ecdsa_context ecdsa; - const mbedtls_ecp_curve_info *curve_info; - size_t sig_len; - - memset(buf, 0x2A, sizeof(buf)); - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, - "sign", - ret = - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, - curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, - NULL)); - - mbedtls_ecdsa_free(&ecdsa); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 || - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, "verify", - ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size, - tmp, sig_len)); - - mbedtls_ecdsa_free(&ecdsa); - } - } -#endif - -#if defined(MBEDTLS_ECDH_C) - if (todo.ecdh) { - mbedtls_ecdh_context ecdh_srv, ecdh_cli; - unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; - const mbedtls_ecp_curve_info *curve_info; - size_t params_len, publen, seclen; - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); - TIME_PUBLIC(title, - "ephemeral handshake", - const unsigned char *p_srv = buf_srv; - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - mbedtls_ecdh_free(&ecdh_cli); - ); - - mbedtls_ecdh_free(&ecdh_srv); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - const unsigned char *p_srv = buf_srv; - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name); - TIME_PUBLIC(title, - "static handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - ); - - mbedtls_ecdh_free(&ecdh_cli); - mbedtls_ecdh_free(&ecdh_srv); - } - } -#endif - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - - mbedtls_exit(0); -} - -#endif /* MBEDTLS_HAVE_TIME */ diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore deleted file mode 100644 index 89d8c2bf6..000000000 --- a/programs/test/cmake_package/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -build -Makefile -cmake_package -mbedtls diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt deleted file mode 100644 index 85270bc8c..000000000 --- a/programs/test/cmake_package/CMakeLists.txt +++ /dev/null @@ -1,38 +0,0 @@ -cmake_minimum_required(VERSION 3.5.1) - -# -# Simulate configuring and building Mbed TLS as the user might do it. We'll -# skip installing it, and use the build directory directly instead. -# - -set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..") -set(MbedTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - "-H${MbedTLS_SOURCE_DIR}" - "-B${MbedTLS_BINARY_DIR}" - "-DENABLE_PROGRAMS=NO" - "-DENABLE_TESTING=NO" - # Turn on generated files explicitly in case this is a release - "-DGEN_FILES=ON") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - --build "${MbedTLS_BINARY_DIR}") - -# -# Locate the package. -# - -set(MbedTLS_DIR "${MbedTLS_BINARY_DIR}/cmake") -find_package(MbedTLS REQUIRED) - -# -# At this point, the Mbed TLS targets should have been imported, and we can now -# link to them from our own program. -# - -add_executable(cmake_package cmake_package.c) -target_link_libraries(cmake_package - MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509) diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c deleted file mode 100644 index 729800ad8..000000000 --- a/programs/test/cmake_package/cmake_package.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Simple program to test that Mbed TLS builds correctly as a CMake package. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#include "mbedtls/version.h" - -/* The main reason to build this is for testing the CMake build, so the program - * doesn't need to do very much. It calls a single library function to ensure - * linkage works, but that is all. */ -int main() -{ - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); - - mbedtls_printf("Built against %s\n", version); - - return 0; -} diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore deleted file mode 100644 index aaa594209..000000000 --- a/programs/test/cmake_package_install/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -build -Makefile -cmake_package_install -mbedtls diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt deleted file mode 100644 index f10109e94..000000000 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ /dev/null @@ -1,41 +0,0 @@ -cmake_minimum_required(VERSION 3.5.1) - -# -# Simulate configuring and building Mbed TLS as the user might do it. We'll -# install into a directory inside our own build directory. -# - -set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..") -set(MbedTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") -set(MbedTLS_BINARY_DIR "${MbedTLS_INSTALL_DIR}${CMAKE_FILES_DIRECTORY}") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - "-H${MbedTLS_SOURCE_DIR}" - "-B${MbedTLS_BINARY_DIR}" - "-DENABLE_PROGRAMS=NO" - "-DENABLE_TESTING=NO" - # Turn on generated files explicitly in case this is a release - "-DGEN_FILES=ON" - "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - --build "${MbedTLS_BINARY_DIR}" - --target install) - -# -# Locate the package. -# - -list(INSERT CMAKE_PREFIX_PATH 0 "${MbedTLS_INSTALL_DIR}") -find_package(MbedTLS REQUIRED) - -# -# At this point, the Mbed TLS targets should have been imported, and we can now -# link to them from our own program. -# - -add_executable(cmake_package_install cmake_package_install.c) -target_link_libraries(cmake_package_install - MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509) diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c deleted file mode 100644 index 44a2adadf..000000000 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Simple program to test that Mbed TLS builds correctly as an installable CMake - * package. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#include "mbedtls/version.h" - -/* The main reason to build this is for testing the CMake build, so the program - * doesn't need to do very much. It calls a single library function to ensure - * linkage works, but that is all. */ -int main() -{ - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); - - mbedtls_printf("Built against %s\n", version); - - return 0; -} diff --git a/programs/test/cmake_subproject/.gitignore b/programs/test/cmake_subproject/.gitignore deleted file mode 100644 index 464833b93..000000000 --- a/programs/test/cmake_subproject/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -build -Makefile -cmake_subproject diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt deleted file mode 100644 index 7acdcc339..000000000 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ /dev/null @@ -1,23 +0,0 @@ -cmake_minimum_required(VERSION 3.5.1) - -# Test the target renaming support by adding a prefix to the targets built -set(MBEDTLS_TARGET_PREFIX subproject_test_) - -# We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other -# projects that use Mbed TLS as a subproject are likely to add by their own -# relative paths. -set(MBEDTLS_DIR ../../../) - -# Add Mbed TLS as a subdirectory. -add_subdirectory(${MBEDTLS_DIR} build) - -# Link against all the Mbed TLS libraries. Verifies that the targets have been -# created using the specified prefix -set(libs - subproject_test_tfpsacrypto - subproject_test_mbedx509 - subproject_test_mbedtls -) - -add_executable(cmake_subproject cmake_subproject.c) -target_link_libraries(cmake_subproject ${libs} ${CMAKE_THREAD_LIBS_INIT}) diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c deleted file mode 100644 index 8b4f18e28..000000000 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Simple program to test that CMake builds with Mbed TLS as a subdirectory - * work correctly. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#include "mbedtls/version.h" - -/* The main reason to build this is for testing the CMake build, so the program - * doesn't need to do very much. It calls a single library function to ensure - * linkage works, but that is all. */ -int main() -{ - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); - - mbedtls_printf("Built against %s\n", version); - - return 0; -} diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c deleted file mode 100644 index 3a0f37d4b..000000000 --- a/programs/test/dlopen.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Test dynamic loading of libmbed* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/x509_crt.h" -#endif - -#if defined(__APPLE__) -#define SO_SUFFIX ".dylib" -#else -#define SO_SUFFIX ".so" -#endif - -#define MBEDCRYPTO_SO_FILENAME "libmbedcrypto" SO_SUFFIX -#define TFPSACRYPTO_SO_FILENAME "libtfpsacrypto" SO_SUFFIX -#define X509_SO_FILENAME "libmbedx509" SO_SUFFIX -#define TLS_SO_FILENAME "libmbedtls" SO_SUFFIX - -#include - -#define CHECK_DLERROR(function, argument) \ - do \ - { \ - char *CHECK_DLERROR_error = dlerror(); \ - if (CHECK_DLERROR_error != NULL) \ - { \ - fprintf(stderr, "Dynamic loading error for %s(%s): %s\n", \ - function, argument, CHECK_DLERROR_error); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } \ - while (0) - -int main(void) -{ -#if defined(MBEDTLS_MD_C) || defined(MBEDTLS_SSL_TLS_C) - unsigned n; -#endif - -#if defined(MBEDTLS_SSL_TLS_C) - void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", TLS_SO_FILENAME); - const int *(*ssl_list_ciphersuites)(void) = - dlsym(tls_so, "mbedtls_ssl_list_ciphersuites"); - CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites"); - const int *ciphersuites = ssl_list_ciphersuites(); - for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */ - ; - } - mbedtls_printf("dlopen(%s): %u ciphersuites\n", - TLS_SO_FILENAME, n); - dlclose(tls_so); - CHECK_DLERROR("dlclose", TLS_SO_FILENAME); -#endif /* MBEDTLS_SSL_TLS_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - void *x509_so = dlopen(X509_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", X509_SO_FILENAME); - const mbedtls_x509_crt_profile *profile = - dlsym(x509_so, "mbedtls_x509_crt_profile_default"); - CHECK_DLERROR("dlsym", "mbedtls_x509_crt_profile_default"); - mbedtls_printf("dlopen(%s): Allowed md mask: %08x\n", - X509_SO_FILENAME, (unsigned) profile->allowed_mds); - dlclose(x509_so); - CHECK_DLERROR("dlclose", X509_SO_FILENAME); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_MD_C) - const char *crypto_so_filename = NULL; - void *crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); - if (dlerror() == NULL) { - crypto_so_filename = MBEDCRYPTO_SO_FILENAME; - } else { - crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); - crypto_so_filename = TFPSACRYPTO_SO_FILENAME; - } - - const int *(*md_list)(void) = - dlsym(crypto_so, "mbedtls_md_list"); - CHECK_DLERROR("dlsym", "mbedtls_md_list"); - const int *mds = md_list(); - for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ - ; - } - mbedtls_printf("dlopen(%s): %u hashes\n", - crypto_so_filename, n); - dlclose(crypto_so); - CHECK_DLERROR("dlclose", crypto_so_filename); -#endif /* MBEDTLS_MD_C */ - - return 0; -} diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh deleted file mode 100755 index 7280f1d70..000000000 --- a/programs/test/dlopen_demo.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -# Run the shared library dynamic loading demo program. -# This is only expected to work when Mbed TLS is built as a shared library. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -. "${0%/*}/../demo_common.sh" - -msg "Test the dynamic loading of libmbed*" - -program="$programs_dir/test/dlopen" -library_dir="$root_dir/library" - -# Skip this test if we don't have a shared library build. Detect this -# through the absence of the demo program. -if [ ! -e "$program" ]; then - msg "$0: this demo requires a shared library build." - # Exit with a success status so that this counts as a pass for run_demos.py. - exit -fi - -# ELF-based Unix-like (Linux, *BSD, Solaris, ...) -if [ -n "${LD_LIBRARY_PATH-}" ]; then - LD_LIBRARY_PATH="$library_dir:$LD_LIBRARY_PATH" -else - LD_LIBRARY_PATH="$library_dir" -fi -export LD_LIBRARY_PATH - -# OSX/macOS -if [ -n "${DYLD_LIBRARY_PATH-}" ]; then - DYLD_LIBRARY_PATH="$library_dir:$DYLD_LIBRARY_PATH" -else - DYLD_LIBRARY_PATH="$library_dir" -fi -export DYLD_LIBRARY_PATH - -msg "Running dynamic loading test program: $program" -msg "Loading libraries from: $library_dir" -"$program" diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh deleted file mode 100755 index d27c7ae12..000000000 --- a/programs/test/generate_cpp_dummy_build.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/sh - -DEFAULT_OUTPUT_FILE=programs/test/cpp_dummy_build.cpp - -if [ "$1" = "--help" ]; then - cat <&2 "This script must be run from an Mbed TLS source tree." - exit 3 -fi - -print_cpp >"${1:-$DEFAULT_OUTPUT_FILE}" diff --git a/programs/test/metatest.c b/programs/test/metatest.c deleted file mode 100644 index f39cb545d..000000000 --- a/programs/test/metatest.c +++ /dev/null @@ -1,484 +0,0 @@ -/** \file metatest.c - * - * \brief Test features of the test framework. - * - * When you run this program, it runs a single "meta-test". A meta-test - * performs an operation which should be caught as a failure by our - * test framework. The meta-test passes if this program calls `exit` with - * a nonzero status, or aborts, or is terminated by a signal, or if the - * framework running the program considers the run an error (this happens - * with Valgrind for a memory leak). The non-success of the meta-test - * program means that the test failure has been caught correctly. - * - * Some failures are purely functional: the logic of the code causes the - * test result to be set to FAIL. Other failures come from extra - * instrumentation which is not present in a normal build; for example, - * Asan or Valgrind to detect memory leaks. This is reflected by the - * "platform" associated with each meta-test. - * - * Use the companion script `tests/scripts/run-metatests.sh` to run all - * the meta-tests for a given platform and validate that they trigger a - * detected failure as expected. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include -#include -#include -#include "test/helpers.h" -#include "test/threading_helpers.h" -#include "test/macros.h" -#include "test/memory.h" -#include "common.h" - -#include -#include - -#if defined(MBEDTLS_THREADING_C) -#include -#endif - - -/* This is an external variable, so the compiler doesn't know that we're never - * changing its value. - */ -volatile int false_but_the_compiler_does_not_know = 0; - -/* Hide calls to calloc/free from static checkers such as - * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about - * code where we do mean to cause a runtime error. */ -void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc; -void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free; - -/* Set n bytes at the address p to all-bits-zero, in such a way that - * the compiler should not know that p is all-bits-zero. */ -static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) -{ - memset((void *) p, false_but_the_compiler_does_not_know, n); -} - -/* Simulate an access to the given object, to avoid compiler optimizations - * in code that prepares or consumes the object. */ -static void do_nothing_with_object(void *p) -{ - (void) p; -} -void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) = - do_nothing_with_object; - - -/****************************************************************/ -/* Test framework features */ -/****************************************************************/ - -static void meta_test_fail(const char *name) -{ - (void) name; - mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); -} - -static void meta_test_not_equal(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_EQUAL(left, right); -exit: - ; -} - -static void meta_test_not_le_s(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_LE_S(left, right); -exit: - ; -} - -static void meta_test_not_le_u(const char *name) -{ - size_t left = 20; - size_t right = 10; - - (void) name; - - TEST_LE_U(left, right); -exit: - ; -} - -/****************************************************************/ -/* Platform features */ -/****************************************************************/ - -static void null_pointer_dereference(const char *name) -{ - (void) name; - volatile char *volatile p; - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (read from null data pointer) */ - mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p); -} - -static void null_pointer_call(const char *name) -{ - (void) name; - unsigned(*volatile p)(void); - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (execute null function pointer) */ - /* The pointer representation may be truncated, but we don't care: - * the only point of printing it is to have some use of the pointer - * to dissuade the compiler from optimizing it away. */ - mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p()); -} - - -/****************************************************************/ -/* Memory */ -/****************************************************************/ - -static void read_after_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (read after free) */ - mbedtls_printf("%u\n", (unsigned) *p); -} - -static void double_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (double free) */ - free_but_the_compiler_does_not_know((void *) p); -} - -static void read_uninitialized_stack(const char *name) -{ - (void) name; - char buf[1]; - if (false_but_the_compiler_does_not_know) { - buf[0] = '!'; - } - char *volatile p = buf; - if (*p != 0) { - /* Unspecified result (read from uninitialized memory) */ - mbedtls_printf("%u\n", (unsigned) *p); - } -} - -static void memory_leak(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - mbedtls_printf("%u\n", (unsigned) *p); - /* Leak of a heap object */ -} - -/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)" - * Poison a region starting at start from an 8-byte aligned origin, - * encompassing count bytes. Access the region at offset from the start. - * %(start), %(offset) and %(count) are decimal integers. - * %(direction) is either the character 'r' for read or 'w' for write. - */ -static void test_memory_poison(const char *name) -{ - size_t start = 0, offset = 0, count = 0; - char direction = 'r'; - if (sscanf(name, - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "_%c", - &start, &offset, &count, &direction) != 4) { - mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name); - return; - } - - union { - long long ll; - unsigned char buf[32]; - } aligned; - memset(aligned.buf, 'a', sizeof(aligned.buf)); - - if (start > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start, sizeof(aligned.buf)); - return; - } - if (start + count > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start+count=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start + count, sizeof(aligned.buf)); - return; - } - if (offset >= count) { - mbedtls_fprintf(stderr, - "%s: offset=%" MBEDTLS_PRINTF_SIZET - " >= count=%" MBEDTLS_PRINTF_SIZET, - __func__, offset, count); - return; - } - - MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count); - - if (direction == 'w') { - aligned.buf[start + offset] = 'b'; - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - } else { - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]); - } -} - - -/****************************************************************/ -/* Threading */ -/****************************************************************/ - -static void mutex_lock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_unlock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_free_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_init(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_free(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_leak(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); -#endif - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ -} - - -/****************************************************************/ -/* Command line entry point */ -/****************************************************************/ - -typedef struct { - /** Command line argument that will trigger that metatest. - * - * Conventionally matches "[a-z0-9_]+". */ - const char *name; - - /** Platform under which that metatest is valid. - * - * - "any": should work anywhere. - * - "asan": triggers ASan (Address Sanitizer). - * - "msan": triggers MSan (Memory Sanitizer). - * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, - * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test - * framework (see framework/tests/src/threading_helpers.c). - */ - const char *platform; - - /** Function that performs the metatest. - * - * The function receives the name as an argument. This allows using the - * same function to perform multiple variants of a test based on the name. - * - * When executed on a conforming platform, the function is expected to - * either cause a test failure (mbedtls_test_fail()), or cause the - * program to abort in some way (e.g. by causing a segfault or by - * triggering a sanitizer). - * - * When executed on a non-conforming platform, the function may return - * normally or may have unpredictable behavior. - */ - void (*entry_point)(const char *name); -} metatest_t; - -/* The list of available meta-tests. Remember to register new functions here! - * - * Note that we always compile all the functions, so that `metatest --list` - * will always list all the available meta-tests. - * - * See the documentation of metatest_t::platform for the meaning of - * platform values. - */ -metatest_t metatests[] = { - { "test_fail", "any", meta_test_fail }, - { "test_not_equal", "any", meta_test_not_equal }, - { "test_not_le_s", "any", meta_test_not_le_s }, - { "test_not_le_u", "any", meta_test_not_le_u }, - { "null_dereference", "any", null_pointer_dereference }, - { "null_call", "any", null_pointer_call }, - { "read_after_free", "asan", read_after_free }, - { "double_free", "asan", double_free }, - { "read_uninitialized_stack", "msan", read_uninitialized_stack }, - { "memory_leak", "asan", memory_leak }, - { "test_memory_poison_0_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_w", "poison", test_memory_poison }, - { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, - { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, - { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, - { "mutex_double_init", "pthread", mutex_double_init }, - { "mutex_double_free", "pthread", mutex_double_free }, - { "mutex_leak", "pthread", mutex_leak }, - { NULL, NULL, NULL } -}; - -static void help(FILE *out, const char *argv0) -{ - mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0); - mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n"); - mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n"); -} - -int main(int argc, char *argv[]) -{ - const char *argv0 = argc > 0 ? argv[0] : "metatest"; - if (argc != 2) { - help(stderr, argv0); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* Support "-help", "--help", "--list", etc. */ - const char *command = argv[1]; - while (*command == '-') { - ++command; - } - - if (strcmp(argv[1], "help") == 0) { - help(stdout, argv0); - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - if (strcmp(argv[1], "list") == 0) { - for (const metatest_t *p = metatests; p->name != NULL; p++) { - mbedtls_printf("%s %s\n", p->name, p->platform); - } - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif - - for (const metatest_t *p = metatests; p->name != NULL; p++) { - if (strcmp(argv[1], p->name) == 0) { - mbedtls_printf("Running metatest %s...\n", argv[1]); - p->entry_point(argv[1]); -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_check(); -#endif - int result = (int) mbedtls_test_get_result(); - - mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], result); - mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? - MBEDTLS_EXIT_SUCCESS : - MBEDTLS_EXIT_FAILURE); - } - } - - mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n", - argv0, command); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); -} diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c deleted file mode 100644 index a70e6daef..000000000 --- a/programs/test/query_compile_time_config.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Query the Mbed TLS compile time configuration - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#define USAGE \ - "usage: %s [ -all | -any | -l ] ...\n\n" \ - "This program takes command line arguments which correspond to\n" \ - "the string representation of Mbed TLS compile time configurations.\n\n" \ - "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \ - "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \ - "returned. Macro expansions of configurations will be printed (if any).\n" \ - "-l\tPrint all available configuration.\n" \ - "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \ - "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \ - "-h\tPrint this usage\n" - -#include -#include "query_config.h" - -int main(int argc, char *argv[]) -{ - int i; - - if (argc < 2 || strcmp(argv[1], "-h") == 0) { - mbedtls_printf(USAGE, argv[0]); - return MBEDTLS_EXIT_FAILURE; - } - - if (strcmp(argv[1], "-l") == 0) { - list_config(); - return 0; - } - - if (strcmp(argv[1], "-all") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - return 0; - } - - if (strcmp(argv[1], "-any") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) == 0) { - return 0; - } - } - return 1; - } - - for (i = 1; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - - return 0; -} diff --git a/programs/test/query_config.h b/programs/test/query_config.h deleted file mode 100644 index 43f120bf0..000000000 --- a/programs/test/query_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H -#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H - -#include "mbedtls/build_info.h" - -/** Check whether a given configuration symbol is enabled. - * - * \param config The symbol to query (e.g. "MBEDTLS_RSA_C"). - * \return \c 0 if the symbol was defined at compile time - * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h), - * \c 1 otherwise. - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -int query_config(const char *config); - -/** List all enabled configuration symbols - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -void list_config(void); - -#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */ diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c deleted file mode 100644 index cdafa1620..000000000 --- a/programs/test/query_included_headers.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Ad hoc report on included headers. */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -int main(void) -{ - - /* Which PSA platform header? */ -#if defined(PSA_CRYPTO_PLATFORM_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n"); -#endif -#if defined(PSA_CRYPTO_PLATFORM_ALT_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n"); -#endif - - /* Which PSA struct header? */ -#if defined(PSA_CRYPTO_STRUCT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_H\n"); -#endif -#if defined(PSA_CRYPTO_STRUCT_ALT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n"); -#endif - -} diff --git a/programs/test/selftest.c b/programs/test/selftest.c deleted file mode 100644 index e72386f02..000000000 --- a/programs/test/selftest.c +++ /dev/null @@ -1,584 +0,0 @@ -/* - * Self-test demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/entropy.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/dhm.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/cmac.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/camellia.h" -#include "mbedtls/aria.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" -#include "mbedtls/x509.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/ecp.h" -#include "mbedtls/ecjpake.h" -#include "mbedtls/timing.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/debug.h" - -#include -#include - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - - -#if defined MBEDTLS_SELF_TEST -/* Sanity check for malloc. This is not expected to fail, and is rather - * intended to display potentially useful information about the platform, - * in particular the behavior of malloc(0). */ -static int calloc_self_test(int verbose) -{ - int failures = 0; - void *empty1 = mbedtls_calloc(0, 1); - void *empty2 = mbedtls_calloc(0, 1); - void *buffer1 = mbedtls_calloc(1, 1); - void *buffer2 = mbedtls_calloc(1, 1); - unsigned int buffer_3_size = 256; - unsigned int buffer_4_size = 4097; /* Allocate more than the usual page size */ - unsigned char *buffer3 = mbedtls_calloc(buffer_3_size, 1); - unsigned char *buffer4 = mbedtls_calloc(buffer_4_size, 1); - - if (empty1 == NULL && empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): passed (NULL)\n"); - } - } else if (empty1 == NULL || empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): failed (mix of NULL and non-NULL)\n"); - } - ++failures; - } else if (empty1 == empty2) { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): passed (same non-null)\n"); - } - empty2 = NULL; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): passed (distinct non-null)\n"); - } - } - - mbedtls_free(empty1); - mbedtls_free(empty2); - - empty1 = mbedtls_calloc(1, 0); - empty2 = mbedtls_calloc(1, 0); - if (empty1 == NULL && empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): passed (NULL)\n"); - } - } else if (empty1 == NULL || empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): failed (mix of NULL and non-NULL)\n"); - } - ++failures; - } else if (empty1 == empty2) { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): passed (same non-null)\n"); - } - empty2 = NULL; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): passed (distinct non-null)\n"); - } - } - - if (buffer1 == NULL || buffer2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1): failed (NULL)\n"); - } - ++failures; - } else if (buffer1 == buffer2) { - if (verbose) { - mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n"); - } - ++failures; - buffer2 = NULL; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(1): passed\n"); - } - } - - mbedtls_free(buffer1); - buffer1 = mbedtls_calloc(1, 1); - if (buffer1 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1 again): failed (NULL)\n"); - } - ++failures; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(1 again): passed\n"); - } - } - - for (unsigned int i = 0; i < buffer_3_size; i++) { - if (buffer3[i] != 0) { - ++failures; - if (verbose) { - mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n", - buffer_3_size); - } - break; - } - } - - for (unsigned int i = 0; i < buffer_4_size; i++) { - if (buffer4[i] != 0) { - ++failures; - if (verbose) { - mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n", - buffer_4_size); - } - break; - } - } - - if (verbose) { - mbedtls_printf("\n"); - } - mbedtls_free(empty1); - mbedtls_free(empty2); - mbedtls_free(buffer1); - mbedtls_free(buffer2); - mbedtls_free(buffer3); - mbedtls_free(buffer4); - return failures; -} -#endif /* MBEDTLS_SELF_TEST */ - -static int test_snprintf(size_t n, const char *ref_buf, int ref_ret) -{ - int ret; - char buf[10] = "xxxxxxxxx"; - const char ref[10] = "xxxxxxxxx"; - - ret = mbedtls_snprintf(buf, n, "%s", "123"); - if (ret < 0 || (size_t) ret >= n) { - ret = -1; - } - - if (strncmp(ref_buf, buf, sizeof(buf)) != 0 || - ref_ret != ret || - memcmp(buf + n, ref + n, sizeof(buf) - n) != 0) { - return 1; - } - - return 0; -} - -static int run_test_snprintf(void) -{ - return test_snprintf(0, "xxxxxxxxx", -1) != 0 || - test_snprintf(1, "", -1) != 0 || - test_snprintf(2, "1", -1) != 0 || - test_snprintf(3, "12", -1) != 0 || - test_snprintf(4, "123", 3) != 0 || - test_snprintf(5, "123", 3) != 0; -} - -/* - * Check if a seed file is present, and if not create one for the entropy - * self-test. If this fails, we attempt the test anyway, so no error is passed - * back. - */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) -static void create_entropy_seed_file(void) -{ - int result; - size_t output_len = 0; - unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - /* Attempt to read the entropy seed file. If this fails - attempt to write - * to the file to ensure one is present. */ - result = mbedtls_platform_std_nv_seed_read(seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE); - if (0 == result) { - return; - } - - result = mbedtls_platform_entropy_poll(NULL, - seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE, - &output_len); - if (0 != result) { - return; - } - - if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) { - return; - } - - mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); -} -#endif - -static int mbedtls_entropy_self_test_wrapper(int verbose) -{ -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) - create_entropy_seed_file(); -#endif - return mbedtls_entropy_self_test(verbose); -} -#endif - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) -{ - if (verbose != 0) { -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - } - mbedtls_memory_buffer_alloc_free(); - return mbedtls_memory_buffer_alloc_self_test(verbose); -} -#endif - -typedef struct { - const char *name; - int (*function)(int); -} selftest_t; - -const selftest_t selftests[] = -{ - { "calloc", calloc_self_test }, -#if defined(MBEDTLS_MD5_C) - { "md5", mbedtls_md5_self_test }, -#endif -#if defined(MBEDTLS_RIPEMD160_C) - { "ripemd160", mbedtls_ripemd160_self_test }, -#endif -#if defined(MBEDTLS_SHA1_C) - { "sha1", mbedtls_sha1_self_test }, -#endif -#if defined(MBEDTLS_SHA224_C) - { "sha224", mbedtls_sha224_self_test }, -#endif -#if defined(MBEDTLS_SHA256_C) - { "sha256", mbedtls_sha256_self_test }, -#endif -#if defined(MBEDTLS_SHA384_C) - { "sha384", mbedtls_sha384_self_test }, -#endif -#if defined(MBEDTLS_SHA512_C) - { "sha512", mbedtls_sha512_self_test }, -#endif -#if defined(MBEDTLS_SHA3_C) - { "sha3", mbedtls_sha3_self_test }, -#endif -#if defined(MBEDTLS_DES_C) - { "des", mbedtls_des_self_test }, -#endif -#if defined(MBEDTLS_AES_C) - { "aes", mbedtls_aes_self_test }, -#endif -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) - { "gcm", mbedtls_gcm_self_test }, -#endif -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) - { "ccm", mbedtls_ccm_self_test }, -#endif -#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C) - { "nist_kw", mbedtls_nist_kw_self_test }, -#endif -#if defined(MBEDTLS_CMAC_C) - { "cmac", mbedtls_cmac_self_test }, -#endif -#if defined(MBEDTLS_CHACHA20_C) - { "chacha20", mbedtls_chacha20_self_test }, -#endif -#if defined(MBEDTLS_POLY1305_C) - { "poly1305", mbedtls_poly1305_self_test }, -#endif -#if defined(MBEDTLS_CHACHAPOLY_C) - { "chacha20-poly1305", mbedtls_chachapoly_self_test }, -#endif -#if defined(MBEDTLS_BASE64_C) - { "base64", mbedtls_base64_self_test }, -#endif -#if defined(MBEDTLS_BIGNUM_C) - { "mpi", mbedtls_mpi_self_test }, -#endif -#if defined(MBEDTLS_RSA_C) - { "rsa", mbedtls_rsa_self_test }, -#endif -#if defined(MBEDTLS_CAMELLIA_C) - { "camellia", mbedtls_camellia_self_test }, -#endif -#if defined(MBEDTLS_ARIA_C) - { "aria", mbedtls_aria_self_test }, -#endif -#if defined(MBEDTLS_CTR_DRBG_C) - { "ctr_drbg", mbedtls_ctr_drbg_self_test }, -#endif -#if defined(MBEDTLS_HMAC_DRBG_C) - { "hmac_drbg", mbedtls_hmac_drbg_self_test }, -#endif -#if defined(MBEDTLS_ECP_C) - { "ecp", mbedtls_ecp_self_test }, -#endif -#if defined(MBEDTLS_ECJPAKE_C) - { "ecjpake", mbedtls_ecjpake_self_test }, -#endif -#if defined(MBEDTLS_DHM_C) - { "dhm", mbedtls_dhm_self_test }, -#endif -#if defined(MBEDTLS_ENTROPY_C) - { "entropy", mbedtls_entropy_self_test_wrapper }, -#endif -#if defined(MBEDTLS_PKCS5_C) - { "pkcs5", mbedtls_pkcs5_self_test }, -#endif -/* Heap test comes last */ -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - { "memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test }, -#endif - { NULL, NULL } -}; -#endif /* MBEDTLS_SELF_TEST */ - -int main(int argc, char *argv[]) -{ -#if defined(MBEDTLS_SELF_TEST) - const selftest_t *test; -#endif /* MBEDTLS_SELF_TEST */ - char **argp; - int v = 1; /* v=1 for verbose mode */ - int exclude_mode = 0; - int suites_tested = 0, suites_failed = 0; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) - unsigned char buf[1000000]; -#endif - void *pointer; - - /* - * Check some basic platform requirements as specified in README.md - */ - if (SIZE_MAX < INT_MAX || SIZE_MAX < UINT_MAX) { - mbedtls_printf("SIZE_MAX must be at least as big as INT_MAX and UINT_MAX\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - if (sizeof(int) < 4) { - mbedtls_printf("int must be at least 32 bits\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - if (sizeof(size_t) < 4) { - mbedtls_printf("size_t must be at least 32 bits\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - uint32_t endian_test = 0x12345678; - char *p = (char *) &endian_test; - if (!(p[0] == 0x12 && p[1] == 0x34 && p[2] == 0x56 && p[3] == 0x78) && - !(p[3] == 0x12 && p[2] == 0x34 && p[1] == 0x56 && p[0] == 0x78)) { - mbedtls_printf("Mixed-endian platforms are not supported\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* - * The C standard doesn't guarantee that all-bits-0 is the representation - * of a NULL pointer. We do however use that in our code for initializing - * structures, which should work on every modern platform. Let's be sure. - */ - memset(&pointer, 0, sizeof(void *)); - if (pointer != NULL) { - mbedtls_printf("all-bits-zero is not a NULL pointer\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* - * The C standard allows padding bits in the representation - * of standard integer types, but our code does currently not - * support them. - * - * Here we check that the underlying C implementation doesn't - * use padding bits, and fail cleanly if it does. - * - * The check works by casting the maximum value representable - * by a given integer type into the unpadded integer type of the - * same bit-width and checking that it agrees with the maximum value - * of that unpadded type. For example, for a 4-byte int, - * MAX_INT should be 0x7fffffff in int32_t. This assumes that - * CHAR_BIT == 8, which is checked in check_config.h. - * - * We assume that [u]intxx_t exist and that they don't - * have padding bits, as the standard requires. - */ - -#define CHECK_PADDING_SIGNED(TYPE, NAME) \ - do \ - { \ - if (sizeof(TYPE) == 2 || sizeof(TYPE) == 4 || \ - sizeof(TYPE) == 8) { \ - if ((sizeof(TYPE) == 2 && \ - (int16_t) NAME ## _MAX != 0x7FFF) || \ - (sizeof(TYPE) == 4 && \ - (int32_t) NAME ## _MAX != 0x7FFFFFFF) || \ - (sizeof(TYPE) == 8 && \ - (int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF)) \ - { \ - mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } else { \ - mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \ - sizeof(TYPE)); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } while (0) - -#define CHECK_PADDING_UNSIGNED(TYPE, NAME) \ - do \ - { \ - if ((sizeof(TYPE) == 2 && \ - (uint16_t) NAME ## _MAX != 0xFFFF) || \ - (sizeof(TYPE) == 4 && \ - (uint32_t) NAME ## _MAX != 0xFFFFFFFF) || \ - (sizeof(TYPE) == 8 && \ - (uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF)) \ - { \ - mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } while (0) - - CHECK_PADDING_SIGNED(short, SHRT); - CHECK_PADDING_SIGNED(int, INT); - CHECK_PADDING_SIGNED(long, LONG); - CHECK_PADDING_SIGNED(long long, LLONG); - CHECK_PADDING_SIGNED(ptrdiff_t, PTRDIFF); - - CHECK_PADDING_UNSIGNED(unsigned short, USHRT); - CHECK_PADDING_UNSIGNED(unsigned, UINT); - CHECK_PADDING_UNSIGNED(unsigned long, ULONG); - CHECK_PADDING_UNSIGNED(unsigned long long, ULLONG); - CHECK_PADDING_UNSIGNED(size_t, SIZE); - -#undef CHECK_PADDING_SIGNED -#undef CHECK_PADDING_UNSIGNED - - /* - * Make sure we have a snprintf that correctly zero-terminates - */ - if (run_test_snprintf() != 0) { - mbedtls_printf("the snprintf implementation is broken\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) { - if (strcmp(*argp, "--quiet") == 0 || - strcmp(*argp, "-q") == 0) { - v = 0; - } else if (strcmp(*argp, "--exclude") == 0 || - strcmp(*argp, "-x") == 0) { - exclude_mode = 1; - } else { - break; - } - } - - if (v != 0) { - mbedtls_printf("\n"); - } - -#if defined(MBEDTLS_SELF_TEST) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(buf, sizeof(buf)); -#endif - - if (*argp != NULL && exclude_mode == 0) { - /* Run the specified tests */ - for (; *argp != NULL; argp++) { - for (test = selftests; test->name != NULL; test++) { - if (!strcmp(*argp, test->name)) { - if (test->function(v) != 0) { - suites_failed++; - } - suites_tested++; - break; - } - } - if (test->name == NULL) { - mbedtls_printf(" Test suite %s not available -> failed\n\n", *argp); - suites_failed++; - } - } - } else { - /* Run all the tests except excluded ones */ - for (test = selftests; test->name != NULL; test++) { - if (exclude_mode) { - char **excluded; - for (excluded = argp; *excluded != NULL; ++excluded) { - if (!strcmp(*excluded, test->name)) { - break; - } - } - if (*excluded) { - if (v) { - mbedtls_printf(" Skip: %s\n", test->name); - } - continue; - } - } - if (test->function(v) != 0) { - suites_failed++; - } - suites_tested++; - } - } - -#else - (void) exclude_mode; - mbedtls_printf(" MBEDTLS_SELF_TEST not defined.\n"); -#endif - - if (v != 0) { - mbedtls_printf(" Executed %d test suites\n\n", suites_tested); - - if (suites_failed > 0) { - mbedtls_printf(" [ %d tests FAIL ]\n\n", suites_failed); - } else { - mbedtls_printf(" [ All tests PASS ]\n\n"); - } - } - - if (suites_failed > 0) { - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); -} diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c deleted file mode 100644 index 43d2e8cf7..000000000 --- a/programs/test/udp_proxy.c +++ /dev/null @@ -1,964 +0,0 @@ -/* - * UDP proxy: emulate an unreliable UDP connection for DTLS testing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * Warning: this is an internal utility program we use for tests. - * It does break some abstractions from the NET layer, and is thus NOT an - * example of good general usage. - */ - - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#include -#if defined(MBEDTLS_HAVE_TIME) -#include -#define mbedtls_time time -#define mbedtls_time_t time_t -#endif -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ - -#if !defined(MBEDTLS_NET_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_NET_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "mbedtls/ssl.h" -#include "mbedtls/timing.h" - -#include - -/* For select() */ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) -#include -#include -#if defined(_MSC_VER) -#if defined(_WIN32_WCE) -#pragma comment( lib, "ws2.lib" ) -#else -#pragma comment( lib, "ws2_32.lib" ) -#endif -#endif /* _MSC_VER */ -#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ -#if defined(MBEDTLS_HAVE_TIME) || (defined(MBEDTLS_TIMING_C) && !defined(MBEDTLS_TIMING_ALT)) -#include -#endif -#include -#include -#include -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -#define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */ - -#define DFL_SERVER_ADDR "localhost" -#define DFL_SERVER_PORT "4433" -#define DFL_LISTEN_ADDR "localhost" -#define DFL_LISTEN_PORT "5556" -#define DFL_PACK 0 - -#if defined(MBEDTLS_TIMING_C) -#define USAGE_PACK \ - " pack=%%d default: 0 (don't pack)\n" \ - " options: t > 0 (pack for t milliseconds)\n" -#else -#define USAGE_PACK -#endif - -#define USAGE \ - "\n usage: udp_proxy param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_addr=%%s default: localhost\n" \ - " server_port=%%d default: 4433\n" \ - " listen_addr=%%s default: localhost\n" \ - " listen_port=%%d default: 4433\n" \ - "\n" \ - " duplicate=%%d default: 0 (no duplication)\n" \ - " duplicate about 1:N packets randomly\n" \ - " delay=%%d default: 0 (no delayed packets)\n" \ - " delay about 1:N packets randomly\n" \ - " delay_ccs=0/1 default: 0 (don't delay ChangeCipherSpec)\n" \ - " delay_cli=%%s Handshake message from client that should be\n" \ - " delayed. Possible values are 'ClientHello',\n" \ - " 'Certificate', 'CertificateVerify', and\n" \ - " 'ClientKeyExchange'.\n" \ - " May be used multiple times, even for the same\n" \ - " message, in which case the respective message\n" \ - " gets delayed multiple times.\n" \ - " delay_srv=%%s Handshake message from server that should be\n" \ - " delayed. Possible values are 'HelloRequest',\n" \ - " 'ServerHello', 'ServerHelloDone', 'Certificate'\n" \ - " 'ServerKeyExchange', 'NewSessionTicket',\n" \ - " 'HelloVerifyRequest' and ''CertificateRequest'.\n" \ - " May be used multiple times, even for the same\n" \ - " message, in which case the respective message\n" \ - " gets delayed multiple times.\n" \ - " drop=%%d default: 0 (no dropped packets)\n" \ - " drop about 1:N packets randomly\n" \ - " mtu=%%d default: 0 (unlimited)\n" \ - " drop packets larger than N bytes\n" \ - " bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \ - " bad_cid=%%d default: 0 (don't corrupt Connection IDs)\n" \ - " duplicate 1:N packets containing a CID,\n" \ - " modifying CID in first instance of the packet.\n" \ - " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \ - " protect_len=%%d default: (don't protect packets of this size)\n" \ - " inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \ - "\n" \ - " seed=%%d default: (use current time)\n" \ - USAGE_PACK \ - "\n" - -/* - * global options - */ - -#define MAX_DELAYED_HS 10 - -static struct options { - const char *server_addr; /* address to forward packets to */ - const char *server_port; /* port to forward packets to */ - const char *listen_addr; /* address for accepting client connections */ - const char *listen_port; /* port for accepting client connections */ - - int duplicate; /* duplicate 1 in N packets (none if 0) */ - int delay; /* delay 1 packet in N (none if 0) */ - int delay_ccs; /* delay ChangeCipherSpec */ - char *delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from - * client that should be delayed. */ - uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */ - char *delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from - * server that should be delayed. */ - uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */ - int drop; /* drop 1 packet in N (none if 0) */ - int mtu; /* drop packets larger than this */ - int bad_ad; /* inject corrupted ApplicationData record */ - unsigned bad_cid; /* inject corrupted CID record */ - int protect_hvr; /* never drop or delay HelloVerifyRequest */ - int protect_len; /* never drop/delay packet of the given size*/ - int inject_clihlo; /* inject fake ClientHello after handshake */ - unsigned pack; /* merge packets into single datagram for - * at most \c merge milliseconds if > 0 */ - unsigned int seed; /* seed for "random" events */ -} opt; - -static void exit_usage(const char *name, const char *value) -{ - if (value == NULL) { - mbedtls_printf(" unknown option or missing value: %s\n", name); - } else { - mbedtls_printf(" option %s: illegal value: %s\n", name, value); - } - - mbedtls_printf(USAGE); - mbedtls_exit(1); -} - -static void get_options(int argc, char *argv[]) -{ - int i; - char *p, *q; - - opt.server_addr = DFL_SERVER_ADDR; - opt.server_port = DFL_SERVER_PORT; - opt.listen_addr = DFL_LISTEN_ADDR; - opt.listen_port = DFL_LISTEN_PORT; - opt.pack = DFL_PACK; - /* Other members default to 0 */ - - opt.delay_cli_cnt = 0; - opt.delay_srv_cnt = 0; - memset(opt.delay_cli, 0, sizeof(opt.delay_cli)); - memset(opt.delay_srv, 0, sizeof(opt.delay_srv)); - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - exit_usage(p, NULL); - } - *q++ = '\0'; - - if (strcmp(p, "server_addr") == 0) { - opt.server_addr = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "listen_addr") == 0) { - opt.listen_addr = q; - } else if (strcmp(p, "listen_port") == 0) { - opt.listen_port = q; - } else if (strcmp(p, "duplicate") == 0) { - opt.duplicate = atoi(q); - if (opt.duplicate < 0 || opt.duplicate > 20) { - exit_usage(p, q); - } - } else if (strcmp(p, "delay") == 0) { - opt.delay = atoi(q); - if (opt.delay < 0 || opt.delay > 20 || opt.delay == 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "delay_ccs") == 0) { - opt.delay_ccs = atoi(q); - if (opt.delay_ccs < 0 || opt.delay_ccs > 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "delay_cli") == 0 || - strcmp(p, "delay_srv") == 0) { - uint8_t *delay_cnt; - char **delay_list; - size_t len; - char *buf; - - if (strcmp(p, "delay_cli") == 0) { - delay_cnt = &opt.delay_cli_cnt; - delay_list = opt.delay_cli; - } else { - delay_cnt = &opt.delay_srv_cnt; - delay_list = opt.delay_srv; - } - - if (*delay_cnt == MAX_DELAYED_HS) { - mbedtls_printf(" too many uses of %s: only %d allowed\n", - p, MAX_DELAYED_HS); - exit_usage(p, NULL); - } - - len = strlen(q); - buf = mbedtls_calloc(1, len + 1); - if (buf == NULL) { - mbedtls_printf(" Allocation failure\n"); - exit(1); - } - memcpy(buf, q, len + 1); - - delay_list[(*delay_cnt)++] = buf; - } else if (strcmp(p, "drop") == 0) { - opt.drop = atoi(q); - if (opt.drop < 0 || opt.drop > 20 || opt.drop == 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "pack") == 0) { -#if defined(MBEDTLS_TIMING_C) - opt.pack = (unsigned) atoi(q); -#else - mbedtls_printf(" option pack only defined if MBEDTLS_TIMING_C is enabled\n"); - exit(1); -#endif - } else if (strcmp(p, "mtu") == 0) { - opt.mtu = atoi(q); - if (opt.mtu < 0 || opt.mtu > MAX_MSG_SIZE) { - exit_usage(p, q); - } - } else if (strcmp(p, "bad_ad") == 0) { - opt.bad_ad = atoi(q); - if (opt.bad_ad < 0 || opt.bad_ad > 1) { - exit_usage(p, q); - } - } -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - else if (strcmp(p, "bad_cid") == 0) { - opt.bad_cid = (unsigned) atoi(q); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if (strcmp(p, "protect_hvr") == 0) { - opt.protect_hvr = atoi(q); - if (opt.protect_hvr < 0 || opt.protect_hvr > 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "protect_len") == 0) { - opt.protect_len = atoi(q); - if (opt.protect_len < 0) { - exit_usage(p, q); - } - } else if (strcmp(p, "inject_clihlo") == 0) { - opt.inject_clihlo = atoi(q); - if (opt.inject_clihlo < 0 || opt.inject_clihlo > 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "seed") == 0) { - opt.seed = atoi(q); - if (opt.seed == 0) { - exit_usage(p, q); - } - } else { - exit_usage(p, NULL); - } - } -} - -static const char *msg_type(unsigned char *msg, size_t len) -{ - if (len < 1) { - return "Invalid"; - } - switch (msg[0]) { - case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return "ChangeCipherSpec"; - case MBEDTLS_SSL_MSG_ALERT: return "Alert"; - case MBEDTLS_SSL_MSG_APPLICATION_DATA: return "ApplicationData"; - case MBEDTLS_SSL_MSG_CID: return "CID"; - case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */ - default: return "Unknown"; - } - - if (len < 13 + 12) { - return "Invalid handshake"; - } - - /* - * Our handshake message are less than 2^16 bytes long, so they should - * have 0 as the first byte of length, frag_offset and frag_length. - * Otherwise, assume they are encrypted. - */ - if (msg[14] || msg[19] || msg[22]) { - return "Encrypted handshake"; - } - - switch (msg[13]) { - case MBEDTLS_SSL_HS_HELLO_REQUEST: return "HelloRequest"; - case MBEDTLS_SSL_HS_CLIENT_HELLO: return "ClientHello"; - case MBEDTLS_SSL_HS_SERVER_HELLO: return "ServerHello"; - case MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: return "HelloVerifyRequest"; - case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: return "NewSessionTicket"; - case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate"; - case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: return "ServerKeyExchange"; - case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest"; - case MBEDTLS_SSL_HS_SERVER_HELLO_DONE: return "ServerHelloDone"; - case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: return "CertificateVerify"; - case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: return "ClientKeyExchange"; - case MBEDTLS_SSL_HS_FINISHED: return "Finished"; - default: return "Unknown handshake"; - } -} - -#if defined(MBEDTLS_TIMING_C) -/* Return elapsed time in milliseconds since the first call */ -static unsigned elapsed_time(void) -{ - static int initialized = 0; - static struct mbedtls_timing_hr_time hires; - - if (initialized == 0) { - (void) mbedtls_timing_get_timer(&hires, 1); - initialized = 1; - return 0; - } - - return mbedtls_timing_get_timer(&hires, 0); -} - -typedef struct { - mbedtls_net_context *ctx; - - const char *description; - - unsigned packet_lifetime; - unsigned num_datagrams; - - unsigned char data[MAX_MSG_SIZE]; - size_t len; - -} ctx_buffer; - -static ctx_buffer outbuf[2]; - -static int ctx_buffer_flush(ctx_buffer *buf) -{ - int ret; - - mbedtls_printf(" %05u flush %s: %u bytes, %u datagrams, last %u ms\n", - elapsed_time(), buf->description, - (unsigned) buf->len, buf->num_datagrams, - elapsed_time() - buf->packet_lifetime); - - ret = mbedtls_net_send(buf->ctx, buf->data, buf->len); - - buf->len = 0; - buf->num_datagrams = 0; - - return ret; -} - -static unsigned ctx_buffer_time_remaining(ctx_buffer *buf) -{ - unsigned const cur_time = elapsed_time(); - - if (buf->num_datagrams == 0) { - return (unsigned) -1; - } - - if (cur_time - buf->packet_lifetime >= opt.pack) { - return 0; - } - - return opt.pack - (cur_time - buf->packet_lifetime); -} - -static int ctx_buffer_append(ctx_buffer *buf, - const unsigned char *data, - size_t len) -{ - int ret; - - if (len > (size_t) INT_MAX) { - return -1; - } - - if (len > sizeof(buf->data)) { - mbedtls_printf(" ! buffer size %u too large (max %u)\n", - (unsigned) len, (unsigned) sizeof(buf->data)); - return -1; - } - - if (sizeof(buf->data) - buf->len < len) { - if ((ret = ctx_buffer_flush(buf)) <= 0) { - mbedtls_printf("ctx_buffer_flush failed with -%#04x", (unsigned int) -ret); - return ret; - } - } - - memcpy(buf->data + buf->len, data, len); - - buf->len += len; - if (++buf->num_datagrams == 1) { - buf->packet_lifetime = elapsed_time(); - } - - return (int) len; -} -#endif /* MBEDTLS_TIMING_C */ - -static int dispatch_data(mbedtls_net_context *ctx, - const unsigned char *data, - size_t len) -{ - int ret; -#if defined(MBEDTLS_TIMING_C) - ctx_buffer *buf = NULL; - if (opt.pack > 0) { - if (outbuf[0].ctx == ctx) { - buf = &outbuf[0]; - } else if (outbuf[1].ctx == ctx) { - buf = &outbuf[1]; - } - - if (buf == NULL) { - return -1; - } - - return ctx_buffer_append(buf, data, len); - } -#endif /* MBEDTLS_TIMING_C */ - - ret = mbedtls_net_send(ctx, data, len); - if (ret < 0) { - mbedtls_printf("net_send returned -%#04x\n", (unsigned int) -ret); - } - return ret; -} - -typedef struct { - mbedtls_net_context *dst; - const char *way; - const char *type; - unsigned len; - unsigned char buf[MAX_MSG_SIZE]; -} packet; - -/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */ -static void print_packet(const packet *p, const char *why) -{ -#if defined(MBEDTLS_TIMING_C) - if (why == NULL) { - mbedtls_printf(" %05u dispatch %s %s (%u bytes)\n", - elapsed_time(), p->way, p->type, p->len); - } else { - mbedtls_printf(" %05u dispatch %s %s (%u bytes): %s\n", - elapsed_time(), p->way, p->type, p->len, why); - } -#else - if (why == NULL) { - mbedtls_printf(" dispatch %s %s (%u bytes)\n", - p->way, p->type, p->len); - } else { - mbedtls_printf(" dispatch %s %s (%u bytes): %s\n", - p->way, p->type, p->len, why); - } -#endif - - fflush(stdout); -} - -/* - * In order to test the server's behaviour when receiving a ClientHello after - * the connection is established (this could be a hard reset from the client, - * but the server must not drop the existing connection before establishing - * client reachability, see RFC 6347 Section 4.2.8), we memorize the first - * ClientHello we see (which can't have a cookie), then replay it after the - * first ApplicationData record - then we're done. - * - * This is controlled by the inject_clihlo option. - * - * We want an explicit state and a place to store the packet. - */ -typedef enum { - ICH_INIT, /* haven't seen the first ClientHello yet */ - ICH_CACHED, /* cached the initial ClientHello */ - ICH_INJECTED, /* ClientHello already injected, done */ -} inject_clihlo_state_t; - -static inject_clihlo_state_t inject_clihlo_state; -static packet initial_clihlo; - -static int send_packet(const packet *p, const char *why) -{ - int ret; - mbedtls_net_context *dst = p->dst; - - /* save initial ClientHello? */ - if (opt.inject_clihlo != 0 && - inject_clihlo_state == ICH_INIT && - strcmp(p->type, "ClientHello") == 0) { - memcpy(&initial_clihlo, p, sizeof(packet)); - inject_clihlo_state = ICH_CACHED; - } - - /* insert corrupted CID record? */ - if (opt.bad_cid != 0 && - strcmp(p->type, "CID") == 0 && - (rand() % opt.bad_cid) == 0) { - unsigned char buf[MAX_MSG_SIZE]; - memcpy(buf, p->buf, p->len); - - /* The CID resides at offset 11 in the DTLS record header. */ - buf[11] ^= 1; - print_packet(p, "modified CID"); - - if ((ret = dispatch_data(dst, buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - } - - /* insert corrupted ApplicationData record? */ - if (opt.bad_ad && - strcmp(p->type, "ApplicationData") == 0) { - unsigned char buf[MAX_MSG_SIZE]; - memcpy(buf, p->buf, p->len); - - if (p->len <= 13) { - mbedtls_printf(" ! can't corrupt empty AD record"); - } else { - ++buf[13]; - print_packet(p, "corrupted"); - } - - if ((ret = dispatch_data(dst, buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - } - - print_packet(p, why); - if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - - /* Don't duplicate Application Data, only handshake covered */ - if (opt.duplicate != 0 && - strcmp(p->type, "ApplicationData") != 0 && - rand() % opt.duplicate == 0) { - print_packet(p, "duplicated"); - - if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - } - - /* Inject ClientHello after first ApplicationData */ - if (opt.inject_clihlo != 0 && - inject_clihlo_state == ICH_CACHED && - strcmp(p->type, "ApplicationData") == 0) { - print_packet(&initial_clihlo, "injected"); - - if ((ret = dispatch_data(dst, initial_clihlo.buf, - initial_clihlo.len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - - inject_clihlo_state = ICH_INJECTED; - } - - return 0; -} - -#define MAX_DELAYED_MSG 5 -static size_t prev_len; -static packet prev[MAX_DELAYED_MSG]; - -static void clear_pending(void) -{ - memset(&prev, 0, sizeof(prev)); - prev_len = 0; -} - -static void delay_packet(packet *delay) -{ - if (prev_len == MAX_DELAYED_MSG) { - return; - } - - memcpy(&prev[prev_len++], delay, sizeof(packet)); -} - -static int send_delayed(void) -{ - uint8_t offset; - int ret; - for (offset = 0; offset < prev_len; offset++) { - ret = send_packet(&prev[offset], "delayed"); - if (ret != 0) { - return ret; - } - } - - clear_pending(); - return 0; -} - -/* - * Avoid dropping or delaying a packet that was already dropped or delayed - * ("held") twice: this only results in uninteresting timeouts. We can't rely - * on type to identify packets, since during renegotiation they're all - * encrypted. So, rely on size mod 2048 (which is usually just size). - * - * We only hold packets at the level of entire datagrams, not at the level - * of records. In particular, if the peer changes the way it packs multiple - * records into a single datagram, we don't necessarily count the number of - * times a record has been held correctly. However, the only known reason - * why a peer would change datagram packing is disabling the latter on - * retransmission, in which case we'd hold involved records at most - * HOLD_MAX + 1 times. - */ -static unsigned char held[2048] = { 0 }; -#define HOLD_MAX 2 - -static int handle_message(const char *way, - mbedtls_net_context *dst, - mbedtls_net_context *src) -{ - int ret; - packet cur; - size_t id; - - uint8_t delay_idx; - char **delay_list; - uint8_t delay_list_len; - - /* receive packet */ - if ((ret = mbedtls_net_recv(src, cur.buf, sizeof(cur.buf))) <= 0) { - mbedtls_printf(" ! mbedtls_net_recv returned %d\n", ret); - return ret; - } - - cur.len = ret; - cur.type = msg_type(cur.buf, cur.len); - cur.way = way; - cur.dst = dst; - print_packet(&cur, NULL); - - id = cur.len % sizeof(held); - - if (strcmp(way, "S <- C") == 0) { - delay_list = opt.delay_cli; - delay_list_len = opt.delay_cli_cnt; - } else { - delay_list = opt.delay_srv; - delay_list_len = opt.delay_srv_cnt; - } - - /* Check if message type is in the list of messages - * that should be delayed */ - for (delay_idx = 0; delay_idx < delay_list_len; delay_idx++) { - if (delay_list[delay_idx] == NULL) { - continue; - } - - if (strcmp(delay_list[delay_idx], cur.type) == 0) { - /* Delay message */ - delay_packet(&cur); - - /* Remove entry from list */ - mbedtls_free(delay_list[delay_idx]); - delay_list[delay_idx] = NULL; - - return 0; - } - } - - /* do we want to drop, delay, or forward it? */ - if ((opt.mtu != 0 && - cur.len > (unsigned) opt.mtu) || - (opt.drop != 0 && - strcmp(cur.type, "CID") != 0 && - strcmp(cur.type, "ApplicationData") != 0 && - !(opt.protect_hvr && - strcmp(cur.type, "HelloVerifyRequest") == 0) && - cur.len != (size_t) opt.protect_len && - held[id] < HOLD_MAX && - rand() % opt.drop == 0)) { - ++held[id]; - } else if ((opt.delay_ccs == 1 && - strcmp(cur.type, "ChangeCipherSpec") == 0) || - (opt.delay != 0 && - strcmp(cur.type, "CID") != 0 && - strcmp(cur.type, "ApplicationData") != 0 && - !(opt.protect_hvr && - strcmp(cur.type, "HelloVerifyRequest") == 0) && - cur.len != (size_t) opt.protect_len && - held[id] < HOLD_MAX && - rand() % opt.delay == 0)) { - ++held[id]; - delay_packet(&cur); - } else { - /* forward and possibly duplicate */ - if ((ret = send_packet(&cur, "forwarded")) != 0) { - return ret; - } - - /* send previously delayed messages if any */ - ret = send_delayed(); - if (ret != 0) { - return ret; - } - } - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - uint8_t delay_idx; - - mbedtls_net_context listen_fd, client_fd, server_fd; - -#if defined(MBEDTLS_TIMING_C) - struct timeval tm; -#endif - - struct timeval *tm_ptr = NULL; - - int nb_fds; - fd_set read_fds; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_net_init(&server_fd); - - get_options(argc, argv); - - /* - * Decisions to drop/delay/duplicate packets are pseudo-random: dropping - * exactly 1 in N packets would lead to problems when a flight has exactly - * N packets: the same packet would be dropped on every resend. - * - * In order to be able to reproduce problems reliably, the seed may be - * specified explicitly. - */ - if (opt.seed == 0) { -#if defined(MBEDTLS_HAVE_TIME) - opt.seed = (unsigned int) mbedtls_time(NULL); -#else - opt.seed = 1; -#endif /* MBEDTLS_HAVE_TIME */ - mbedtls_printf(" . Pseudo-random seed: %u\n", opt.seed); - } - - srand(opt.seed); - - /* - * 0. "Connect" to the server - */ - mbedtls_printf(" . Connect to server on UDP/%s/%s ...", - opt.server_addr, opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, opt.server_addr, opt.server_port, - MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1. Setup the "listening" UDP socket - */ - mbedtls_printf(" . Bind on UDP/%s/%s ...", - opt.listen_addr, opt.listen_port); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, opt.listen_addr, opt.listen_port, - MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Wait until a client connects - */ -accept: - mbedtls_net_free(&client_fd); - - mbedtls_printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 3. Forward packets forever (kill the process to terminate it) - */ - clear_pending(); - memset(held, 0, sizeof(held)); - - nb_fds = client_fd.fd; - if (nb_fds < server_fd.fd) { - nb_fds = server_fd.fd; - } - if (nb_fds < listen_fd.fd) { - nb_fds = listen_fd.fd; - } - ++nb_fds; - -#if defined(MBEDTLS_TIMING_C) - if (opt.pack > 0) { - outbuf[0].ctx = &server_fd; - outbuf[0].description = "S <- C"; - outbuf[0].num_datagrams = 0; - outbuf[0].len = 0; - - outbuf[1].ctx = &client_fd; - outbuf[1].description = "S -> C"; - outbuf[1].num_datagrams = 0; - outbuf[1].len = 0; - } -#endif /* MBEDTLS_TIMING_C */ - - while (1) { -#if defined(MBEDTLS_TIMING_C) - if (opt.pack > 0) { - unsigned max_wait_server, max_wait_client, max_wait; - max_wait_server = ctx_buffer_time_remaining(&outbuf[0]); - max_wait_client = ctx_buffer_time_remaining(&outbuf[1]); - - max_wait = (unsigned) -1; - - if (max_wait_server == 0) { - ctx_buffer_flush(&outbuf[0]); - } else { - max_wait = max_wait_server; - } - - if (max_wait_client == 0) { - ctx_buffer_flush(&outbuf[1]); - } else { - if (max_wait_client < max_wait) { - max_wait = max_wait_client; - } - } - - if (max_wait != (unsigned) -1) { - tm.tv_sec = max_wait / 1000; - tm.tv_usec = (max_wait % 1000) * 1000; - - tm_ptr = &tm; - } else { - tm_ptr = NULL; - } - } -#endif /* MBEDTLS_TIMING_C */ - - FD_ZERO(&read_fds); - FD_SET(server_fd.fd, &read_fds); - FD_SET(client_fd.fd, &read_fds); - FD_SET(listen_fd.fd, &read_fds); - - if ((ret = select(nb_fds, &read_fds, NULL, NULL, tm_ptr)) < 0) { - perror("select"); - goto exit; - } - - if (FD_ISSET(listen_fd.fd, &read_fds)) { - goto accept; - } - - if (FD_ISSET(client_fd.fd, &read_fds)) { - if ((ret = handle_message("S <- C", - &server_fd, &client_fd)) != 0) { - goto accept; - } - } - - if (FD_ISSET(server_fd.fd, &read_fds)) { - if ((ret = handle_message("S -> C", - &client_fd, &server_fd)) != 0) { - goto accept; - } - } - - } - -exit: - -#ifdef MBEDTLS_ERROR_C - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf); - fflush(stdout); - } -#endif - - for (delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++) { - mbedtls_free(opt.delay_cli[delay_idx]); - mbedtls_free(opt.delay_srv[delay_idx]); - } - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&server_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_exit(exit_code); -} - -#endif /* MBEDTLS_NET_C */ diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh deleted file mode 100755 index aa6a6d10f..000000000 --- a/programs/test/udp_proxy_wrapper.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -# -*-sh-basic-offset: 4-*- -# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -u - -MBEDTLS_BASE="$(dirname -- "$0")/../.." -TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy" -SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" - -: ${VERBOSE:=0} - -stop_proxy() { - if [ -n "${tpxy_pid:-}" ]; then - echo - echo " * Killing proxy (pid $tpxy_pid) ..." - kill $tpxy_pid - fi -} - -stop_server() { - if [ -n "${srv_pid:-}" ]; then - echo - echo " * Killing server (pid $srv_pid) ..." - kill $srv_pid >/dev/null 2>/dev/null - fi -} - -cleanup() { - stop_server - stop_proxy - exit 129 -} - -trap cleanup INT TERM HUP - -# Extract the proxy parameters -tpxy_cmd_snippet='"$TPXY_BIN"' -while [ $# -ne 0 ] && [ "$1" != "--" ]; do - tail="$1" quoted="" - while [ -n "$tail" ]; do - case "$tail" in - *\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";; - *) quoted="${quoted}${tail}"; tail=; false;; - esac - done - tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'" - shift -done -unset tail quoted -if [ $# -eq 0 ]; then - echo " * No server arguments (must be preceded by \" -- \") - exit" - exit 3 -fi -shift - -dtls_enabled= -ipv6_in_use= -server_port_orig= -server_addr_orig= -for param; do - case "$param" in - server_port=*) server_port_orig="${param#*=}";; - server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;; - server_addr=*) server_addr_orig="${param#*=}";; - dtls=[!0]*) dtls_enabled=1;; - esac -done - -if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then - echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." - if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_BIN $* ]" - fi - exec "$SRV_BIN" "$@" -fi - -if [ -z "$server_port_orig" ]; then - server_port_orig=4433 -fi -echo " * Server port: $server_port_orig" -tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\"" -tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\"" - -if [ -n "$server_addr_orig" ]; then - echo " * Server address: $server_addr_orig" - tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\"" - tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\"" -fi - -server_port=$(( server_port_orig + 1 )) -set -- "$@" "server_port=$server_port" -echo " * Intermediate port: $server_port" - -echo " * Start proxy in background ..." -if [ $VERBOSE -gt 0 ]; then - echo "[ $tpxy_cmd_snippet ]" -fi -eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 & -tpxy_pid=$! - -if [ $VERBOSE -gt 0 ]; then - echo " * Proxy ID: $TPXY_PID" -fi - -echo " * Starting server ..." -if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_BIN $* ]" -fi - -exec "$SRV_BIN" "$@" >&2 & -srv_pid=$! - -wait $srv_pid - -stop_proxy -return 0 diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c deleted file mode 100644 index c1cee0d84..000000000 --- a/programs/test/zeroize.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Zeroize application for debugger-driven testing - * - * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler - * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last - * return statement in the main() function of this program. The debugger - * facilities are then used to manually inspect the memory and verify that the - * call to mbedtls_platform_zeroize() was not eliminated. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/platform_util.h" - -#define BUFFER_LEN 1024 - -static void usage(void) -{ - mbedtls_printf("Zeroize is a simple program to assist with testing\n"); - mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); - mbedtls_printf("debugger. This program takes a file as input and\n"); - mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN); - mbedtls_printf(" zeroize \n"); -} - -int main(int argc, char **argv) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - FILE *fp; - char buf[BUFFER_LEN]; - char *p = buf; - char *end = p + BUFFER_LEN; - int c; - - if (argc != 2) { - mbedtls_printf("This program takes exactly 1 argument\n"); - usage(); - mbedtls_exit(exit_code); - } - - fp = fopen(argv[1], "r"); - if (fp == NULL) { - mbedtls_printf("Could not open file '%s'\n", argv[1]); - mbedtls_exit(exit_code); - } - - while ((c = fgetc(fp)) != EOF && p < end - 1) { - *p++ = (char) c; - } - *p = '\0'; - - if (p - buf != 0) { - mbedtls_printf("%s\n", buf); - exit_code = MBEDTLS_EXIT_SUCCESS; - } else { - mbedtls_printf("The file is empty!\n"); - } - - fclose(fp); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment! -} diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt deleted file mode 100644 index c1b6b7586..000000000 --- a/programs/util/CMakeLists.txt +++ /dev/null @@ -1,21 +0,0 @@ -set(libs - ${tfpsacrypto_target} - ${mbedx509_target} -) - -set(executables - pem2der - strerror -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c deleted file mode 100644 index 177365b87..000000000 --- a/programs/util/pem2der.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * Convert PEM to DER - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/error.h" -#include "mbedtls/base64.h" - -#include -#include -#include -#endif - -#define DFL_FILENAME "file.pem" -#define DFL_OUTPUT_FILENAME "file.der" - -#define USAGE \ - "\n usage: pem2der param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: file.pem\n" \ - " output_file=%%s default: file.der\n" \ - "\n" - -#if !defined(MBEDTLS_BASE64_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the input file */ - const char *output_file; /* where to store the output */ -} opt; - -static int convert_pem_to_der(const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen) -{ - int ret; - const unsigned char *s1, *s2, *end = input + ilen; - size_t len = 0; - - s1 = (unsigned char *) strstr((const char *) input, "-----BEGIN"); - if (s1 == NULL) { - return -1; - } - - s2 = (unsigned char *) strstr((const char *) input, "-----END"); - if (s2 == NULL) { - return -1; - } - - s1 += 10; - while (s1 < end && *s1 != '-') { - s1++; - } - while (s1 < end && *s1 == '-') { - s1++; - } - if (*s1 == '\r') { - s1++; - } - if (*s1 == '\n') { - s1++; - } - - if (s2 <= s1 || s2 > end) { - return -1; - } - - ret = mbedtls_base64_decode(NULL, 0, &len, (const unsigned char *) s1, s2 - s1); - if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { - return ret; - } - - if (len > *olen) { - return -1; - } - - if ((ret = mbedtls_base64_decode(output, len, &len, (const unsigned char *) s1, - s2 - s1)) != 0) { - return ret; - } - - *olen = len; - - return 0; -} - -/* - * Load all data from a file into a given buffer. - */ -static int load_file(const char *path, unsigned char **buf, size_t *n) -{ - FILE *f; - long size; - - if ((f = fopen(path, "rb")) == NULL) { - return -1; - } - - fseek(f, 0, SEEK_END); - if ((size = ftell(f)) == -1) { - fclose(f); - return -1; - } - fseek(f, 0, SEEK_SET); - - *n = (size_t) size; - - if (*n + 1 == 0 || - (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { - fclose(f); - return -1; - } - - if (fread(*buf, 1, *n, f) != *n) { - fclose(f); - free(*buf); - *buf = NULL; - return -1; - } - - fclose(f); - - (*buf)[*n] = '\0'; - - return 0; -} - -/* - * Write buffer to a file - */ -static int write_file(const char *path, unsigned char *buf, size_t n) -{ - FILE *f; - - if ((f = fopen(path, "wb")) == NULL) { - return -1; - } - - if (fwrite(buf, 1, n, f) != n) { - fclose(f); - return -1; - } - - fclose(f); - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned char *pem_buffer = NULL; - unsigned char der_buffer[4096]; - char buf[1024]; - size_t pem_size, der_size = sizeof(der_buffer); - int i; - char *p, *q; - - /* - * Set to sane values - */ - memset(buf, 0, sizeof(buf)); - memset(der_buffer, 0, sizeof(der_buffer)); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - opt.output_file = DFL_OUTPUT_FILENAME; - - for (i = 1; i < argc; i++) { - - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else { - goto usage; - } - } - - /* - * 1.1. Load the PEM file - */ - mbedtls_printf("\n . Loading the PEM file ..."); - fflush(stdout); - - ret = load_file(opt.filename, &pem_buffer, &pem_size); - - if (ret != 0) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, 1024); -#endif - mbedtls_printf(" failed\n ! load_file returned %d - %s\n\n", ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2. Convert from PEM to DER - */ - mbedtls_printf(" . Converting from PEM to DER ..."); - fflush(stdout); - - if ((ret = convert_pem_to_der(pem_buffer, pem_size, der_buffer, &der_size)) != 0) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, 1024); -#endif - mbedtls_printf(" failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.3. Write the DER file - */ - mbedtls_printf(" . Writing the DER file ..."); - fflush(stdout); - - ret = write_file(opt.output_file, der_buffer, der_size); - - if (ret != 0) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, 1024); -#endif - mbedtls_printf(" failed\n ! write_file returned %d - %s\n\n", ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - free(pem_buffer); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */ diff --git a/programs/util/strerror.c b/programs/util/strerror.c deleted file mode 100644 index 316f28614..000000000 --- a/programs/util/strerror.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Translate error code to error string - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) -#include "mbedtls/error.h" - -#include -#include -#include -#endif - -#define USAGE \ - "\n usage: strerror \n" \ - "\n where can be a decimal or hexadecimal (starts with 0x or -0x)\n" - -#if !defined(MBEDTLS_ERROR_C) && !defined(MBEDTLS_ERROR_STRERROR_DUMMY) -int main(void) -{ - mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n"); - mbedtls_exit(0); -} -#else -int main(int argc, char *argv[]) -{ - long int val; - char *end = argv[1]; - - if (argc != 2) { - mbedtls_printf(USAGE); - mbedtls_exit(0); - } - - val = strtol(argv[1], &end, 10); - if (*end != '\0') { - val = strtol(argv[1], &end, 16); - if (*end != '\0') { - mbedtls_printf(USAGE); - return 0; - } - } - if (val > 0) { - val = -val; - } - - if (val != 0) { - char error_buf[200]; - mbedtls_strerror(val, error_buf, 200); - mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf); - } - - mbedtls_exit(val); -} -#endif /* MBEDTLS_ERROR_C */ diff --git a/programs/wince_main.c b/programs/wince_main.c deleted file mode 100644 index e817b9f5f..000000000 --- a/programs/wince_main.c +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Windows CE console application entry point - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(_WIN32_WCE) - -#include - -extern int main(int, const char **); - -int _tmain(int argc, _TCHAR *targv[]) -{ - char **argv; - int i; - - argv = (char **) calloc(argc, sizeof(char *)); - - for (i = 0; i < argc; i++) { - size_t len; - len = _tcslen(targv[i]) + 1; - argv[i] = (char *) calloc(len, sizeof(char)); - wcstombs(argv[i], targv[i], len); - } - - return main(argc, argv); -} - -#endif /* defined(_WIN32_WCE) */ diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt deleted file mode 100644 index 9e63bf153..000000000 --- a/programs/x509/CMakeLists.txt +++ /dev/null @@ -1,28 +0,0 @@ -set(libs - ${mbedx509_target} -) - -set(executables - cert_app - cert_req - cert_write - crl_app - load_roots - req_app -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -target_link_libraries(cert_app ${mbedtls_target}) -# For mbedtls_timing_get_timer() -target_link_libraries(load_roots ${mbedtls_target}) - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c deleted file mode 100644 index cb1e5bc4e..000000000 --- a/programs/x509/cert_app.c +++ /dev/null @@ -1,456 +0,0 @@ -/* - * Certificate reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/x509.h" -#include "mbedtls/debug.h" - -#include -#include -#include - -#define MODE_NONE 0 -#define MODE_FILE 1 -#define MODE_SSL 2 - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "cert.crt" -#define DFL_CA_FILE "" -#define DFL_CRL_FILE "" -#define DFL_CA_PATH "" -#define DFL_SERVER_NAME "localhost" -#define DFL_SERVER_PORT "4433" -#define DFL_DEBUG_LEVEL 0 -#define DFL_PERMISSIVE 0 - -#define USAGE_IO \ - " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (none)\n" \ - " crl_file=%%s The single CRL file you want to use\n" \ - " default: \"\" (none)\n" \ - " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (none) (overrides ca_file)\n" - -#define USAGE \ - "\n usage: cert_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=file|ssl default: none\n" \ - " filename=%%s default: cert.crt\n" \ - USAGE_IO \ - " server_name=%%s default: localhost\n" \ - " server_port=%%d default: 4433\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " permissive=%%d default: 0 (disabled)\n" \ - "\n" - - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the certificate file */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *crl_file; /* the file with the CRL to use */ - const char *ca_path; /* the path with the CA certificate(s) reside */ - const char *server_name; /* hostname of the server (client only) */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int permissive; /* permissive parsing */ -} opt; - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) -{ - char buf[1024]; - ((void) data); - - mbedtls_printf("\nVerify requested for (Depth %d):\n", depth); - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); - mbedtls_printf("%s", buf); - - if ((*flags) == 0) { - mbedtls_printf(" This certificate has no flags\n"); - } else { - mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags); - mbedtls_printf("%s\n", buf); - } - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context server_fd; - unsigned char buf[1024]; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - mbedtls_x509_crl cacrl; - int i, j; - uint32_t flags; - int verify = 0; - char *p, *q; - const char *pers = "cert_app"; - - /* - * Set to sane values - */ - mbedtls_net_init(&server_fd); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - mbedtls_x509_crl_init(&cacrl); -#else - /* Zeroize structure as CRL parsing is not supported and we have to pass - it to the verify function */ - memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.ca_file = DFL_CA_FILE; - opt.crl_file = DFL_CRL_FILE; - opt.ca_path = DFL_CA_PATH; - opt.server_name = DFL_SERVER_NAME; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.permissive = DFL_PERMISSIVE; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - for (j = 0; p + j < q; j++) { - if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') { - argv[i][j] |= 0x20; - } - } - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "file") == 0) { - opt.mode = MODE_FILE; - } else if (strcmp(q, "ssl") == 0) { - opt.mode = MODE_SSL; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "crl_file") == 0) { - opt.crl_file = q; - } else if (strcmp(p, "ca_path") == 0) { - opt.ca_path = q; - } else if (strcmp(p, "server_name") == 0) { - opt.server_name = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "permissive") == 0) { - opt.permissive = atoi(q); - if (opt.permissive < 0 || opt.permissive > 1) { - goto usage; - } - } else { - goto usage; - } - } - - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - if (strlen(opt.ca_path)) { - if ((ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path)) < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - verify = 1; - } else if (strlen(opt.ca_file)) { - if ((ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file)) < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - verify = 1; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - if (strlen(opt.crl_file)) { - if ((ret = mbedtls_x509_crl_parse_file(&cacrl, opt.crl_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - verify = 1; - } -#endif - - if (opt.mode == MODE_FILE) { - mbedtls_x509_crt crt; - mbedtls_x509_crt *cur = &crt; - mbedtls_x509_crt_init(&crt); - - /* - * 1.1. Load the certificate(s) - */ - mbedtls_printf("\n . Loading the certificate(s) ..."); - fflush(stdout); - - ret = mbedtls_x509_crt_parse_file(&crt, opt.filename); - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret); - mbedtls_x509_crt_free(&crt); - goto exit; - } - - if (opt.permissive == 0 && ret > 0) { - mbedtls_printf( - " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n", - ret); - mbedtls_x509_crt_free(&crt); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the certificate(s) - */ - while (cur != NULL) { - mbedtls_printf(" . Peer certificate information ...\n"); - ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", - cur); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret); - mbedtls_x509_crt_free(&crt); - goto exit; - } - - mbedtls_printf("%s\n", buf); - - cur = cur->next; - } - - /* - * 1.3 Verify the certificate - */ - if (verify) { - mbedtls_printf(" . Verifying X.509 certificate..."); - - if ((ret = mbedtls_x509_crt_verify(&crt, &cacert, &cacrl, NULL, &flags, - my_verify, NULL)) != 0) { - char vrfy_buf[512]; - - mbedtls_printf(" failed\n"); - - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); - } else { - mbedtls_printf(" ok\n"); - } - } - - mbedtls_x509_crt_free(&crt); - } else if (opt.mode == MODE_SSL) { - /* - * 1. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto ssl_exit; - } - - mbedtls_printf(" ok\n"); - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(opt.debug_level); -#endif - - /* - * 2. Start the connection - */ - mbedtls_printf(" . SSL connection to tcp/%s/%s...", opt.server_name, - opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, opt.server_name, - opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto ssl_exit; - } - - /* - * 3. Setup stuff - */ - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - if (verify) { - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_verify(&conf, my_verify, NULL); - } else { - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - } - - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto ssl_exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto ssl_exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - /* - * 4. Handshake - */ - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret); - goto ssl_exit; - } - } - - mbedtls_printf(" ok\n"); - - /* - * 5. Print the certificate - */ -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_printf(" . Peer certificate information ... skipped\n"); -#else - mbedtls_printf(" . Peer certificate information ...\n"); - ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", - mbedtls_ssl_get_peer_cert(&ssl)); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret); - goto ssl_exit; - } - - mbedtls_printf("%s\n", buf); -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_ssl_close_notify(&ssl); - -ssl_exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - } else { - goto usage; - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - mbedtls_x509_crl_free(&cacrl); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && - MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && - MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c deleted file mode 100644 index 0dc4c971c..000000000 --- a/programs/x509/cert_req.c +++ /dev/null @@ -1,514 +0,0 @@ -/* - * Certificate request generation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_MD_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_csr.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" - -#include -#include -#include - -#define DFL_FILENAME "keyfile.key" -#define DFL_PASSWORD NULL -#define DFL_DEBUG_LEVEL 0 -#define DFL_OUTPUT_FILENAME "cert.req" -#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" -#define DFL_KEY_USAGE 0 -#define DFL_FORCE_KEY_USAGE 0 -#define DFL_NS_CERT_TYPE 0 -#define DFL_FORCE_NS_CERT_TYPE 0 -#define DFL_MD_ALG MBEDTLS_MD_SHA256 - -#define USAGE \ - "\n usage: cert_req param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: keyfile.key\n" \ - " password=%%s default: NULL\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " output_file=%%s default: cert.req\n" \ - " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ - " san=%%s default: (none)\n" \ - " Semicolon-separated-list of values:\n" \ - " DNS:value\n" \ - " URI:value\n" \ - " RFC822:value\n" \ - " IP:value (Only IPv4 is supported)\n" \ - " DN:list of comma separated key=value pairs\n" \ - " key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " digital_signature\n" \ - " non_repudiation\n" \ - " key_encipherment\n" \ - " data_encipherment\n" \ - " key_agreement\n" \ - " key_cert_sign\n" \ - " crl_sign\n" \ - " force_key_usage=0/1 default: off\n" \ - " Add KeyUsage even if it is empty\n" \ - " ns_cert_type=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " ssl_client\n" \ - " ssl_server\n" \ - " email\n" \ - " object_signing\n" \ - " ssl_ca\n" \ - " email_ca\n" \ - " object_signing_ca\n" \ - " force_ns_cert_type=0/1 default: off\n" \ - " Add NsCertType even if it is empty\n" \ - " md=%%s default: SHA256\n" \ - " possible values:\n" \ - " MD5, RIPEMD160, SHA1,\n" \ - " SHA224, SHA256, SHA384, SHA512\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the key file */ - const char *password; /* password for the key file */ - int debug_level; /* level of debugging */ - const char *output_file; /* where to store the constructed key file */ - const char *subject_name; /* subject name for certificate request */ - mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */ - unsigned char key_usage; /* key usage flags */ - int force_key_usage; /* Force adding the KeyUsage extension */ - unsigned char ns_cert_type; /* NS cert type */ - int force_ns_cert_type; /* Force adding NsCertType extension */ - mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ -} opt; - -static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret; - FILE *f; - unsigned char output_buf[4096]; - size_t len = 0; - - memset(output_buf, 0, 4096); - if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) { - return ret; - } - - len = strlen((char *) output_buf); - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(output_buf, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context key; - char buf[1024]; - int i; - char *p, *q, *r; - mbedtls_x509write_csr req; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "csr example app"; - mbedtls_x509_san_list *cur, *prev; - mbedtls_asn1_named_data *ext_san_dirname = NULL; -#if defined(MBEDTLS_X509_CRT_PARSE_C) - uint8_t ip[4] = { 0 }; -#endif - /* - * Set to sane values - */ - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - mbedtls_entropy_init(&entropy); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - opt.password = DFL_PASSWORD; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.subject_name = DFL_SUBJECT_NAME; - opt.key_usage = DFL_KEY_USAGE; - opt.force_key_usage = DFL_FORCE_KEY_USAGE; - opt.ns_cert_type = DFL_NS_CERT_TYPE; - opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE; - opt.md_alg = DFL_MD_ALG; - opt.san_list = NULL; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "password") == 0) { - opt.password = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "subject_name") == 0) { - opt.subject_name = q; - } else if (strcmp(p, "san") == 0) { - char *subtype_value; - prev = NULL; - - while (q != NULL) { - char *semicolon; - r = q; - - /* Find the first non-escaped ; occurrence and remove escaped ones */ - do { - if ((semicolon = strchr(r, ';')) != NULL) { - if (*(semicolon-1) != '\\') { - r = semicolon; - break; - } - /* Remove the escape character */ - size_t size_left = strlen(semicolon); - memmove(semicolon-1, semicolon, size_left); - *(semicolon + size_left - 1) = '\0'; - /* r will now point at the character after the semicolon */ - r = semicolon; - } - - } while (semicolon != NULL); - - if (semicolon != NULL) { - *r++ = '\0'; - } else { - r = NULL; - } - - cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); - if (cur == NULL) { - mbedtls_printf("Not enough memory for subjectAltName list\n"); - goto usage; - } - - cur->next = NULL; - - if ((subtype_value = strchr(q, ':')) != NULL) { - *subtype_value++ = '\0'; - } else { - mbedtls_printf( - "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); - goto usage; - } - if (strcmp(q, "RFC822") == 0) { - cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; - } else if (strcmp(q, "URI") == 0) { - cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - } else if (strcmp(q, "DNS") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; - } else if (strcmp(q, "IP") == 0) { - size_t ip_addr_len = 0; - cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); - if (ip_addr_len == 0) { - mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", - subtype_value); - goto exit; - } - cur->node.san.unstructured_name.p = (unsigned char *) ip; - cur->node.san.unstructured_name.len = sizeof(ip); - } else if (strcmp(q, "DN") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, - subtype_value)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf( - " failed\n ! mbedtls_x509_string_to_names " - "returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - cur->node.san.directory_name = *ext_san_dirname; - } else { - mbedtls_free(cur); - goto usage; - } - - if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || - cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || - cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { - q = subtype_value; - cur->node.san.unstructured_name.p = (unsigned char *) q; - cur->node.san.unstructured_name.len = strlen(q); - } - - if (prev == NULL) { - opt.san_list = cur; - } else { - prev->next = cur; - } - - prev = cur; - q = r; - } - } else if (strcmp(p, "md") == 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_string(q); - if (md_info == NULL) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - opt.md_alg = mbedtls_md_get_type(md_info); - } else if (strcmp(p, "key_usage") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "digital_signature") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - } else if (strcmp(q, "non_repudiation") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; - } else if (strcmp(q, "key_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - } else if (strcmp(q, "data_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT; - } else if (strcmp(q, "key_agreement") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; - } else if (strcmp(q, "key_cert_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; - } else if (strcmp(q, "crl_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN; - } else { - goto usage; - } - - q = r; - } - } else if (strcmp(p, "force_key_usage") == 0) { - switch (atoi(q)) { - case 0: opt.force_key_usage = 0; break; - case 1: opt.force_key_usage = 1; break; - default: goto usage; - } - } else if (strcmp(p, "ns_cert_type") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "ssl_client") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; - } else if (strcmp(q, "ssl_server") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER; - } else if (strcmp(q, "email") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; - } else if (strcmp(q, "object_signing") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; - } else if (strcmp(q, "ssl_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; - } else if (strcmp(q, "email_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA; - } else if (strcmp(q, "object_signing_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; - } else { - goto usage; - } - - q = r; - } - } else if (strcmp(p, "force_ns_cert_type") == 0) { - switch (atoi(q)) { - case 0: opt.force_ns_cert_type = 0; break; - case 1: opt.force_ns_cert_type = 1; break; - default: goto usage; - } - } else { - goto usage; - } - } - - /* Set the MD algorithm to use for the signature in the CSR */ - mbedtls_x509write_csr_set_md_alg(&req, opt.md_alg); - - /* Set the Key Usage Extension flags in the CSR */ - if (opt.key_usage || opt.force_key_usage == 1) { - ret = mbedtls_x509write_csr_set_key_usage(&req, opt.key_usage); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_key_usage returned %d", ret); - goto exit; - } - } - - /* Set the Cert Type flags in the CSR */ - if (opt.ns_cert_type || opt.force_ns_cert_type == 1) { - ret = mbedtls_x509write_csr_set_ns_cert_type(&req, opt.ns_cert_type); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_ns_cert_type returned %d", ret); - goto exit; - } - } - - /* Set the SubjectAltName in the CSR */ - if (opt.san_list != NULL) { - ret = mbedtls_x509write_csr_set_subject_alternative_name(&req, opt.san_list); - - if (ret != 0) { - mbedtls_printf( - " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d", - ret); - goto exit; - } - } - - /* - * 0. Seed the PRNG - */ - mbedtls_printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.0. Check the subject name for validity - */ - mbedtls_printf(" . Checking subject name..."); - fflush(stdout); - - if ((ret = mbedtls_x509write_csr_set_subject_name(&req, opt.subject_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.1. Load the key - */ - mbedtls_printf(" . Loading the private key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret); - goto exit; - } - - mbedtls_x509write_csr_set_key(&req, &key); - - mbedtls_printf(" ok\n"); - - /* - * 1.2. Writing the request - */ - mbedtls_printf(" . Writing the certificate request ..."); - fflush(stdout); - - if ((ret = write_certificate_request(&req, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! write_certificate_request %d", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); -#else - mbedtls_printf("\n"); -#endif - } - - mbedtls_x509write_csr_free(&req); - mbedtls_asn1_free_named_data_list(&ext_san_dirname); - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - cur = opt.san_list; - while (cur != NULL) { - prev = cur; - cur = cur->next; - mbedtls_free(prev); - } - - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c deleted file mode 100644 index b15e2818c..000000000 --- a/programs/x509/cert_write.c +++ /dev/null @@ -1,1016 +0,0 @@ -/* - * Certificate generation and signing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_ERROR_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " - "MBEDTLS_FS_IO and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_ERROR_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" -#include "mbedtls/oid.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" -#include "test/helpers.h" - -#include -#include -#include -#include - -#define SET_OID(x, oid) \ - do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char *) oid; } while (0) - -#if defined(MBEDTLS_X509_CSR_PARSE_C) -#define USAGE_CSR \ - " request_file=%%s default: (empty)\n" \ - " If request_file is specified, subject_key,\n" \ - " subject_pwd and subject_name are ignored!\n" -#else -#define USAGE_CSR "" -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -#define FORMAT_PEM 0 -#define FORMAT_DER 1 - -#define DFL_ISSUER_CRT "" -#define DFL_REQUEST_FILE "" -#define DFL_SUBJECT_KEY "subject.key" -#define DFL_ISSUER_KEY "ca.key" -#define DFL_SUBJECT_PWD "" -#define DFL_ISSUER_PWD "" -#define DFL_OUTPUT_FILENAME "cert.crt" -#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" -#define DFL_ISSUER_NAME "CN=CA,O=mbed TLS,C=UK" -#define DFL_NOT_BEFORE "20010101000000" -#define DFL_NOT_AFTER "20301231235959" -#define DFL_SERIAL "1" -#define DFL_SERIAL_HEX "1" -#define DFL_EXT_SUBJECTALTNAME "" -#define DFL_SELFSIGN 0 -#define DFL_IS_CA 0 -#define DFL_MAX_PATHLEN -1 -#define DFL_SIG_ALG MBEDTLS_MD_SHA256 -#define DFL_KEY_USAGE 0 -#define DFL_EXT_KEY_USAGE NULL -#define DFL_NS_CERT_TYPE 0 -#define DFL_VERSION 3 -#define DFL_AUTH_IDENT 1 -#define DFL_SUBJ_IDENT 1 -#define DFL_CONSTRAINTS 1 -#define DFL_DIGEST MBEDTLS_MD_SHA256 -#define DFL_FORMAT FORMAT_PEM - -#define USAGE \ - "\n usage: cert_write param=<>...\n" \ - "\n acceptable parameters:\n" \ - USAGE_CSR \ - " subject_key=%%s default: subject.key\n" \ - " subject_pwd=%%s default: (empty)\n" \ - " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ - "\n" \ - " issuer_crt=%%s default: (empty)\n" \ - " If issuer_crt is specified, issuer_name is\n" \ - " ignored!\n" \ - " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ - "\n" \ - " selfsign=%%d default: 0 (false)\n" \ - " If selfsign is enabled, issuer_name and\n" \ - " issuer_key are required (issuer_crt and\n" \ - " subject_* are ignored\n" \ - " issuer_key=%%s default: ca.key\n" \ - " issuer_pwd=%%s default: (empty)\n" \ - " output_file=%%s default: cert.crt\n" \ - " serial=%%s default: 1\n" \ - " In decimal format; it can be used as\n" \ - " alternative to serial_hex, but it's\n" \ - " limited in max length to\n" \ - " unsigned long long int\n" \ - " serial_hex=%%s default: 1\n" \ - " In hex format; it can be used as\n" \ - " alternative to serial\n" \ - " not_before=%%s default: 20010101000000\n" \ - " not_after=%%s default: 20301231235959\n" \ - " is_ca=%%d default: 0 (disabled)\n" \ - " max_pathlen=%%d default: -1 (none)\n" \ - " md=%%s default: SHA256\n" \ - " Supported values (if enabled):\n" \ - " MD5, RIPEMD160, SHA1,\n" \ - " SHA224, SHA256, SHA384, SHA512\n" \ - " version=%%d default: 3\n" \ - " Possible values: 1, 2, 3\n" \ - " subject_identifier=%%s default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n" \ - " san=%%s default: (none)\n" \ - " Semicolon-separated-list of values:\n" \ - " DNS:value\n" \ - " URI:value\n" \ - " RFC822:value\n" \ - " IP:value (Only IPv4 is supported)\n" \ - " DN:list of comma separated key=value pairs\n" \ - " authority_identifier=%%s default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n" \ - " basic_constraints=%%d default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n" \ - " key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " digital_signature\n" \ - " non_repudiation\n" \ - " key_encipherment\n" \ - " data_encipherment\n" \ - " key_agreement\n" \ - " key_cert_sign\n" \ - " crl_sign\n" \ - " (Considered for v3 only)\n" \ - " ext_key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " serverAuth\n" \ - " clientAuth\n" \ - " codeSigning\n" \ - " emailProtection\n" \ - " timeStamping\n" \ - " OCSPSigning\n" \ - " ns_cert_type=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " ssl_client\n" \ - " ssl_server\n" \ - " email\n" \ - " object_signing\n" \ - " ssl_ca\n" \ - " email_ca\n" \ - " object_signing_ca\n" \ - " format=pem|der default: pem\n" \ - "\n" - -typedef enum { - SERIAL_FRMT_UNSPEC, - SERIAL_FRMT_DEC, - SERIAL_FRMT_HEX -} serial_format_t; - -/* - * global options - */ -struct options { - const char *issuer_crt; /* filename of the issuer certificate */ - const char *request_file; /* filename of the certificate request */ - const char *subject_key; /* filename of the subject key file */ - const char *issuer_key; /* filename of the issuer key file */ - const char *subject_pwd; /* password for the subject key file */ - const char *issuer_pwd; /* password for the issuer key file */ - const char *output_file; /* where to store the constructed CRT */ - const char *subject_name; /* subject name for certificate */ - mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */ - const char *issuer_name; /* issuer name for certificate */ - const char *not_before; /* validity period not before */ - const char *not_after; /* validity period not after */ - const char *serial; /* serial number string (decimal) */ - const char *serial_hex; /* serial number string (hex) */ - int selfsign; /* selfsign the certificate */ - int is_ca; /* is a CA certificate */ - int max_pathlen; /* maximum CA path length */ - int authority_identifier; /* add authority identifier to CRT */ - int subject_identifier; /* add subject identifier to CRT */ - int basic_constraints; /* add basic constraints ext to CRT */ - int version; /* CRT version */ - mbedtls_md_type_t md; /* Hash used for signing */ - unsigned char key_usage; /* key usage flags */ - mbedtls_asn1_sequence *ext_key_usage; /* extended key usages */ - unsigned char ns_cert_type; /* NS cert type */ - int format; /* format */ -} opt; - -static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - int ret; - FILE *f; - unsigned char output_buf[4096]; - unsigned char *output_start; - size_t len = 0; - - memset(output_buf, 0, 4096); - if (opt.format == FORMAT_DER) { - ret = mbedtls_x509write_crt_der(crt, output_buf, 4096, - f_rng, p_rng); - if (ret < 0) { - return ret; - } - - len = ret; - output_start = output_buf + 4096 - len; - } else { - ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096, - f_rng, p_rng); - if (ret < 0) { - return ret; - } - - len = strlen((char *) output_buf); - output_start = output_buf; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(output_start, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -static int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax, - const char *ibuf, size_t *len) -{ - unsigned long long int dec; - unsigned int remaining_bytes = sizeof(dec); - unsigned char *p = obuf; - unsigned char val; - char *end_ptr = NULL; - - errno = 0; - dec = strtoull(ibuf, &end_ptr, 10); - - if ((errno != 0) || (end_ptr == ibuf)) { - return -1; - } - - *len = 0; - - while (remaining_bytes > 0) { - if (obufmax < (*len + 1)) { - return -1; - } - - val = (dec >> ((remaining_bytes - 1) * 8)) & 0xFF; - - /* Skip leading zeros */ - if ((val != 0) || (*len != 0)) { - *p = val; - (*len)++; - p++; - } - - remaining_bytes--; - } - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_x509_crt issuer_crt; - mbedtls_pk_context loaded_issuer_key, loaded_subject_key; - mbedtls_pk_context *issuer_key = &loaded_issuer_key, - *subject_key = &loaded_subject_key; - char buf[1024]; - char issuer_name[256]; - int i; - char *p, *q, *r; -#if defined(MBEDTLS_X509_CSR_PARSE_C) - char subject_name[256]; - mbedtls_x509_csr csr; -#endif - mbedtls_x509write_cert crt; - serial_format_t serial_frmt = SERIAL_FRMT_UNSPEC; - unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN]; - size_t serial_len; - mbedtls_asn1_sequence *ext_key_usage; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "crt example app"; - mbedtls_x509_san_list *cur, *prev; - mbedtls_asn1_named_data *ext_san_dirname = NULL; - uint8_t ip[4] = { 0 }; - /* - * Set to sane values - */ - mbedtls_x509write_crt_init(&crt); - mbedtls_pk_init(&loaded_issuer_key); - mbedtls_pk_init(&loaded_subject_key); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CSR_PARSE_C) - mbedtls_x509_csr_init(&csr); -#endif - mbedtls_x509_crt_init(&issuer_crt); - memset(buf, 0, sizeof(buf)); - memset(serial, 0, sizeof(serial)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.issuer_crt = DFL_ISSUER_CRT; - opt.request_file = DFL_REQUEST_FILE; - opt.subject_key = DFL_SUBJECT_KEY; - opt.issuer_key = DFL_ISSUER_KEY; - opt.subject_pwd = DFL_SUBJECT_PWD; - opt.issuer_pwd = DFL_ISSUER_PWD; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.subject_name = DFL_SUBJECT_NAME; - opt.issuer_name = DFL_ISSUER_NAME; - opt.not_before = DFL_NOT_BEFORE; - opt.not_after = DFL_NOT_AFTER; - opt.serial = DFL_SERIAL; - opt.serial_hex = DFL_SERIAL_HEX; - opt.selfsign = DFL_SELFSIGN; - opt.is_ca = DFL_IS_CA; - opt.max_pathlen = DFL_MAX_PATHLEN; - opt.key_usage = DFL_KEY_USAGE; - opt.ext_key_usage = DFL_EXT_KEY_USAGE; - opt.ns_cert_type = DFL_NS_CERT_TYPE; - opt.version = DFL_VERSION - 1; - opt.md = DFL_DIGEST; - opt.subject_identifier = DFL_SUBJ_IDENT; - opt.authority_identifier = DFL_AUTH_IDENT; - opt.basic_constraints = DFL_CONSTRAINTS; - opt.format = DFL_FORMAT; - opt.san_list = NULL; - - for (i = 1; i < argc; i++) { - - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "request_file") == 0) { - opt.request_file = q; - } else if (strcmp(p, "subject_key") == 0) { - opt.subject_key = q; - } else if (strcmp(p, "issuer_key") == 0) { - opt.issuer_key = q; - } else if (strcmp(p, "subject_pwd") == 0) { - opt.subject_pwd = q; - } else if (strcmp(p, "issuer_pwd") == 0) { - opt.issuer_pwd = q; - } else if (strcmp(p, "issuer_crt") == 0) { - opt.issuer_crt = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else if (strcmp(p, "subject_name") == 0) { - opt.subject_name = q; - } else if (strcmp(p, "issuer_name") == 0) { - opt.issuer_name = q; - } else if (strcmp(p, "not_before") == 0) { - opt.not_before = q; - } else if (strcmp(p, "not_after") == 0) { - opt.not_after = q; - } else if (strcmp(p, "serial") == 0) { - if (serial_frmt != SERIAL_FRMT_UNSPEC) { - mbedtls_printf("Invalid attempt to set the serial more than once\n"); - goto usage; - } - serial_frmt = SERIAL_FRMT_DEC; - opt.serial = q; - } else if (strcmp(p, "serial_hex") == 0) { - if (serial_frmt != SERIAL_FRMT_UNSPEC) { - mbedtls_printf("Invalid attempt to set the serial more than once\n"); - goto usage; - } - serial_frmt = SERIAL_FRMT_HEX; - opt.serial_hex = q; - } else if (strcmp(p, "authority_identifier") == 0) { - opt.authority_identifier = atoi(q); - if (opt.authority_identifier != 0 && - opt.authority_identifier != 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "subject_identifier") == 0) { - opt.subject_identifier = atoi(q); - if (opt.subject_identifier != 0 && - opt.subject_identifier != 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "basic_constraints") == 0) { - opt.basic_constraints = atoi(q); - if (opt.basic_constraints != 0 && - opt.basic_constraints != 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "md") == 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_string(q); - if (md_info == NULL) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - opt.md = mbedtls_md_get_type(md_info); - } else if (strcmp(p, "version") == 0) { - opt.version = atoi(q); - if (opt.version < 1 || opt.version > 3) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - opt.version--; - } else if (strcmp(p, "selfsign") == 0) { - opt.selfsign = atoi(q); - if (opt.selfsign < 0 || opt.selfsign > 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "is_ca") == 0) { - opt.is_ca = atoi(q); - if (opt.is_ca < 0 || opt.is_ca > 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "max_pathlen") == 0) { - opt.max_pathlen = atoi(q); - if (opt.max_pathlen < -1 || opt.max_pathlen > 127) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "key_usage") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "digital_signature") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - } else if (strcmp(q, "non_repudiation") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; - } else if (strcmp(q, "key_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - } else if (strcmp(q, "data_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT; - } else if (strcmp(q, "key_agreement") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; - } else if (strcmp(q, "key_cert_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; - } else if (strcmp(q, "crl_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN; - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - - q = r; - } - } else if (strcmp(p, "ext_key_usage") == 0) { - mbedtls_asn1_sequence **tail = &opt.ext_key_usage; - - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - ext_key_usage = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - ext_key_usage->buf.tag = MBEDTLS_ASN1_OID; - if (strcmp(q, "serverAuth") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_SERVER_AUTH); - } else if (strcmp(q, "clientAuth") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_CLIENT_AUTH); - } else if (strcmp(q, "codeSigning") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_CODE_SIGNING); - } else if (strcmp(q, "emailProtection") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_EMAIL_PROTECTION); - } else if (strcmp(q, "timeStamping") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_TIME_STAMPING); - } else if (strcmp(q, "OCSPSigning") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_OCSP_SIGNING); - } else if (strcmp(q, "any") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE); - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - - *tail = ext_key_usage; - tail = &ext_key_usage->next; - - q = r; - } - } else if (strcmp(p, "san") == 0) { - char *subtype_value; - prev = NULL; - - while (q != NULL) { - char *semicolon; - r = q; - - /* Find the first non-escaped ; occurrence and remove escaped ones */ - do { - if ((semicolon = strchr(r, ';')) != NULL) { - if (*(semicolon-1) != '\\') { - r = semicolon; - break; - } - /* Remove the escape character */ - size_t size_left = strlen(semicolon); - memmove(semicolon-1, semicolon, size_left); - *(semicolon + size_left - 1) = '\0'; - /* r will now point at the character after the semicolon */ - r = semicolon; - } - - } while (semicolon != NULL); - - if (semicolon != NULL) { - *r++ = '\0'; - } else { - r = NULL; - } - - cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); - if (cur == NULL) { - mbedtls_printf("Not enough memory for subjectAltName list\n"); - goto usage; - } - - cur->next = NULL; - - if ((subtype_value = strchr(q, ':')) != NULL) { - *subtype_value++ = '\0'; - } else { - mbedtls_printf( - "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); - goto usage; - } - if (strcmp(q, "RFC822") == 0) { - cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; - } else if (strcmp(q, "URI") == 0) { - cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - } else if (strcmp(q, "DNS") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; - } else if (strcmp(q, "IP") == 0) { - size_t ip_addr_len = 0; - cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); - if (ip_addr_len == 0) { - mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", - subtype_value); - goto exit; - } - cur->node.san.unstructured_name.p = (unsigned char *) ip; - cur->node.san.unstructured_name.len = sizeof(ip); - } else if (strcmp(q, "DN") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, - subtype_value)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf( - " failed\n ! mbedtls_x509_string_to_names " - "returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - cur->node.san.directory_name = *ext_san_dirname; - } else { - mbedtls_free(cur); - goto usage; - } - - if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || - cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || - cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { - q = subtype_value; - cur->node.san.unstructured_name.p = (unsigned char *) q; - cur->node.san.unstructured_name.len = strlen(q); - } - - if (prev == NULL) { - opt.san_list = cur; - } else { - prev->next = cur; - } - - prev = cur; - q = r; - } - } else if (strcmp(p, "ns_cert_type") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "ssl_client") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; - } else if (strcmp(q, "ssl_server") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER; - } else if (strcmp(q, "email") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; - } else if (strcmp(q, "object_signing") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; - } else if (strcmp(q, "ssl_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; - } else if (strcmp(q, "email_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA; - } else if (strcmp(q, "object_signing_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - - q = r; - } - } else if (strcmp(p, "format") == 0) { - if (strcmp(q, "der") == 0) { - opt.format = FORMAT_DER; - } else if (strcmp(q, "pem") == 0) { - opt.format = FORMAT_PEM; - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else { - goto usage; - } - } - - mbedtls_printf("\n"); - - /* - * 0. Seed the PRNG - */ - mbedtls_printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", - ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - // Parse serial to MPI - // - mbedtls_printf(" . Reading serial number..."); - fflush(stdout); - - if (serial_frmt == SERIAL_FRMT_HEX) { - ret = mbedtls_test_unhexify(serial, sizeof(serial), - opt.serial_hex, &serial_len); - } else { // SERIAL_FRMT_DEC || SERIAL_FRMT_UNSPEC - ret = parse_serial_decimal_format(serial, sizeof(serial), - opt.serial, &serial_len); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! Unable to parse serial\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - // Parse issuer certificate if present - // - if (!opt.selfsign && strlen(opt.issuer_crt)) { - /* - * 1.0.a. Load the certificates - */ - mbedtls_printf(" . Loading the issuer certificate ..."); - fflush(stdout); - - if ((ret = mbedtls_x509_crt_parse_file(&issuer_crt, opt.issuer_crt)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - ret = mbedtls_x509_dn_gets(issuer_name, sizeof(issuer_name), - &issuer_crt.subject); - if (ret < 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - opt.issuer_name = issuer_name; - - mbedtls_printf(" ok\n"); - } - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - // Parse certificate request if present - // - if (!opt.selfsign && strlen(opt.request_file)) { - /* - * 1.0.b. Load the CSR - */ - mbedtls_printf(" . Loading the certificate request ..."); - fflush(stdout); - - if ((ret = mbedtls_x509_csr_parse_file(&csr, opt.request_file)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - ret = mbedtls_x509_dn_gets(subject_name, sizeof(subject_name), - &csr.subject); - if (ret < 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - opt.subject_name = subject_name; - subject_key = &csr.pk; - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - - /* - * 1.1. Load the keys - */ - if (!opt.selfsign && !strlen(opt.request_file)) { - mbedtls_printf(" . Loading the subject key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key, - opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - mbedtls_printf(" . Loading the issuer key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " - "returned -x%02x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - // Check if key and issuer certificate match - // - if (strlen(opt.issuer_crt)) { - if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key, - mbedtls_ctr_drbg_random, &ctr_drbg) != 0) { - mbedtls_printf(" failed\n ! issuer_key does not match " - "issuer certificate\n\n"); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - if (opt.selfsign) { - opt.subject_name = opt.issuer_name; - subject_key = issuer_key; - } - - mbedtls_x509write_crt_set_subject_key(&crt, subject_key); - mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key); - - /* - * 1.0. Check the names for validity - */ - if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, opt.subject_name)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject_name " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, opt.issuer_name)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_issuer_name " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" . Setting certificate values ..."); - fflush(stdout); - - mbedtls_x509write_crt_set_version(&crt, opt.version); - mbedtls_x509write_crt_set_md_alg(&crt, opt.md); - - ret = mbedtls_x509write_crt_set_serial_raw(&crt, serial, serial_len); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_serial_raw " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - ret = mbedtls_x509write_crt_set_validity(&crt, opt.not_before, opt.not_after); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_validity " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.basic_constraints != 0) { - mbedtls_printf(" . Adding the Basic Constraints extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_basic_constraints(&crt, opt.is_ca, - opt.max_pathlen); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! x509write_crt_set_basic_constraints " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - -#if defined(PSA_WANT_ALG_SHA_1) - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.subject_identifier != 0) { - mbedtls_printf(" . Adding the Subject Key Identifier ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_subject_key_identifier(&crt); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject" - "_key_identifier returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.authority_identifier != 0) { - mbedtls_printf(" . Adding the Authority Key Identifier ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_authority_key_identifier(&crt); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_authority_" - "key_identifier returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif /* PSA_WANT_ALG_SHA_1 */ - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.key_usage != 0) { - mbedtls_printf(" . Adding the Key Usage extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_key_usage(&crt, opt.key_usage); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_key_usage " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - if (opt.san_list != NULL) { - ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list); - - if (ret != 0) { - mbedtls_printf( - " failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d", - ret); - goto exit; - } - } - - if (opt.ext_key_usage) { - mbedtls_printf(" . Adding the Extended Key Usage extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_ext_key_usage(&crt, opt.ext_key_usage); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf( - " failed\n ! mbedtls_x509write_crt_set_ext_key_usage returned -0x%02x - %s\n\n", - (unsigned int) -ret, - buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.ns_cert_type != 0) { - mbedtls_printf(" . Adding the NS Cert Type extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_ns_cert_type(&crt, opt.ns_cert_type); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_ns_cert_type " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - /* - * 1.2. Writing the certificate - */ - mbedtls_printf(" . Writing the certificate..."); - fflush(stdout); - - if ((ret = write_certificate(&crt, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: -#if defined(MBEDTLS_X509_CSR_PARSE_C) - mbedtls_x509_csr_free(&csr); -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - mbedtls_asn1_free_named_data_list(&ext_san_dirname); - mbedtls_x509_crt_free(&issuer_crt); - mbedtls_x509write_crt_free(&crt); - mbedtls_pk_free(&loaded_subject_key); - mbedtls_pk_free(&loaded_issuer_key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && - MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c deleted file mode 100644 index 5e3fd5a94..000000000 --- a/programs/x509/crl_app.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * CRL reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_X509_REMOVE_INFO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined and/or " - "MBEDTLS_X509_REMOVE_INFO defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_crl.h" - -#include -#include -#include - -#define DFL_FILENAME "crl.pem" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: crl_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: crl.pem\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the certificate file */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned char buf[100000]; - mbedtls_x509_crl crl; - int i; - char *p, *q; - - /* - * Set to sane values - */ - mbedtls_x509_crl_init(&crl); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else { - goto usage; - } - } - - /* - * 1.1. Load the CRL - */ - mbedtls_printf("\n . Loading the CRL ..."); - fflush(stdout); - - ret = mbedtls_x509_crl_parse_file(&crl, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret); - mbedtls_x509_crl_free(&crl); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the CRL - */ - mbedtls_printf(" . CRL information ...\n"); - ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret); - mbedtls_x509_crl_free(&crl); - goto exit; - } - - mbedtls_printf("%s\n", buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_x509_crl_free(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C && - MBEDTLS_FS_IO */ diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c deleted file mode 100644 index d14537fd4..000000000 --- a/programs/x509/load_roots.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Root CA reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_TIMING_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_TIMING_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/error.h" -#include "mbedtls/timing.h" -#include "mbedtls/x509_crt.h" - -#include -#include -#include - -#define DFL_ITERATIONS 1 -#define DFL_PRIME_CACHE 1 - -#define USAGE \ - "\n usage: load_roots param=<>... [--] FILE...\n" \ - "\n acceptable parameters:\n" \ - " iterations=%%d Iteration count (not including cache priming); default: 1\n" \ - " prime=%%d Prime the disk read cache? Default: 1 (yes)\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char **filenames; /* NULL-terminated list of file names */ - unsigned iterations; /* Number of iterations to time */ - int prime_cache; /* Prime the disk read cache? */ -} opt; - - -static int read_certificates(const char *const *filenames) -{ - mbedtls_x509_crt cas; - int ret = 0; - const char *const *cur; - - mbedtls_x509_crt_init(&cas); - - for (cur = filenames; *cur != NULL; cur++) { - ret = mbedtls_x509_crt_parse_file(&cas, *cur); - if (ret != 0) { -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) - char error_message[200]; - mbedtls_strerror(ret, error_message, sizeof(error_message)); - printf("\n%s: -0x%04x (%s)\n", - *cur, (unsigned) -ret, error_message); -#else - printf("\n%s: -0x%04x\n", - *cur, (unsigned) -ret); -#endif - goto exit; - } - } - -exit: - mbedtls_x509_crt_free(&cas); - return ret == 0; -} - -int main(int argc, char *argv[]) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned i, j; - struct mbedtls_timing_hr_time timer; - unsigned long ms; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc <= 1) { - mbedtls_printf(USAGE); - goto exit; - } - - opt.filenames = NULL; - opt.iterations = DFL_ITERATIONS; - opt.prime_cache = DFL_PRIME_CACHE; - - for (i = 1; i < (unsigned) argc; i++) { - char *p = argv[i]; - char *q = NULL; - - if (strcmp(p, "--") == 0) { - break; - } - if ((q = strchr(p, '=')) == NULL) { - break; - } - *q++ = '\0'; - - for (j = 0; p + j < q; j++) { - if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') { - argv[i][j] |= 0x20; - } - } - - if (strcmp(p, "iterations") == 0) { - opt.iterations = atoi(q); - } else if (strcmp(p, "prime") == 0) { - opt.iterations = atoi(q) != 0; - } else { - mbedtls_printf("Unknown option: %s\n", p); - mbedtls_printf(USAGE); - goto exit; - } - } - - opt.filenames = (const char **) argv + i; - if (*opt.filenames == 0) { - mbedtls_printf("Missing list of certificate files to parse\n"); - goto exit; - } - - mbedtls_printf("Parsing %u certificates", argc - i); - if (opt.prime_cache) { - if (!read_certificates(opt.filenames)) { - goto exit; - } - mbedtls_printf(" "); - } - - (void) mbedtls_timing_get_timer(&timer, 1); - for (i = 1; i <= opt.iterations; i++) { - if (!read_certificates(opt.filenames)) { - goto exit; - } - mbedtls_printf("."); - } - ms = mbedtls_timing_get_timer(&timer, 0); - mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms); - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_exit(exit_code); -} -#endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c deleted file mode 100644 index fff0983f0..000000000 --- a/programs/x509/req_app.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Certificate request reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_X509_REMOVE_INFO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined and/or " - "MBEDTLS_X509_REMOVE_INFO defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_csr.h" - -#include -#include -#include - -#define DFL_FILENAME "cert.req" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: req_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: cert.req\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the certificate request */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned char buf[100000]; - mbedtls_x509_csr csr; - int i; - char *p, *q; - - /* - * Set to sane values - */ - mbedtls_x509_csr_init(&csr); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else { - goto usage; - } - } - - /* - * 1.1. Load the CSR - */ - mbedtls_printf("\n . Loading the CSR ..."); - fflush(stdout); - - ret = mbedtls_x509_csr_parse_file(&csr, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret); - mbedtls_x509_csr_free(&csr); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the CSR - */ - mbedtls_printf(" . CSR information ...\n"); - ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret); - mbedtls_x509_csr_free(&csr); - goto exit; - } - - mbedtls_printf("%s\n", buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_x509_csr_free(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C && - MBEDTLS_FS_IO */ diff --git a/scripts/abi_check.py b/scripts/abi_check.py deleted file mode 100755 index 542136305..000000000 --- a/scripts/abi_check.py +++ /dev/null @@ -1,677 +0,0 @@ -#!/usr/bin/env python3 -"""This script compares the interfaces of two versions of Mbed TLS, looking -for backward incompatibilities between two different Git revisions within -an Mbed TLS repository. It must be run from the root of a Git working tree. - -### How the script works ### - -For the source (API) and runtime (ABI) interface compatibility, this script -is a small wrapper around the abi-compliance-checker and abi-dumper tools, -applying them to compare the header and library files. - -For the storage format, this script compares the automatically generated -storage tests and the manual read tests, and complains if there is a -reduction in coverage. A change in test data will be signaled as a -coverage reduction since the old test data is no longer present. A change in -how test data is presented will be signaled as well; this would be a false -positive. - -The results of the API/ABI comparison are either formatted as HTML and stored -at a configurable location, or are given as a brief list of problems. -Returns 0 on success, 1 on non-compliance, and 2 if there is an error -while running the script. - -### How to interpret non-compliance ### - -This script has relatively common false positives. In many scenarios, it only -reports a pass if there is a strict textual match between the old version and -the new version, and it reports problems where there is a sufficient semantic -match but not a textual match. This section lists some common false positives. -This is not an exhaustive list: in the end what matters is whether we are -breaking a backward compatibility goal. - -**API**: the goal is that if an application works with the old version of the -library, it can be recompiled against the new version and will still work. -This is normally validated by comparing the declarations in `include/*/*.h`. -A failure is a declaration that has disappeared or that now has a different -type. - - * It's ok to change or remove macros and functions that are documented as - for internal use only or as experimental. - * It's ok to rename function or macro parameters as long as the semantics - has not changed. - * It's ok to change or remove structure fields that are documented as - private. - * It's ok to add fields to a structure that already had private fields - or was documented as extensible. - -**ABI**: the goal is that if an application was built against the old version -of the library, the same binary will work when linked against the new version. -This is normally validated by comparing the symbols exported by `libmbed*.so`. -A failure is a symbol that is no longer exported by the same library or that -now has a different type. - - * All ABI changes are acceptable if the library version is bumped - (see `scripts/bump_version.sh`). - * ABI changes that concern functions which are declared only inside the - library directory, and not in `include/*/*.h`, are acceptable only if - the function was only ever used inside the same library (libmbedcrypto, - libmbedx509, libmbedtls). As a counter example, if the old version - of libmbedtls calls mbedtls_foo() from libmbedcrypto, and the new version - of libmbedcrypto no longer has a compatible mbedtls_foo(), this does - require a version bump for libmbedcrypto. - -**Storage format**: the goal is to check that persistent keys stored by the -old version can be read by the new version. This is normally validated by -comparing the `*read*` test cases in `test_suite*storage_format*.data`. -A failure is a storage read test case that is no longer present with the same -function name and parameter list. - - * It's ok if the same test data is present, but its presentation has changed, - for example if a test function is renamed or has different parameters. - * It's ok if redundant tests are removed. - -**Generated test coverage**: the goal is to check that automatically -generated tests have as much coverage as before. This is normally validated -by comparing the test cases that are automatically generated by a script. -A failure is a generated test case that is no longer present with the same -function name and parameter list. - - * It's ok if the same test data is present, but its presentation has changed, - for example if a test function is renamed or has different parameters. - * It's ok if redundant tests are removed. - -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import glob -import os -import re -import sys -import traceback -import shutil -import subprocess -import argparse -import logging -import tempfile -import fnmatch -from types import SimpleNamespace - -import xml.etree.ElementTree as ET - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree - - -class AbiChecker: - """API and ABI checker.""" - - def __init__(self, old_version, new_version, configuration): - """Instantiate the API/ABI checker. - - old_version: RepoVersion containing details to compare against - new_version: RepoVersion containing details to check - configuration.report_dir: directory for output files - configuration.keep_all_reports: if false, delete old reports - configuration.brief: if true, output shorter report to stdout - configuration.check_abi: if true, compare ABIs - configuration.check_api: if true, compare APIs - configuration.check_storage: if true, compare storage format tests - configuration.skip_file: path to file containing symbols and types to skip - """ - self.repo_path = "." - self.log = None - self.verbose = configuration.verbose - self._setup_logger() - self.report_dir = os.path.abspath(configuration.report_dir) - self.keep_all_reports = configuration.keep_all_reports - self.can_remove_report_dir = not (os.path.exists(self.report_dir) or - self.keep_all_reports) - self.old_version = old_version - self.new_version = new_version - self.skip_file = configuration.skip_file - self.check_abi = configuration.check_abi - self.check_api = configuration.check_api - if self.check_abi != self.check_api: - raise Exception('Checking API without ABI or vice versa is not supported') - self.check_storage_tests = configuration.check_storage - self.brief = configuration.brief - self.git_command = "git" - self.make_command = "make" - - def _setup_logger(self): - self.log = logging.getLogger() - if self.verbose: - self.log.setLevel(logging.DEBUG) - else: - self.log.setLevel(logging.INFO) - self.log.addHandler(logging.StreamHandler()) - - @staticmethod - def check_abi_tools_are_installed(): - for command in ["abi-dumper", "abi-compliance-checker"]: - if not shutil.which(command): - raise Exception("{} not installed, aborting".format(command)) - - def _get_clean_worktree_for_git_revision(self, version): - """Make a separate worktree with version.revision checked out. - Do not modify the current worktree.""" - git_worktree_path = tempfile.mkdtemp() - if version.repository: - self.log.debug( - "Checking out git worktree for revision {} from {}".format( - version.revision, version.repository - ) - ) - fetch_output = subprocess.check_output( - [self.git_command, "fetch", - version.repository, version.revision], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(fetch_output.decode("utf-8")) - worktree_rev = "FETCH_HEAD" - else: - self.log.debug("Checking out git worktree for revision {}".format( - version.revision - )) - worktree_rev = version.revision - worktree_output = subprocess.check_output( - [self.git_command, "worktree", "add", "--detach", - git_worktree_path, worktree_rev], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(worktree_output.decode("utf-8")) - version.commit = subprocess.check_output( - [self.git_command, "rev-parse", "HEAD"], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ).decode("ascii").rstrip() - self.log.debug("Commit is {}".format(version.commit)) - return git_worktree_path - - def _update_git_submodules(self, git_worktree_path, version): - """If the crypto submodule is present, initialize it. - if version.crypto_revision exists, update it to that revision, - otherwise update it to the default revision""" - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) - self.log.debug(update_output.decode("utf-8")) - if not (os.path.exists(os.path.join(git_worktree_path, "crypto")) - and version.crypto_revision): - return - - if version.crypto_repository: - fetch_output = subprocess.check_output( - [self.git_command, "fetch", version.crypto_repository, - version.crypto_revision], - cwd=os.path.join(git_worktree_path, "crypto"), - stderr=subprocess.STDOUT - ) - self.log.debug(fetch_output.decode("utf-8")) - crypto_rev = "FETCH_HEAD" - else: - crypto_rev = version.crypto_revision - - checkout_output = subprocess.check_output( - [self.git_command, "checkout", crypto_rev], - cwd=os.path.join(git_worktree_path, "crypto"), - stderr=subprocess.STDOUT - ) - self.log.debug(checkout_output.decode("utf-8")) - - def _build_shared_libraries(self, git_worktree_path, version): - """Build the shared libraries in the specified worktree.""" - my_environment = os.environ.copy() - my_environment["CFLAGS"] = "-g -Og" - my_environment["SHARED"] = "1" - if os.path.exists(os.path.join(git_worktree_path, "crypto")): - my_environment["USE_CRYPTO_SUBMODULE"] = "1" - make_output = subprocess.check_output( - [self.make_command, "lib"], - env=my_environment, - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) - self.log.debug(make_output.decode("utf-8")) - for root, _dirs, files in os.walk(git_worktree_path): - for file in fnmatch.filter(files, "*.so"): - version.modules[os.path.splitext(file)[0]] = ( - os.path.join(root, file) - ) - - @staticmethod - def _pretty_revision(version): - if version.revision == version.commit: - return version.revision - else: - return "{} ({})".format(version.revision, version.commit) - - def _get_abi_dumps_from_shared_libraries(self, version): - """Generate the ABI dumps for the specified git revision. - The shared libraries must have been built and the module paths - present in version.modules.""" - for mbed_module, module_path in version.modules.items(): - output_path = os.path.join( - self.report_dir, "{}-{}-{}.dump".format( - mbed_module, version.revision, version.version - ) - ) - abi_dump_command = [ - "abi-dumper", - module_path, - "-o", output_path, - "-lver", self._pretty_revision(version), - ] - abi_dump_output = subprocess.check_output( - abi_dump_command, - stderr=subprocess.STDOUT - ) - self.log.debug(abi_dump_output.decode("utf-8")) - version.abi_dumps[mbed_module] = output_path - - @staticmethod - def _normalize_storage_test_case_data(line): - """Eliminate cosmetic or irrelevant details in storage format test cases.""" - line = re.sub(r'\s+', r'', line) - return line - - def _read_storage_tests(self, - directory, - filename, - is_generated, - storage_tests): - """Record storage tests from the given file. - - Populate the storage_tests dictionary with test cases read from - filename under directory. - """ - at_paragraph_start = True - description = None - full_path = os.path.join(directory, filename) - with open(full_path) as fd: - for line_number, line in enumerate(fd, 1): - line = line.strip() - if not line: - at_paragraph_start = True - continue - if line.startswith('#'): - continue - if at_paragraph_start: - description = line.strip() - at_paragraph_start = False - continue - if line.startswith('depends_on:'): - continue - # We've reached a test case data line - test_case_data = self._normalize_storage_test_case_data(line) - if not is_generated: - # In manual test data, only look at read tests. - function_name = test_case_data.split(':', 1)[0] - if 'read' not in function_name.split('_'): - continue - metadata = SimpleNamespace( - filename=filename, - line_number=line_number, - description=description - ) - storage_tests[test_case_data] = metadata - - @staticmethod - def _list_generated_test_data_files(git_worktree_path): - """List the generated test data files.""" - generate_psa_tests = 'framework/scripts/generate_psa_tests.py' - if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests): - # The checked-out revision is from before generate_psa_tests.py - # was moved to the framework submodule. Use the old location. - generate_psa_tests = 'tests/scripts/generate_psa_tests.py' - - output = subprocess.check_output( - [generate_psa_tests, '--list'], - cwd=git_worktree_path, - ).decode('ascii') - return [line for line in output.split('\n') if line] - - def _get_storage_format_tests(self, version, git_worktree_path): - """Record the storage format tests for the specified git version. - - The storage format tests are the test suite data files whose name - contains "storage_format". - - The version must be checked out at git_worktree_path. - - This function creates or updates the generated data files. - """ - # Existing test data files. This may be missing some automatically - # generated files if they haven't been generated yet. - if os.path.isdir(os.path.join(git_worktree_path, 'tf-psa-crypto', - 'tests', 'suites')): - storage_data_files = set(glob.glob( - 'tf-psa-crypto/tests/suites/test_suite_*storage_format*.data' - )) - else: - storage_data_files = set(glob.glob( - 'tests/suites/test_suite_*storage_format*.data' - )) - # Discover and (re)generate automatically generated data files. - to_be_generated = set() - for filename in self._list_generated_test_data_files(git_worktree_path): - if 'storage_format' in filename: - storage_data_files.add(filename) - to_be_generated.add(filename) - - generate_psa_tests = 'framework/scripts/generate_psa_tests.py' - if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests): - # The checked-out revision is from before generate_psa_tests.py - # was moved to the framework submodule. Use the old location. - generate_psa_tests = 'tests/scripts/generate_psa_tests.py' - subprocess.check_call( - [generate_psa_tests] + sorted(to_be_generated), - cwd=git_worktree_path, - ) - for test_file in sorted(storage_data_files): - self._read_storage_tests(git_worktree_path, - test_file, - test_file in to_be_generated, - version.storage_tests) - - def _cleanup_worktree(self, git_worktree_path): - """Remove the specified git worktree.""" - shutil.rmtree(git_worktree_path) - worktree_output = subprocess.check_output( - [self.git_command, "worktree", "prune"], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(worktree_output.decode("utf-8")) - - def _get_abi_dump_for_ref(self, version): - """Generate the interface information for the specified git revision.""" - git_worktree_path = self._get_clean_worktree_for_git_revision(version) - self._update_git_submodules(git_worktree_path, version) - if self.check_abi: - self._build_shared_libraries(git_worktree_path, version) - self._get_abi_dumps_from_shared_libraries(version) - if self.check_storage_tests: - self._get_storage_format_tests(version, git_worktree_path) - self._cleanup_worktree(git_worktree_path) - - def _remove_children_with_tag(self, parent, tag): - children = parent.getchildren() - for child in children: - if child.tag == tag: - parent.remove(child) - else: - self._remove_children_with_tag(child, tag) - - def _remove_extra_detail_from_report(self, report_root): - for tag in ['test_info', 'test_results', 'problem_summary', - 'added_symbols', 'affected']: - self._remove_children_with_tag(report_root, tag) - - for report in report_root: - for problems in report.getchildren()[:]: - if not problems.getchildren(): - report.remove(problems) - - def _abi_compliance_command(self, mbed_module, output_path): - """Build the command to run to analyze the library mbed_module. - The report will be placed in output_path.""" - abi_compliance_command = [ - "abi-compliance-checker", - "-l", mbed_module, - "-old", self.old_version.abi_dumps[mbed_module], - "-new", self.new_version.abi_dumps[mbed_module], - "-strict", - "-report-path", output_path, - ] - if self.skip_file: - abi_compliance_command += ["-skip-symbols", self.skip_file, - "-skip-types", self.skip_file] - if self.brief: - abi_compliance_command += ["-report-format", "xml", - "-stdout"] - return abi_compliance_command - - def _is_library_compatible(self, mbed_module, compatibility_report): - """Test if the library mbed_module has remained compatible. - Append a message regarding compatibility to compatibility_report.""" - output_path = os.path.join( - self.report_dir, "{}-{}-{}.html".format( - mbed_module, self.old_version.revision, - self.new_version.revision - ) - ) - try: - subprocess.check_output( - self._abi_compliance_command(mbed_module, output_path), - stderr=subprocess.STDOUT - ) - except subprocess.CalledProcessError as err: - if err.returncode != 1: - raise err - if self.brief: - self.log.info( - "Compatibility issues found for {}".format(mbed_module) - ) - report_root = ET.fromstring(err.output.decode("utf-8")) - self._remove_extra_detail_from_report(report_root) - self.log.info(ET.tostring(report_root).decode("utf-8")) - else: - self.can_remove_report_dir = False - compatibility_report.append( - "Compatibility issues found for {}, " - "for details see {}".format(mbed_module, output_path) - ) - return False - compatibility_report.append( - "No compatibility issues for {}".format(mbed_module) - ) - if not (self.keep_all_reports or self.brief): - os.remove(output_path) - return True - - @staticmethod - def _is_storage_format_compatible(old_tests, new_tests, - compatibility_report): - """Check whether all tests present in old_tests are also in new_tests. - - Append a message regarding compatibility to compatibility_report. - """ - missing = frozenset(old_tests.keys()).difference(new_tests.keys()) - for test_data in sorted(missing): - metadata = old_tests[test_data] - compatibility_report.append( - 'Test case from {} line {} "{}" has disappeared: {}'.format( - metadata.filename, metadata.line_number, - metadata.description, test_data - ) - ) - compatibility_report.append( - 'FAIL: {}/{} storage format test cases have changed or disappeared.'.format( - len(missing), len(old_tests) - ) if missing else - 'PASS: All {} storage format test cases are preserved.'.format( - len(old_tests) - ) - ) - compatibility_report.append( - 'Info: number of storage format tests cases: {} -> {}.'.format( - len(old_tests), len(new_tests) - ) - ) - return not missing - - def get_abi_compatibility_report(self): - """Generate a report of the differences between the reference ABI - and the new ABI. ABI dumps from self.old_version and self.new_version - must be available.""" - compatibility_report = ["Checking evolution from {} to {}".format( - self._pretty_revision(self.old_version), - self._pretty_revision(self.new_version) - )] - compliance_return_code = 0 - - if self.check_abi: - shared_modules = list(set(self.old_version.modules.keys()) & - set(self.new_version.modules.keys())) - for mbed_module in shared_modules: - if not self._is_library_compatible(mbed_module, - compatibility_report): - compliance_return_code = 1 - - if self.check_storage_tests: - if not self._is_storage_format_compatible( - self.old_version.storage_tests, - self.new_version.storage_tests, - compatibility_report): - compliance_return_code = 1 - - for version in [self.old_version, self.new_version]: - for mbed_module, mbed_module_dump in version.abi_dumps.items(): - os.remove(mbed_module_dump) - if self.can_remove_report_dir: - os.rmdir(self.report_dir) - self.log.info("\n".join(compatibility_report)) - return compliance_return_code - - def check_for_abi_changes(self): - """Generate a report of ABI differences - between self.old_rev and self.new_rev.""" - build_tree.check_repo_path() - if self.check_api or self.check_abi: - self.check_abi_tools_are_installed() - self._get_abi_dump_for_ref(self.old_version) - self._get_abi_dump_for_ref(self.new_version) - return self.get_abi_compatibility_report() - - -def run_main(): - try: - parser = argparse.ArgumentParser( - description=__doc__ - ) - parser.add_argument( - "-v", "--verbose", action="store_true", - help="set verbosity level", - ) - parser.add_argument( - "-r", "--report-dir", type=str, default="reports", - help="directory where reports are stored, default is reports", - ) - parser.add_argument( - "-k", "--keep-all-reports", action="store_true", - help="keep all reports, even if there are no compatibility issues", - ) - parser.add_argument( - "-o", "--old-rev", type=str, help="revision for old version.", - required=True, - ) - parser.add_argument( - "-or", "--old-repo", type=str, help="repository for old version." - ) - parser.add_argument( - "-oc", "--old-crypto-rev", type=str, - help="revision for old crypto submodule." - ) - parser.add_argument( - "-ocr", "--old-crypto-repo", type=str, - help="repository for old crypto submodule." - ) - parser.add_argument( - "-n", "--new-rev", type=str, help="revision for new version", - required=True, - ) - parser.add_argument( - "-nr", "--new-repo", type=str, help="repository for new version." - ) - parser.add_argument( - "-nc", "--new-crypto-rev", type=str, - help="revision for new crypto version" - ) - parser.add_argument( - "-ncr", "--new-crypto-repo", type=str, - help="repository for new crypto submodule." - ) - parser.add_argument( - "-s", "--skip-file", type=str, - help=("path to file containing symbols and types to skip " - "(typically \"-s identifiers\" after running " - "\"tests/scripts/list-identifiers.sh --internal\")") - ) - parser.add_argument( - "--check-abi", - action='store_true', default=True, - help="Perform ABI comparison (default: yes)" - ) - parser.add_argument("--no-check-abi", action='store_false', dest='check_abi') - parser.add_argument( - "--check-api", - action='store_true', default=True, - help="Perform API comparison (default: yes)" - ) - parser.add_argument("--no-check-api", action='store_false', dest='check_api') - parser.add_argument( - "--check-storage", - action='store_true', default=True, - help="Perform storage tests comparison (default: yes)" - ) - parser.add_argument("--no-check-storage", action='store_false', dest='check_storage') - parser.add_argument( - "-b", "--brief", action="store_true", - help="output only the list of issues to stdout, instead of a full report", - ) - abi_args = parser.parse_args() - if os.path.isfile(abi_args.report_dir): - print("Error: {} is not a directory".format(abi_args.report_dir)) - parser.exit() - old_version = SimpleNamespace( - version="old", - repository=abi_args.old_repo, - revision=abi_args.old_rev, - commit=None, - crypto_repository=abi_args.old_crypto_repo, - crypto_revision=abi_args.old_crypto_rev, - abi_dumps={}, - storage_tests={}, - modules={} - ) - new_version = SimpleNamespace( - version="new", - repository=abi_args.new_repo, - revision=abi_args.new_rev, - commit=None, - crypto_repository=abi_args.new_crypto_repo, - crypto_revision=abi_args.new_crypto_rev, - abi_dumps={}, - storage_tests={}, - modules={} - ) - configuration = SimpleNamespace( - verbose=abi_args.verbose, - report_dir=abi_args.report_dir, - keep_all_reports=abi_args.keep_all_reports, - brief=abi_args.brief, - check_abi=abi_args.check_abi, - check_api=abi_args.check_api, - check_storage=abi_args.check_storage, - skip_file=abi_args.skip_file - ) - abi_check = AbiChecker(old_version, new_version, configuration) - return_code = abi_check.check_for_abi_changes() - sys.exit(return_code) - except Exception: # pylint: disable=broad-except - # Print the backtrace and exit explicitly so as to exit with - # status 2, not 1. - traceback.print_exc() - sys.exit(2) - - -if __name__ == "__main__": - run_main() diff --git a/scripts/basic.requirements.txt b/scripts/basic.requirements.txt deleted file mode 100644 index 1be3d0c23..000000000 --- a/scripts/basic.requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Python modules required to build Mbed TLS in ordinary conditions. - -# Required to (re-)generate source files. Not needed if the generated source -# files are already present and up-to-date. --r driver.requirements.txt diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh deleted file mode 100755 index 415608acc..000000000 --- a/scripts/bump_version.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/bash -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Sets the version numbers in the source code to those given. -# -# Usage: bump_version.sh [ --version ] [ --so-crypto ] -# [ --so-x509 ] [ --so-tls ] -# [ -v | --verbose ] [ -h | --help ] -# - -set -e - -VERSION="" -SOVERSION="" - -# Parse arguments -# -until [ -z "$1" ] -do - case "$1" in - --version) - # Version to use - shift - VERSION=$1 - ;; - --so-crypto) - shift - SO_CRYPTO=$1 - ;; - --so-x509) - shift - SO_X509=$1 - ;; - --so-tls) - shift - SO_TLS=$1 - ;; - -v|--verbose) - # Be verbose - VERBOSE="1" - ;; - -h|--help) - # print help - echo "Usage: $0" - echo -e " -h|--help\t\tPrint this help." - echo -e " --version \tVersion to bump to." - echo -e " --so-crypto \tSO version to bump libmbedcrypto to." - echo -e " --so-x509 \tSO version to bump libmbedx509 to." - echo -e " --so-tls \tSO version to bump libmbedtls to." - echo -e " -v|--verbose\t\tVerbose." - exit 1 - ;; - *) - # print error - echo "Unknown argument: '$1'" - exit 1 - ;; - esac - shift -done - -if [ "X" = "X$VERSION" ]; -then - echo "No version specified. Unable to continue." - exit 1 -fi - -[ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < CMakeLists.txt > tmp -mv tmp CMakeLists.txt - -[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp -mv tmp library/CMakeLists.txt - -if [ "X" != "X$SO_CRYPTO" ]; -then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/CMakeLists.txt" - sed -e "/mbedcrypto/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_CRYPTO/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt - - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/Makefile" - sed -e "s/SOEXT_CRYPTO?=so.[0-9]\{1,\}/SOEXT_CRYPTO?=so.$SO_CRYPTO/g" < library/Makefile > tmp - mv tmp library/Makefile -fi - -if [ "X" != "X$SO_X509" ]; -then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/CMakeLists.txt" - sed -e "/mbedx509/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_X509/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt - - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile" - sed -e "s/SOEXT_X509?=so.[0-9]\{1,\}/SOEXT_X509?=so.$SO_X509/g" < library/Makefile > tmp - mv tmp library/Makefile -fi - -if [ "X" != "X$SO_TLS" ]; -then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/CMakeLists.txt" - sed -e "/mbedtls/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_TLS/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt - - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile" - sed -e "s/SOEXT_TLS?=so.[0-9]\{1,\}/SOEXT_TLS?=so.$SO_TLS/g" < library/Makefile > tmp - mv tmp library/Makefile -fi - -[ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/build_info.h" -read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION) -VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )" -cat include/mbedtls/build_info.h | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_MAJOR .\{1,\}/\1_MAJOR $MAJOR/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_MINOR .\{1,\}/\1_MINOR $MINOR/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"Mbed TLS $VERSION\"/" \ - > tmp -mv tmp include/mbedtls/build_info.h - -[ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data" -sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tf-psa-crypto/tests/suites/test_suite_version.data > tmp -mv tmp tf-psa-crypto/tests/suites/test_suite_version.data - -[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h" -for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h; -do - sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp - mv tmp $i -done - -[ $VERBOSE ] && echo "Re-generating library/error.c" -scripts/generate_errors.pl - -[ $VERBOSE ] && echo "Re-generating programs/test/query_config.c" -scripts/generate_query_config.pl - -[ $VERBOSE ] && echo "Re-generating library/version_features.c" -scripts/generate_features.pl - -[ $VERBOSE ] && echo "Re-generating visualc files" -scripts/generate_visualc_files.pl - diff --git a/tests/scripts/check-doxy-blocks.pl b/scripts/check-doxy-blocks.pl similarity index 100% rename from tests/scripts/check-doxy-blocks.pl rename to scripts/check-doxy-blocks.pl diff --git a/tests/scripts/check-python-files.sh b/scripts/check-python-files.sh similarity index 100% rename from tests/scripts/check-python-files.sh rename to scripts/check-python-files.sh diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt deleted file mode 100644 index fc10c63b8..000000000 --- a/scripts/ci.requirements.txt +++ /dev/null @@ -1,28 +0,0 @@ -# Python package requirements for Mbed TLS testing. - --r driver.requirements.txt - -# Use a known version of Pylint, because new versions tend to add warnings -# that could start rejecting our code. -# 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5. -pylint == 2.4.4 - -# Use a version of mypy that is compatible with our code base. -# mypy <0.940 is known not to work: see commit -# :/Upgrade mypy to the last version supporting Python 3.6 -# mypy >=0.960 is known not to work: -# https://github.com/Mbed-TLS/mbedtls-framework/issues/50 -# mypy 0.942 is the version in Ubuntu 22.04. -mypy == 0.942 - -# At the time of writing, only needed for tests/scripts/audit-validity-dates.py. -# It needs >=35.0.0 for correct operation, and that requires Python >=3.6, -# but our CI has Python 3.5. So let pip install the newest version that's -# compatible with the running Python: this way we get something good enough -# for mypy and pylint under Python 3.5, and we also get something good enough -# to run audit-validity-dates.py on Python >=3.6. -cryptography # >= 35.0.0 - -# For building `framework/data_files/server9-bad-saltlen.crt` and check python -# files. -asn1crypto diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py deleted file mode 100755 index ce752e493..000000000 --- a/scripts/code_size_compare.py +++ /dev/null @@ -1,953 +0,0 @@ -#!/usr/bin/env python3 - -""" -This script is for comparing the size of the library files from two -different Git revisions within an Mbed TLS repository. -The results of the comparison is formatted as csv and stored at a -configurable location. -Note: must be run from Mbed TLS root. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import logging -import os -import re -import shutil -import subprocess -import sys -import typing -from enum import Enum - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree -from mbedtls_framework import logging_util -from mbedtls_framework import typing_util - -class SupportedArch(Enum): - """Supported architecture for code size measurement.""" - AARCH64 = 'aarch64' - AARCH32 = 'aarch32' - ARMV8_M = 'armv8-m' - X86_64 = 'x86_64' - X86 = 'x86' - - -class SupportedConfig(Enum): - """Supported configuration for code size measurement.""" - DEFAULT = 'default' - TFM_MEDIUM = 'tfm-medium' - - -# Static library -MBEDTLS_STATIC_LIB = { - 'CRYPTO': 'library/libmbedcrypto.a', - 'X509': 'library/libmbedx509.a', - 'TLS': 'library/libmbedtls.a', -} - -class CodeSizeDistinctInfo: # pylint: disable=too-few-public-methods - """Data structure to store possibly distinct information for code size - comparison.""" - def __init__( #pylint: disable=too-many-arguments - self, - version: str, - git_rev: str, - arch: str, - config: str, - compiler: str, - opt_level: str, - ) -> None: - """ - :param: version: which version to compare with for code size. - :param: git_rev: Git revision to calculate code size. - :param: arch: architecture to measure code size on. - :param: config: Configuration type to calculate code size. - (See SupportedConfig) - :param: compiler: compiler used to build library/*.o. - :param: opt_level: Options that control optimization. (E.g. -Os) - """ - self.version = version - self.git_rev = git_rev - self.arch = arch - self.config = config - self.compiler = compiler - self.opt_level = opt_level - # Note: Variables below are not initialized by class instantiation. - self.pre_make_cmd = [] #type: typing.List[str] - self.make_cmd = '' - - def get_info_indication(self): - """Return a unique string to indicate Code Size Distinct Information.""" - return '{git_rev}-{arch}-{config}-{compiler}'.format(**self.__dict__) - - -class CodeSizeCommonInfo: # pylint: disable=too-few-public-methods - """Data structure to store common information for code size comparison.""" - def __init__( - self, - host_arch: str, - measure_cmd: str, - ) -> None: - """ - :param host_arch: host architecture. - :param measure_cmd: command to measure code size for library/*.o. - """ - self.host_arch = host_arch - self.measure_cmd = measure_cmd - - def get_info_indication(self): - """Return a unique string to indicate Code Size Common Information.""" - return '{measure_tool}'\ - .format(measure_tool=self.measure_cmd.strip().split(' ')[0]) - -class CodeSizeResultInfo: # pylint: disable=too-few-public-methods - """Data structure to store result options for code size comparison.""" - def __init__( #pylint: disable=too-many-arguments - self, - record_dir: str, - comp_dir: str, - with_markdown=False, - stdout=False, - show_all=False, - ) -> None: - """ - :param record_dir: directory to store code size record. - :param comp_dir: directory to store results of code size comparision. - :param with_markdown: write comparision result into a markdown table. - (Default: False) - :param stdout: direct comparison result into sys.stdout. - (Default False) - :param show_all: show all objects in comparison result. (Default False) - """ - self.record_dir = record_dir - self.comp_dir = comp_dir - self.with_markdown = with_markdown - self.stdout = stdout - self.show_all = show_all - - -DETECT_ARCH_CMD = "cc -dM -E - < /dev/null" -def detect_arch() -> str: - """Auto-detect host architecture.""" - cc_output = subprocess.check_output(DETECT_ARCH_CMD, shell=True).decode() - if '__aarch64__' in cc_output: - return SupportedArch.AARCH64.value - if '__arm__' in cc_output: - return SupportedArch.AARCH32.value - if '__x86_64__' in cc_output: - return SupportedArch.X86_64.value - if '__i386__' in cc_output: - return SupportedArch.X86.value - else: - print("Unknown host architecture, cannot auto-detect arch.") - sys.exit(1) - -TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h' -TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h' - -CONFIG_H = 'include/mbedtls/mbedtls_config.h' -CRYPTO_CONFIG_H = 'tf-psa-crypto/include/psa/crypto_config.h' -BACKUP_SUFFIX = '.code_size.bak' - -class CodeSizeBuildInfo: # pylint: disable=too-few-public-methods - """Gather information used to measure code size. - - It collects information about architecture, configuration in order to - infer build command for code size measurement. - """ - - SupportedArchConfig = [ - '-a ' + SupportedArch.AARCH64.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.AARCH32.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.X86_64.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.X86.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.ARMV8_M.value + ' -c ' + SupportedConfig.TFM_MEDIUM.value, - ] - - def __init__( - self, - size_dist_info: CodeSizeDistinctInfo, - host_arch: str, - logger: logging.Logger, - ) -> None: - """ - :param size_dist_info: - CodeSizeDistinctInfo containing info for code size measurement. - - size_dist_info.arch: architecture to measure code size on. - - size_dist_info.config: configuration type to measure - code size with. - - size_dist_info.compiler: compiler used to build library/*.o. - - size_dist_info.opt_level: Options that control optimization. - (E.g. -Os) - :param host_arch: host architecture. - :param logger: logging module - """ - self.arch = size_dist_info.arch - self.config = size_dist_info.config - self.compiler = size_dist_info.compiler - self.opt_level = size_dist_info.opt_level - - self.make_cmd = ['make', '-j', 'lib'] - - self.host_arch = host_arch - self.logger = logger - - def check_correctness(self) -> bool: - """Check whether we are using proper / supported combination - of information to build library/*.o.""" - - # default config - if self.config == SupportedConfig.DEFAULT.value and \ - self.arch == self.host_arch: - return True - # TF-M - elif self.arch == SupportedArch.ARMV8_M.value and \ - self.config == SupportedConfig.TFM_MEDIUM.value: - return True - - return False - - def infer_pre_make_command(self) -> typing.List[str]: - """Infer command to set up proper configuration before running make.""" - pre_make_cmd = [] #type: typing.List[str] - if self.config == SupportedConfig.TFM_MEDIUM.value: - pre_make_cmd.append('cp {src} {dest}' - .format(src=TFM_MEDIUM_CONFIG_H, dest=CONFIG_H)) - pre_make_cmd.append('cp {src} {dest}' - .format(src=TFM_MEDIUM_CRYPTO_CONFIG_H, - dest=CRYPTO_CONFIG_H)) - - return pre_make_cmd - - def infer_make_cflags(self) -> str: - """Infer CFLAGS by instance attributes in CodeSizeDistinctInfo.""" - cflags = [] #type: typing.List[str] - - # set optimization level - cflags.append(self.opt_level) - # set compiler by config - if self.config == SupportedConfig.TFM_MEDIUM.value: - self.compiler = 'armclang' - cflags.append('-mcpu=cortex-m33') - # set target - if self.compiler == 'armclang': - cflags.append('--target=arm-arm-none-eabi') - - return ' '.join(cflags) - - def infer_make_command(self) -> str: - """Infer make command by CFLAGS and CC.""" - - if self.check_correctness(): - # set CFLAGS= - self.make_cmd.append('CFLAGS=\'{}\''.format(self.infer_make_cflags())) - # set CC= - self.make_cmd.append('CC={}'.format(self.compiler)) - return ' '.join(self.make_cmd) - else: - self.logger.error("Unsupported combination of architecture: {} " \ - "and configuration: {}.\n" - .format(self.arch, - self.config)) - self.logger.error("Please use supported combination of " \ - "architecture and configuration:") - for comb in CodeSizeBuildInfo.SupportedArchConfig: - self.logger.error(comb) - self.logger.error("") - self.logger.error("For your system, please use:") - for comb in CodeSizeBuildInfo.SupportedArchConfig: - if "default" in comb and self.host_arch not in comb: - continue - self.logger.error(comb) - sys.exit(1) - - -class CodeSizeCalculator: - """ A calculator to calculate code size of library/*.o based on - Git revision and code size measurement tool. - """ - - def __init__( #pylint: disable=too-many-arguments - self, - git_rev: str, - pre_make_cmd: typing.List[str], - make_cmd: str, - measure_cmd: str, - logger: logging.Logger, - ) -> None: - """ - :param git_rev: Git revision. (E.g: commit) - :param pre_make_cmd: command to set up proper config before running make. - :param make_cmd: command to build library/*.o. - :param measure_cmd: command to measure code size for library/*.o. - :param logger: logging module - """ - self.repo_path = "." - self.git_command = "git" - self.make_clean = 'make clean' - - self.git_rev = git_rev - self.pre_make_cmd = pre_make_cmd - self.make_cmd = make_cmd - self.measure_cmd = measure_cmd - self.logger = logger - - @staticmethod - def validate_git_revision(git_rev: str) -> str: - result = subprocess.check_output(["git", "rev-parse", "--verify", - git_rev + "^{commit}"], - shell=False, universal_newlines=True) - return result[:7] - - def _create_git_worktree(self) -> str: - """Create a separate worktree for Git revision. - If Git revision is current, use current worktree instead.""" - - if self.git_rev == 'current': - self.logger.debug("Using current work directory.") - git_worktree_path = self.repo_path - else: - self.logger.debug("Creating git worktree for {}." - .format(self.git_rev)) - git_worktree_path = os.path.join(self.repo_path, - "temp-" + self.git_rev) - subprocess.check_output( - [self.git_command, "worktree", "add", "--detach", - git_worktree_path, self.git_rev], cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - - return git_worktree_path - - @staticmethod - def backup_config_files(restore: bool) -> None: - """Backup / Restore config files.""" - if restore: - shutil.move(CONFIG_H + BACKUP_SUFFIX, CONFIG_H) - shutil.move(CRYPTO_CONFIG_H + BACKUP_SUFFIX, CRYPTO_CONFIG_H) - else: - shutil.copy(CONFIG_H, CONFIG_H + BACKUP_SUFFIX) - shutil.copy(CRYPTO_CONFIG_H, CRYPTO_CONFIG_H + BACKUP_SUFFIX) - - def _build_libraries(self, git_worktree_path: str) -> None: - """Build library/*.o in the specified worktree.""" - - self.logger.debug("Building library/*.o for {}." - .format(self.git_rev)) - my_environment = os.environ.copy() - try: - if self.git_rev == 'current': - self.backup_config_files(restore=False) - for pre_cmd in self.pre_make_cmd: - subprocess.check_output( - pre_cmd, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - universal_newlines=True - ) - subprocess.check_output( - self.make_clean, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - universal_newlines=True - ) - subprocess.check_output( - self.make_cmd, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - universal_newlines=True - ) - if self.git_rev == 'current': - self.backup_config_files(restore=True) - except subprocess.CalledProcessError as e: - self._handle_called_process_error(e, git_worktree_path) - - def _gen_raw_code_size(self, git_worktree_path: str) -> typing.Dict[str, str]: - """Measure code size by a tool and return in UTF-8 encoding.""" - - self.logger.debug("Measuring code size for {} by `{}`." - .format(self.git_rev, - self.measure_cmd.strip().split(' ')[0])) - - res = {} - for mod, st_lib in MBEDTLS_STATIC_LIB.items(): - try: - result = subprocess.check_output( - [self.measure_cmd + ' ' + st_lib], cwd=git_worktree_path, - shell=True, universal_newlines=True - ) - res[mod] = result - except subprocess.CalledProcessError as e: - self._handle_called_process_error(e, git_worktree_path) - - return res - - def _remove_worktree(self, git_worktree_path: str) -> None: - """Remove temporary worktree.""" - if git_worktree_path != self.repo_path: - self.logger.debug("Removing temporary worktree {}." - .format(git_worktree_path)) - subprocess.check_output( - [self.git_command, "worktree", "remove", "--force", - git_worktree_path], cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - - def _handle_called_process_error(self, e: subprocess.CalledProcessError, - git_worktree_path: str) -> None: - """Handle a CalledProcessError and quit the program gracefully. - Remove any extra worktrees so that the script may be called again.""" - - # Tell the user what went wrong - self.logger.error(e, exc_info=True) - self.logger.error("Process output:\n {}".format(e.output)) - - # Quit gracefully by removing the existing worktree - self._remove_worktree(git_worktree_path) - sys.exit(-1) - - def cal_libraries_code_size(self) -> typing.Dict[str, str]: - """Do a complete round to calculate code size of library/*.o - by measurement tool. - - :return A dictionary of measured code size - - typing.Dict[mod: str] - """ - - git_worktree_path = self._create_git_worktree() - try: - self._build_libraries(git_worktree_path) - res = self._gen_raw_code_size(git_worktree_path) - finally: - self._remove_worktree(git_worktree_path) - - return res - - -class CodeSizeGenerator: - """ A generator based on size measurement tool for library/*.o. - - This is an abstract class. To use it, derive a class that implements - write_record and write_comparison methods, then call both of them with - proper arguments. - """ - def __init__(self, logger: logging.Logger) -> None: - """ - :param logger: logging module - """ - self.logger = logger - - def write_record( - self, - git_rev: str, - code_size_text: typing.Dict[str, str], - output: typing_util.Writable - ) -> None: - """Write size record into a file. - - :param git_rev: Git revision. (E.g: commit) - :param code_size_text: - string output (utf-8) from measurement tool of code size. - - typing.Dict[mod: str] - :param output: output stream which the code size record is written to. - (Note: Normally write code size record into File) - """ - raise NotImplementedError - - def write_comparison( #pylint: disable=too-many-arguments - self, - old_rev: str, - new_rev: str, - output: typing_util.Writable, - with_markdown=False, - show_all=False - ) -> None: - """Write a comparision result into a stream between two Git revisions. - - :param old_rev: old Git revision to compared with. - :param new_rev: new Git revision to compared with. - :param output: output stream which the code size record is written to. - (File / sys.stdout) - :param with_markdown: write comparision result in a markdown table. - (Default: False) - :param show_all: show all objects in comparison result. (Default False) - """ - raise NotImplementedError - - -class CodeSizeGeneratorWithSize(CodeSizeGenerator): - """Code Size Base Class for size record saving and writing.""" - - class SizeEntry: # pylint: disable=too-few-public-methods - """Data Structure to only store information of code size.""" - def __init__(self, text: int, data: int, bss: int, dec: int): - self.text = text - self.data = data - self.bss = bss - self.total = dec # total <=> dec - - def __init__(self, logger: logging.Logger) -> None: - """ Variable code_size is used to store size info for any Git revisions. - :param code_size: - Data Format as following: - code_size = { - git_rev: { - module: { - file_name: SizeEntry, - ... - }, - ... - }, - ... - } - """ - super().__init__(logger) - self.code_size = {} #type: typing.Dict[str, typing.Dict] - self.mod_total_suffix = '-' + 'TOTALS' - - def _set_size_record(self, git_rev: str, mod: str, size_text: str) -> None: - """Store size information for target Git revision and high-level module. - - size_text Format: text data bss dec hex filename - """ - size_record = {} - for line in size_text.splitlines()[1:]: - data = line.split() - if re.match(r'\s*\(TOTALS\)', data[5]): - data[5] = mod + self.mod_total_suffix - # file_name: SizeEntry(text, data, bss, dec) - size_record[data[5]] = CodeSizeGeneratorWithSize.SizeEntry( - int(data[0]), int(data[1]), int(data[2]), int(data[3])) - self.code_size.setdefault(git_rev, {}).update({mod: size_record}) - - def read_size_record(self, git_rev: str, fname: str) -> None: - """Read size information from csv file and write it into code_size. - - fname Format: filename text data bss dec - """ - mod = "" - size_record = {} - with open(fname, 'r') as csv_file: - for line in csv_file: - data = line.strip().split() - # check if we find the beginning of a module - if data and data[0] in MBEDTLS_STATIC_LIB: - mod = data[0] - continue - - if mod: - # file_name: SizeEntry(text, data, bss, dec) - size_record[data[0]] = CodeSizeGeneratorWithSize.SizeEntry( - int(data[1]), int(data[2]), int(data[3]), int(data[4])) - - # check if we hit record for the end of a module - m = re.match(r'\w+' + self.mod_total_suffix, line) - if m: - if git_rev in self.code_size: - self.code_size[git_rev].update({mod: size_record}) - else: - self.code_size[git_rev] = {mod: size_record} - mod = "" - size_record = {} - - def write_record( - self, - git_rev: str, - code_size_text: typing.Dict[str, str], - output: typing_util.Writable - ) -> None: - """Write size information to a file. - - Writing Format: filename text data bss total(dec) - """ - for mod, size_text in code_size_text.items(): - self._set_size_record(git_rev, mod, size_text) - - format_string = "{:<30} {:>7} {:>7} {:>7} {:>7}\n" - output.write(format_string.format("filename", - "text", "data", "bss", "total")) - - for mod, f_size in self.code_size[git_rev].items(): - output.write("\n" + mod + "\n") - for fname, size_entry in f_size.items(): - output.write(format_string - .format(fname, - size_entry.text, size_entry.data, - size_entry.bss, size_entry.total)) - - def write_comparison( #pylint: disable=too-many-arguments - self, - old_rev: str, - new_rev: str, - output: typing_util.Writable, - with_markdown=False, - show_all=False - ) -> None: - # pylint: disable=too-many-locals - """Write comparison result into a file. - - Writing Format: - Markdown Output: - filename new(text) new(data) change(text) change(data) - CSV Output: - filename new(text) new(data) old(text) old(data) change(text) change(data) - """ - header_line = ["filename", "new(text)", "old(text)", "change(text)", - "new(data)", "old(data)", "change(data)"] - if with_markdown: - dash_line = [":----", "----:", "----:", "----:", - "----:", "----:", "----:"] - # | filename | new(text) | new(data) | change(text) | change(data) | - line_format = "| {0:<30} | {1:>9} | {4:>9} | {3:>12} | {6:>12} |\n" - bold_text = lambda x: '**' + str(x) + '**' - else: - # filename new(text) new(data) old(text) old(data) change(text) change(data) - line_format = "{0:<30} {1:>9} {4:>9} {2:>10} {5:>10} {3:>12} {6:>12}\n" - - def cal_sect_change( - old_size: typing.Optional[CodeSizeGeneratorWithSize.SizeEntry], - new_size: typing.Optional[CodeSizeGeneratorWithSize.SizeEntry], - sect: str - ) -> typing.List: - """Inner helper function to calculate size change for a section. - - Convention for special cases: - - If the object has been removed in new Git revision, - the size is minus code size of old Git revision; - the size change is marked as `Removed`, - - If the object only exists in new Git revision, - the size is code size of new Git revision; - the size change is marked as `None`, - - :param: old_size: code size for objects in old Git revision. - :param: new_size: code size for objects in new Git revision. - :param: sect: section to calculate from `size` tool. This could be - any instance variable in SizeEntry. - :return: List of [section size of objects for new Git revision, - section size of objects for old Git revision, - section size change of objects between two Git revisions] - """ - if old_size and new_size: - new_attr = new_size.__dict__[sect] - old_attr = old_size.__dict__[sect] - delta = new_attr - old_attr - change_attr = '{0:{1}}'.format(delta, '+' if delta else '') - elif old_size: - new_attr = 'Removed' - old_attr = old_size.__dict__[sect] - delta = - old_attr - change_attr = '{0:{1}}'.format(delta, '+' if delta else '') - elif new_size: - new_attr = new_size.__dict__[sect] - old_attr = 'NotCreated' - delta = new_attr - change_attr = '{0:{1}}'.format(delta, '+' if delta else '') - else: - # Should never happen - new_attr = 'Error' - old_attr = 'Error' - change_attr = 'Error' - return [new_attr, old_attr, change_attr] - - # sort dictionary by key - sort_by_k = lambda item: item[0].lower() - def get_results( - f_rev_size: - typing.Dict[str, - typing.Dict[str, - CodeSizeGeneratorWithSize.SizeEntry]] - ) -> typing.List: - """Return List of results in the format of: - [filename, new(text), old(text), change(text), - new(data), old(data), change(data)] - """ - res = [] - for fname, revs_size in sorted(f_rev_size.items(), key=sort_by_k): - old_size = revs_size.get(old_rev) - new_size = revs_size.get(new_rev) - - text_sect = cal_sect_change(old_size, new_size, 'text') - data_sect = cal_sect_change(old_size, new_size, 'data') - # skip the files that haven't changed in code size - if not show_all and text_sect[-1] == '0' and data_sect[-1] == '0': - continue - - res.append([fname, *text_sect, *data_sect]) - return res - - # write header - output.write(line_format.format(*header_line)) - if with_markdown: - output.write(line_format.format(*dash_line)) - for mod in MBEDTLS_STATIC_LIB: - # convert self.code_size to: - # { - # file_name: { - # old_rev: SizeEntry, - # new_rev: SizeEntry - # }, - # ... - # } - f_rev_size = {} #type: typing.Dict[str, typing.Dict] - for fname, size_entry in self.code_size[old_rev][mod].items(): - f_rev_size.setdefault(fname, {}).update({old_rev: size_entry}) - for fname, size_entry in self.code_size[new_rev][mod].items(): - f_rev_size.setdefault(fname, {}).update({new_rev: size_entry}) - - mod_total_sz = f_rev_size.pop(mod + self.mod_total_suffix) - res = get_results(f_rev_size) - total_clm = get_results({mod + self.mod_total_suffix: mod_total_sz}) - if with_markdown: - # bold row of mod-TOTALS in markdown table - total_clm = [[bold_text(j) for j in i] for i in total_clm] - res += total_clm - - # write comparison result - for line in res: - output.write(line_format.format(*line)) - - -class CodeSizeComparison: - """Compare code size between two Git revisions.""" - - def __init__( #pylint: disable=too-many-arguments - self, - old_size_dist_info: CodeSizeDistinctInfo, - new_size_dist_info: CodeSizeDistinctInfo, - size_common_info: CodeSizeCommonInfo, - result_options: CodeSizeResultInfo, - logger: logging.Logger, - ) -> None: - """ - :param old_size_dist_info: CodeSizeDistinctInfo containing old distinct - info to compare code size with. - :param new_size_dist_info: CodeSizeDistinctInfo containing new distinct - info to take as comparision base. - :param size_common_info: CodeSizeCommonInfo containing common info for - both old and new size distinct info and - measurement tool. - :param result_options: CodeSizeResultInfo containing results options for - code size record and comparision. - :param logger: logging module - """ - - self.logger = logger - - self.old_size_dist_info = old_size_dist_info - self.new_size_dist_info = new_size_dist_info - self.size_common_info = size_common_info - # infer pre make command - self.old_size_dist_info.pre_make_cmd = CodeSizeBuildInfo( - self.old_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_pre_make_command() - self.new_size_dist_info.pre_make_cmd = CodeSizeBuildInfo( - self.new_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_pre_make_command() - # infer make command - self.old_size_dist_info.make_cmd = CodeSizeBuildInfo( - self.old_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_make_command() - self.new_size_dist_info.make_cmd = CodeSizeBuildInfo( - self.new_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_make_command() - # initialize size parser with corresponding measurement tool - self.code_size_generator = self.__generate_size_parser() - - self.result_options = result_options - self.csv_dir = os.path.abspath(self.result_options.record_dir) - os.makedirs(self.csv_dir, exist_ok=True) - self.comp_dir = os.path.abspath(self.result_options.comp_dir) - os.makedirs(self.comp_dir, exist_ok=True) - - def __generate_size_parser(self): - """Generate a parser for the corresponding measurement tool.""" - if re.match(r'size', self.size_common_info.measure_cmd.strip()): - return CodeSizeGeneratorWithSize(self.logger) - else: - self.logger.error("Unsupported measurement tool: `{}`." - .format(self.size_common_info.measure_cmd - .strip().split(' ')[0])) - sys.exit(1) - - def cal_code_size( - self, - size_dist_info: CodeSizeDistinctInfo - ) -> typing.Dict[str, str]: - """Calculate code size of library/*.o in a UTF-8 encoding""" - - return CodeSizeCalculator(size_dist_info.git_rev, - size_dist_info.pre_make_cmd, - size_dist_info.make_cmd, - self.size_common_info.measure_cmd, - self.logger).cal_libraries_code_size() - - def gen_code_size_report(self, size_dist_info: CodeSizeDistinctInfo) -> None: - """Generate code size record and write it into a file.""" - - self.logger.info("Start to generate code size record for {}." - .format(size_dist_info.git_rev)) - output_file = os.path.join( - self.csv_dir, - '{}-{}.csv' - .format(size_dist_info.get_info_indication(), - self.size_common_info.get_info_indication())) - # Check if the corresponding record exists - if size_dist_info.git_rev != "current" and \ - os.path.exists(output_file): - self.logger.debug("Code size csv file for {} already exists." - .format(size_dist_info.git_rev)) - self.code_size_generator.read_size_record( - size_dist_info.git_rev, output_file) - else: - # measure code size - code_size_text = self.cal_code_size(size_dist_info) - - self.logger.debug("Generating code size csv for {}." - .format(size_dist_info.git_rev)) - output = open(output_file, "w") - self.code_size_generator.write_record( - size_dist_info.git_rev, code_size_text, output) - - def gen_code_size_comparison(self) -> None: - """Generate results of code size changes between two Git revisions, - old and new. - - - Measured code size result of these two Git revisions must be available. - - The result is directed into either file / stdout depending on - the option, size_common_info.result_options.stdout. (Default: file) - """ - - self.logger.info("Start to generate comparision result between "\ - "{} and {}." - .format(self.old_size_dist_info.git_rev, - self.new_size_dist_info.git_rev)) - if self.result_options.stdout: - output = sys.stdout - else: - output_file = os.path.join( - self.comp_dir, - '{}-{}-{}.{}' - .format(self.old_size_dist_info.get_info_indication(), - self.new_size_dist_info.get_info_indication(), - self.size_common_info.get_info_indication(), - 'md' if self.result_options.with_markdown else 'csv')) - output = open(output_file, "w") - - self.logger.debug("Generating comparison results between {} and {}." - .format(self.old_size_dist_info.git_rev, - self.new_size_dist_info.git_rev)) - if self.result_options.with_markdown or self.result_options.stdout: - print("Measure code size between {} and {} by `{}`." - .format(self.old_size_dist_info.get_info_indication(), - self.new_size_dist_info.get_info_indication(), - self.size_common_info.get_info_indication()), - file=output) - self.code_size_generator.write_comparison( - self.old_size_dist_info.git_rev, - self.new_size_dist_info.git_rev, - output, self.result_options.with_markdown, - self.result_options.show_all) - - def get_comparision_results(self) -> None: - """Compare size of library/*.o between self.old_size_dist_info and - self.old_size_dist_info and generate the result file.""" - build_tree.check_repo_path() - self.gen_code_size_report(self.old_size_dist_info) - self.gen_code_size_report(self.new_size_dist_info) - self.gen_code_size_comparison() - -def main(): - parser = argparse.ArgumentParser(description=(__doc__)) - group_required = parser.add_argument_group( - 'required arguments', - 'required arguments to parse for running ' + os.path.basename(__file__)) - group_required.add_argument( - '-o', '--old-rev', type=str, required=True, - help='old Git revision for comparison.') - - group_optional = parser.add_argument_group( - 'optional arguments', - 'optional arguments to parse for running ' + os.path.basename(__file__)) - group_optional.add_argument( - '--record-dir', type=str, default='code_size_records', - help='directory where code size record is stored. ' - '(Default: code_size_records)') - group_optional.add_argument( - '--comp-dir', type=str, default='comparison', - help='directory where comparison result is stored. ' - '(Default: comparison)') - group_optional.add_argument( - '-n', '--new-rev', type=str, default='current', - help='new Git revision as comparison base. ' - '(Default is the current work directory, including uncommitted ' - 'changes.)') - group_optional.add_argument( - '-a', '--arch', type=str, default=detect_arch(), - choices=list(map(lambda s: s.value, SupportedArch)), - help='Specify architecture for code size comparison. ' - '(Default is the host architecture.)') - group_optional.add_argument( - '-c', '--config', type=str, default=SupportedConfig.DEFAULT.value, - choices=list(map(lambda s: s.value, SupportedConfig)), - help='Specify configuration type for code size comparison. ' - '(Default is the current Mbed TLS configuration.)') - group_optional.add_argument( - '--markdown', action='store_true', dest='markdown', - help='Show comparision of code size in a markdown table. ' - '(Only show the files that have changed).') - group_optional.add_argument( - '--stdout', action='store_true', dest='stdout', - help='Set this option to direct comparison result into sys.stdout. ' - '(Default: file)') - group_optional.add_argument( - '--show-all', action='store_true', dest='show_all', - help='Show all the objects in comparison result, including the ones ' - 'that haven\'t changed in code size. (Default: False)') - group_optional.add_argument( - '--verbose', action='store_true', dest='verbose', - help='Show logs in detail for code size measurement. ' - '(Default: False)') - comp_args = parser.parse_args() - - logger = logging.getLogger() - logging_util.configure_logger(logger, split_level=logging.NOTSET) - logger.setLevel(logging.DEBUG if comp_args.verbose else logging.INFO) - - if os.path.isfile(comp_args.record_dir): - logger.error("record directory: {} is not a directory" - .format(comp_args.record_dir)) - sys.exit(1) - if os.path.isfile(comp_args.comp_dir): - logger.error("comparison directory: {} is not a directory" - .format(comp_args.comp_dir)) - sys.exit(1) - - comp_args.old_rev = CodeSizeCalculator.validate_git_revision( - comp_args.old_rev) - if comp_args.new_rev != 'current': - comp_args.new_rev = CodeSizeCalculator.validate_git_revision( - comp_args.new_rev) - - # version, git_rev, arch, config, compiler, opt_level - old_size_dist_info = CodeSizeDistinctInfo( - 'old', comp_args.old_rev, comp_args.arch, comp_args.config, 'cc', '-Os') - new_size_dist_info = CodeSizeDistinctInfo( - 'new', comp_args.new_rev, comp_args.arch, comp_args.config, 'cc', '-Os') - # host_arch, measure_cmd - size_common_info = CodeSizeCommonInfo( - detect_arch(), 'size -t') - # record_dir, comp_dir, with_markdown, stdout, show_all - result_options = CodeSizeResultInfo( - comp_args.record_dir, comp_args.comp_dir, - comp_args.markdown, comp_args.stdout, comp_args.show_all) - - logger.info("Measure code size between {} and {} by `{}`." - .format(old_size_dist_info.get_info_indication(), - new_size_dist_info.get_info_indication(), - size_common_info.get_info_indication())) - CodeSizeComparison(old_size_dist_info, new_size_dist_info, - size_common_info, result_options, - logger).get_comparision_results() - -if __name__ == "__main__": - main() diff --git a/scripts/common.make b/scripts/common.make deleted file mode 100644 index b3d028ff6..000000000 --- a/scripts/common.make +++ /dev/null @@ -1,170 +0,0 @@ -# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS - -ifndef MBEDTLS_PATH -MBEDTLS_PATH := .. -endif - -PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim - -ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message -$(MBEDTLS_PATH)/framework/exported.make not found. -Run `git submodule update --init` to fetch the submodule contents. -This is a fatal error - endef - $(error $(error_message)) -endif -include $(MBEDTLS_PATH)/framework/exported.make - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic -LDFLAGS ?= - -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ - -I$(MBEDTLS_PATH)/framework/tests/include \ - -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ - -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS) - -ifdef PSASIM -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L$(PSASIM_PATH)/client_libs \ - -lpsaclient \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) -else -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L$(MBEDTLS_PATH)/library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) -endif - -THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(THIRDPARTY_DIR)/everest/Makefile.inc -include $(THIRDPARTY_DIR)/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) - -ifdef PSASIM -MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ - $(PSASIM_PATH)/client_libs/libmbedx509.a \ - $(PSASIM_PATH)/client_libs/libmbedtls.a \ - $(PSASIM_PATH)/client_libs/libpsaclient.a -else ifndef SHARED -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \ - $(MBEDTLS_PATH)/library/libmbedx509.a \ - $(MBEDTLS_PATH)/library/libmbedtls.a -else -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \ - $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \ - $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) -endif - -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - -# if we're running on Windows, build for Windows -ifdef WINDOWS -WINDOWS_BUILD=1 -endif - -## Usage: $(call remove_enabled_options,PREPROCESSOR_INPUT) -## Remove the preprocessor symbols that are set in the current configuration -## from PREPROCESSOR_INPUT. Also normalize whitespace. -## Example: -## $(call remove_enabled_options,MBEDTLS_FOO MBEDTLS_BAR) -## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is -## disabled, etc. -## -## This only works with a Unix-like shell environment (Bourne/POSIX-style shell -## and standard commands) and a Unix-like compiler (supporting -E). In -## other environments, the output is likely to be empty. -define remove_enabled_options -$(strip $(shell - exec 2>/dev/null; - { echo '#include '; echo $(1); } | - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -E - | - tail -n 1 -)) -endef - -ifdef WINDOWS_BUILD - DLEXT=dll - EXEXT=.exe - LOCAL_LDFLAGS += -lws2_32 -lbcrypt - ifdef SHARED - SHARED_SUFFIX=.$(DLEXT) - endif - -else # Not building for Windows - DLEXT ?= so - EXEXT= - SHARED_SUFFIX= - ifndef THREADING - # Auto-detect configurations with pthread. - # If the call to remove_enabled_options returns "control", the symbols - # are confirmed set and we link with pthread. - # If the auto-detection fails, the result of the call is empty and - # we keep THREADING undefined. - ifeq (control,$(call remove_enabled_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) - THREADING := pthread - endif - endif - - ifeq ($(THREADING),pthread) - LOCAL_LDFLAGS += -lpthread - endif -endif - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - -default: all - -$(MBEDLIBS): - $(MAKE) -C $(MBEDTLS_PATH)/library - -neat: clean -ifndef WINDOWS - rm -f $(GENERATED_FILES) -else - for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f -endif - -# Auxiliary modules used by tests and some sample programs -MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \ - ${MBEDTLS_PATH}/framework/tests/src/*.c \ - ${MBEDTLS_PATH}/framework/tests/src/drivers/*.c \ - )) -# Ignore PSA stubs when building for the client side of PSASIM (i.e. -# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates. -ifdef PSASIM -MBEDTLS_CORE_TEST_OBJS := $(filter-out \ - ${MBEDTLS_PATH}/framework/tests/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\ - ) -endif -# Additional auxiliary modules for TLS testing -MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ - ${MBEDTLS_TEST_PATH}/src/*.c \ - ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \ - )) - -MBEDTLS_TEST_OBJS = $(MBEDTLS_CORE_TEST_OBJS) $(MBEDTLS_TLS_TEST_OBJS) diff --git a/scripts/config.py b/scripts/config.py deleted file mode 100755 index db2bc57e3..000000000 --- a/scripts/config.py +++ /dev/null @@ -1,515 +0,0 @@ -#!/usr/bin/env python3 - -"""Mbed TLS and PSA configuration file manipulation library and tool - -Basic usage, to read the Mbed TLS configuration: - config = CombinedConfigFile() - if 'MBEDTLS_RSA_C' in config: print('RSA is enabled') -""" - -## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -## - -import os -import re -import sys - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import config_common - - -def is_boolean_setting(name, value): - """Is this a boolean setting? - - Mbed TLS boolean settings are enabled if the preprocessor macro is - defined, and disabled if the preprocessor macro is not defined. The - macro definition line in the configuration file has an empty expansion. - - PSA_WANT_xxx settings are also boolean, but when they are enabled, - they expand to a nonzero value. We leave them undefined when they - are disabled. (Setting them to 0 currently means to enable them, but - this might change to mean disabling them. Currently we just never set - them to 0.) - """ - if name.startswith('PSA_WANT_'): - return True - if not value: - return True - return False - -def realfull_adapter(_name, _value, _active): - """Activate all symbols. - - This is intended for building the documentation, including the - documentation of settings that are activated by defining an optional - preprocessor macro. There is no expectation that the resulting - configuration can be built. - """ - return True - -PSA_UNSUPPORTED_FEATURE = frozenset([ - 'PSA_WANT_ALG_CBC_MAC', - 'PSA_WANT_ALG_XTS', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE', - 'PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE' -]) - -PSA_DEPRECATED_FEATURE = frozenset([ - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR' -]) - -PSA_UNSTABLE_FEATURE = frozenset([ - 'PSA_WANT_ECC_SECP_K1_224' -]) - -EXCLUDE_FROM_CRYPTO = PSA_UNSUPPORTED_FEATURE | \ - PSA_DEPRECATED_FEATURE | \ - PSA_UNSTABLE_FEATURE - -# The goal of the full configuration is to have everything that can be tested -# together. This includes deprecated or insecure options. It excludes: -# * Options that require additional build dependencies or unusual hardware. -# * Options that make testing less effective. -# * Options that are incompatible with other options, or more generally that -# interact with other parts of the code in such a way that a bulk enabling -# is not a good way to test them. -# * Options that remove features. -EXCLUDE_FROM_FULL = frozenset([ - #pylint: disable=line-too-long - 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY - 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES - 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 - 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options - 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options - 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS - 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental - 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY - 'MBEDTLS_HAVE_SSE2', # hardware dependency - 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C - 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective - 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C - 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum - 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature - 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature - 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum - 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA - 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency - 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change - 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) - 'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources - 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS - 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient - 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) - 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) - 'MBEDTLS_X509_REMOVE_INFO', # removes a feature - 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices - 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices - *PSA_UNSUPPORTED_FEATURE, - *PSA_DEPRECATED_FEATURE, - *PSA_UNSTABLE_FEATURE -]) - -def is_seamless_alt(name): - """Whether the xxx_ALT symbol should be included in the full configuration. - - Include alternative implementations of platform functions, which are - configurable function pointers that default to the built-in function. - This way we test that the function pointers exist and build correctly - without changing the behavior, and tests can verify that the function - pointers are used by modifying those pointers. - - Exclude alternative implementations of library functions since they require - an implementation of the relevant functions and an xxx_alt.h header. - """ - if name in ( - 'MBEDTLS_PLATFORM_GMTIME_R_ALT', - 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', - 'MBEDTLS_PLATFORM_MS_TIME_ALT', - 'MBEDTLS_PLATFORM_ZEROIZE_ALT', - ): - # Similar to non-platform xxx_ALT, requires platform_alt.h - return False - return name.startswith('MBEDTLS_PLATFORM_') - -def include_in_full(name): - """Rules for symbols in the "full" configuration.""" - if name in EXCLUDE_FROM_FULL: - return False - if name.endswith('_ALT'): - return is_seamless_alt(name) - return True - -def full_adapter(name, value, active): - """Config adapter for "full".""" - if not is_boolean_setting(name, value): - return active - return include_in_full(name) - -# The baremetal configuration excludes options that require a library or -# operating system feature that is typically not present on bare metal -# systems. Features that are excluded from "full" won't be in "baremetal" -# either (unless explicitly turned on in baremetal_adapter) so they don't -# need to be repeated here. -EXCLUDE_FROM_BAREMETAL = frozenset([ - #pylint: disable=line-too-long - 'MBEDTLS_ENTROPY_NV_SEED', # requires a filesystem and FS_IO or alternate NV seed hooks - 'MBEDTLS_FS_IO', # requires a filesystem - 'MBEDTLS_HAVE_TIME', # requires a clock - 'MBEDTLS_HAVE_TIME_DATE', # requires a clock - 'MBEDTLS_NET_C', # requires POSIX-like networking - 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h - 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED - 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME - 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C - 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem - 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem - 'MBEDTLS_THREADING_C', # requires a threading interface - 'MBEDTLS_THREADING_PTHREAD', # requires pthread - 'MBEDTLS_TIMING_C', # requires a clock - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection - 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection -]) - -def keep_in_baremetal(name): - """Rules for symbols in the "baremetal" configuration.""" - if name in EXCLUDE_FROM_BAREMETAL: - return False - return True - -def baremetal_adapter(name, value, active): - """Config adapter for "baremetal".""" - if not is_boolean_setting(name, value): - return active - if name == 'MBEDTLS_NO_PLATFORM_ENTROPY': - # No OS-provided entropy source - return True - return include_in_full(name) and keep_in_baremetal(name) - -# This set contains options that are mostly for debugging or test purposes, -# and therefore should be excluded when doing code size measurements. -# Options that are their own module (such as MBEDTLS_ERROR_C) are not listed -# and therefore will be included when doing code size measurements. -EXCLUDE_FOR_SIZE = frozenset([ - 'MBEDTLS_DEBUG_C', # large code size increase in TLS - 'MBEDTLS_SELF_TEST', # increases the size of many modules - 'MBEDTLS_TEST_HOOKS', # only useful with the hosted test framework, increases code size -]) - -def baremetal_size_adapter(name, value, active): - if name in EXCLUDE_FOR_SIZE: - return False - return baremetal_adapter(name, value, active) - -def include_in_crypto(name): - """Rules for symbols in a crypto configuration.""" - if name.startswith('MBEDTLS_X509_') or \ - name.startswith('MBEDTLS_VERSION_') or \ - name.startswith('MBEDTLS_SSL_') or \ - name.startswith('MBEDTLS_KEY_EXCHANGE_'): - return False - if name in [ - 'MBEDTLS_DEBUG_C', # part of libmbedtls - 'MBEDTLS_NET_C', # part of libmbedtls - 'MBEDTLS_PKCS7_C', # part of libmbedx509 - 'MBEDTLS_TIMING_C', # part of libmbedtls - 'MBEDTLS_ERROR_C', # part of libmbedx509 - 'MBEDTLS_ERROR_STRERROR_DUMMY', # part of libmbedx509 - ]: - return False - if name in EXCLUDE_FROM_CRYPTO: - return False - return True - -def crypto_adapter(adapter): - """Modify an adapter to disable non-crypto symbols. - - ``crypto_adapter(adapter)(name, value, active)`` is like - ``adapter(name, value, active)``, but unsets all X.509 and TLS symbols. - """ - def continuation(name, value, active): - if not include_in_crypto(name): - return False - if adapter is None: - return active - return adapter(name, value, active) - return continuation - -DEPRECATED = frozenset([ - 'MBEDTLS_PSA_CRYPTO_SE_C', - *PSA_DEPRECATED_FEATURE -]) -def no_deprecated_adapter(adapter): - """Modify an adapter to disable deprecated symbols. - - ``no_deprecated_adapter(adapter)(name, value, active)`` is like - ``adapter(name, value, active)``, but unsets all deprecated symbols - and sets ``MBEDTLS_DEPRECATED_REMOVED``. - """ - def continuation(name, value, active): - if name == 'MBEDTLS_DEPRECATED_REMOVED': - return True - if name in DEPRECATED: - return False - if adapter is None: - return active - return adapter(name, value, active) - return continuation - -def no_platform_adapter(adapter): - """Modify an adapter to disable platform symbols. - - ``no_platform_adapter(adapter)(name, value, active)`` is like - ``adapter(name, value, active)``, but unsets all platform symbols other - ``than MBEDTLS_PLATFORM_C. - """ - def continuation(name, value, active): - # Allow MBEDTLS_PLATFORM_C but remove all other platform symbols. - if name.startswith('MBEDTLS_PLATFORM_') and name != 'MBEDTLS_PLATFORM_C': - return False - if adapter is None: - return active - return adapter(name, value, active) - return continuation - - -class MbedTLSConfigFile(config_common.ConfigFile): - """Representation of an MbedTLS configuration file.""" - - _path_in_tree = 'include/mbedtls/mbedtls_config.h' - default_path = [_path_in_tree, - os.path.join(os.path.dirname(__file__), - os.pardir, - _path_in_tree), - os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))), - _path_in_tree)] - - def __init__(self, filename=None): - super().__init__(self.default_path, 'Mbed TLS', filename) - self.current_section = 'header' - - -class CryptoConfigFile(config_common.ConfigFile): - """Representation of a Crypto configuration file.""" - - # Temporary, while Mbed TLS does not just rely on the TF-PSA-Crypto - # build system to build its crypto library. When it does, the - # condition can just be removed. - _path_in_tree = ('include/psa/crypto_config.h' - if not os.path.isdir(os.path.join(os.path.dirname(__file__), - os.pardir, - 'tf-psa-crypto')) else - 'tf-psa-crypto/include/psa/crypto_config.h') - default_path = [_path_in_tree, - os.path.join(os.path.dirname(__file__), - os.pardir, - _path_in_tree), - os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))), - _path_in_tree)] - - def __init__(self, filename=None): - super().__init__(self.default_path, 'Crypto', filename) - - -class MbedTLSConfig(config_common.Config): - """Representation of the Mbed TLS configuration. - - See the documentation of the `Config` class for methods to query - and modify the configuration. - """ - - def __init__(self, filename=None): - """Read the Mbed TLS configuration file.""" - - super().__init__() - configfile = MbedTLSConfigFile(filename) - self.configfiles.append(configfile) - self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for (active, name, value, section) - in configfile.parse_file()}) - - def set(self, name, value=None): - """Set name to the given value and make it active.""" - - if name not in self.settings: - self._get_configfile().templates.append((name, '', '#define ' + name + ' ')) - - super().set(name, value) - - -class CryptoConfig(config_common.Config): - """Representation of the PSA crypto configuration. - - See the documentation of the `Config` class for methods to query - and modify the configuration. - """ - - def __init__(self, filename=None): - """Read the PSA crypto configuration file.""" - - super().__init__() - configfile = CryptoConfigFile(filename) - self.configfiles.append(configfile) - self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for (active, name, value, section) - in configfile.parse_file()}) - - def set(self, name, value='1'): - """Set name to the given value and make it active.""" - - if name in PSA_UNSUPPORTED_FEATURE: - raise ValueError(f'Feature is unsupported: \'{name}\'') - if name in PSA_UNSTABLE_FEATURE: - raise ValueError(f'Feature is unstable: \'{name}\'') - - if name not in self.settings: - self._get_configfile().templates.append((name, '', '#define ' + name + ' ')) - - super().set(name, value) - - -class CombinedConfig(config_common.Config): - """Representation of MbedTLS and PSA crypto configuration - - See the documentation of the `Config` class for methods to query - and modify the configuration. - """ - - def __init__(self, *configs): - super().__init__() - for config in configs: - if isinstance(config, MbedTLSConfigFile): - self.mbedtls_configfile = config - elif isinstance(config, CryptoConfigFile): - self.crypto_configfile = config - else: - raise ValueError(f'Invalid configfile: {config}') - self.configfiles.append(config) - - self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for configfile in [self.mbedtls_configfile, self.crypto_configfile] - for (active, name, value, section) in configfile.parse_file()}) - - _crypto_regexp = re.compile(r'^PSA_.*') - def _get_configfile(self, name=None): - """Find a config type for a setting name""" - - if name in self.settings: - return self.settings[name].configfile - elif re.match(self._crypto_regexp, name): - return self.crypto_configfile - else: - return self.mbedtls_configfile - - def set(self, name, value=None): - """Set name to the given value and make it active.""" - - configfile = self._get_configfile(name) - - if configfile == self.crypto_configfile: - if name in PSA_UNSUPPORTED_FEATURE: - raise ValueError(f'Feature is unsupported: \'{name}\'') - if name in PSA_UNSTABLE_FEATURE: - raise ValueError(f'Feature is unstable: \'{name}\'') - - # The default value in the crypto config is '1' - if not value and re.match(self._crypto_regexp, name): - value = '1' - - if name not in self.settings: - configfile.templates.append((name, '', '#define ' + name + ' ')) - - super().set(name, value) - - #pylint: disable=arguments-differ - def write(self, mbedtls_file=None, crypto_file=None): - """Write the whole configuration to the file it was read from. - - If mbedtls_file or crypto_file is specified, write the specific configuration - to the corresponding file instead. - - Two file name parameters and not only one as in the super class as we handle - two configuration files in this class. - """ - - self.mbedtls_configfile.write(self.settings, mbedtls_file) - self.crypto_configfile.write(self.settings, crypto_file) - - def filename(self, name=None): - """Get the name of the config files. - - If 'name' is specified return the name of the config file where it is defined. - """ - - if not name: - return [config.filename for config in [self.mbedtls_configfile, self.crypto_configfile]] - - return self._get_configfile(name).filename - - -class MbedTLSConfigTool(config_common.ConfigTool): - """Command line mbedtls_config.h and crypto_config.h manipulation tool.""" - - def __init__(self): - super().__init__(MbedTLSConfigFile.default_path) - self.config = CombinedConfig(MbedTLSConfigFile(self.args.file), - CryptoConfigFile(self.args.cryptofile)) - - def custom_parser_options(self): - """Adds MbedTLS specific options for the parser.""" - - self.parser.add_argument( - '--cryptofile', '-c', - help="""Crypto file to read (and modify if requested). Default: {}.""" - .format(CryptoConfigFile.default_path)) - - self.add_adapter( - 'baremetal', baremetal_adapter, - """Like full, but exclude features that require platform features - such as file input-output. - """) - self.add_adapter( - 'baremetal_size', baremetal_size_adapter, - """Like baremetal, but exclude debugging features. Useful for code size measurements. - """) - self.add_adapter( - 'full', full_adapter, - """Uncomment most features. - Exclude alternative implementations and platform support options, as well as - some options that are awkward to test. - """) - self.add_adapter( - 'full_no_deprecated', no_deprecated_adapter(full_adapter), - """Uncomment most non-deprecated features. - Like "full", but without deprecated features. - """) - self.add_adapter( - 'full_no_platform', no_platform_adapter(full_adapter), - """Uncomment most non-platform features. Like "full", but without platform features. - """) - self.add_adapter( - 'realfull', realfull_adapter, - """Uncomment all boolean #defines. - Suitable for generating documentation, but not for building. - """) - self.add_adapter( - 'crypto', crypto_adapter(None), - """Only include crypto features. Exclude X.509 and TLS.""") - self.add_adapter( - 'crypto_baremetal', crypto_adapter(baremetal_adapter), - """Like baremetal, but with only crypto features, excluding X.509 and TLS.""") - self.add_adapter( - 'crypto_full', crypto_adapter(full_adapter), - """Like full, but with only crypto features, excluding X.509 and TLS.""") - - -if __name__ == '__main__': - sys.exit(MbedTLSConfigTool().main()) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt deleted file mode 100644 index b75a9ab4e..000000000 --- a/scripts/data_files/error.fmt +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Error message information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "common.h" - -#include "mbedtls/error.h" - -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) - -#if defined(MBEDTLS_ERROR_C) - -#include "mbedtls/platform.h" - -#include -#include - -HEADER_INCLUDED - -const char *mbedtls_high_level_strerr(int error_code) -{ - int high_level_error_code; - - if (error_code < 0) { - error_code = -error_code; - } - - /* Extract the high-level part from the error code. */ - high_level_error_code = error_code & 0xFF80; - - switch (high_level_error_code) { - /* Begin Auto-Generated Code. */ - HIGH_LEVEL_CODE_CHECKS - /* End Auto-Generated Code. */ - - default: - break; - } - - return NULL; -} - -const char *mbedtls_low_level_strerr(int error_code) -{ - int low_level_error_code; - - if (error_code < 0) { - error_code = -error_code; - } - - /* Extract the low-level part from the error code. */ - low_level_error_code = error_code & ~0xFF80; - - switch (low_level_error_code) { - /* Begin Auto-Generated Code. */ - LOW_LEVEL_CODE_CHECKS - /* End Auto-Generated Code. */ - - default: - break; - } - - return NULL; -} - -void mbedtls_strerror(int ret, char *buf, size_t buflen) -{ - size_t len; - int use_ret; - const char *high_level_error_description = NULL; - const char *low_level_error_description = NULL; - - if (buflen == 0) { - return; - } - - memset(buf, 0x00, buflen); - - if (ret < 0) { - ret = -ret; - } - - if (ret & 0xFF80) { - use_ret = ret & 0xFF80; - - // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr(ret); - - if (high_level_error_description == NULL) { - mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); - } else { - mbedtls_snprintf(buf, buflen, "%s", high_level_error_description); - } - -#if defined(MBEDTLS_SSL_TLS_C) - // Early return in case of a fatal error - do not try to translate low - // level code. - if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) { - return; - } -#endif /* MBEDTLS_SSL_TLS_C */ - } - - use_ret = ret & ~0xFF80; - - if (use_ret == 0) { - return; - } - - // If high level code is present, make a concatenation between both - // error strings. - // - len = strlen(buf); - - if (len > 0) { - if (buflen - len < 5) { - return; - } - - mbedtls_snprintf(buf + len, buflen - len, " : "); - - buf += len + 3; - buflen -= len + 3; - } - - // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr(ret); - - if (low_level_error_description == NULL) { - mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); - } else { - mbedtls_snprintf(buf, buflen, "%s", low_level_error_description); - } -} - -#else /* MBEDTLS_ERROR_C */ - -/* - * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined - */ -void mbedtls_strerror(int ret, char *buf, size_t buflen) -{ - ((void) ret); - - if (buflen > 0) { - buf[0] = '\0'; - } -} - -#endif /* MBEDTLS_ERROR_C */ - -#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt deleted file mode 100644 index b60aba010..000000000 --- a/scripts/data_files/query_config.fmt +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "query_config.h" - -#include "mbedtls/platform.h" - -/* - * Include all the headers with public APIs in case they define a macro to its - * default value when that configuration is not set in mbedtls_config.h, or - * for PSA_WANT macros, in case they're auto-defined based on mbedtls_config.h - * rather than defined directly in crypto_config.h. - */ -#include "psa/crypto.h" - -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/camellia.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cipher.h" -#include "mbedtls/cmac.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/debug.h" -#include "mbedtls/des.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdh.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecjpake.h" -#include "mbedtls/ecp.h" -#include "mbedtls/entropy.h" -#include "mbedtls/error.h" -#include "mbedtls/gcm.h" -#include "mbedtls/hkdf.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/md.h" -#include "mbedtls/md5.h" -#include "mbedtls/memory_buffer_alloc.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/oid.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#include "mbedtls/pkcs12.h" -#include "mbedtls/pkcs5.h" -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include "mbedtls/platform_util.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cache.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/threading.h" -#include "mbedtls/timing.h" -#include "mbedtls/version.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" - -#include - -/* - * Helper macros to convert a macro or its expansion into a string - * WARNING: This does not work for expanding function-like macros. However, - * Mbed TLS does not currently have configuration options used in this fashion. - */ -#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro) -#define MACRO_NAME_TO_STR(macro) \ - mbedtls_printf("%s", strlen( #macro "") > 0 ? #macro "\n" : "") - -#define STRINGIFY(macro) #macro -#define OUTPUT_MACRO_NAME_VALUE(macro) mbedtls_printf( #macro "%s\n", \ - (STRINGIFY(macro) "")[0] != 0 ? "=" STRINGIFY( \ - macro) : "") - -#if defined(_MSC_VER) -/* - * Visual Studio throws the warning 4003 because many Mbed TLS feature macros - * are defined empty. This means that from the preprocessor's point of view - * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as - * some macros expand to nothing. We suppress that specific warning to get a - * clean build and to ensure that tests treating warnings as errors do not - * fail. - */ -#pragma warning(push) -#pragma warning(disable:4003) -#endif /* _MSC_VER */ - -int query_config(const char *config) -{ - CHECK_CONFIG /* If the symbol is not found, return an error */ - return 1; -} - -void list_config(void) -{ - LIST_CONFIG -} -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt deleted file mode 100644 index fc71f5d77..000000000 --- a/scripts/data_files/version_features.fmt +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Version feature information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_VERSION_C) - -#include "mbedtls/version.h" - -#include - -static const char * const features[] = { -#if defined(MBEDTLS_VERSION_FEATURES) - FEATURE_DEFINES -#endif /* MBEDTLS_VERSION_FEATURES */ - NULL -}; - -int mbedtls_version_check_feature(const char *feature) -{ - const char * const *idx = features; - - if (*idx == NULL) { - return -2; - } - - if (feature == NULL) { - return -1; - } - - if (strncmp(feature, "MBEDTLS_", 8)) { - return -1; - } - - feature += 8; - - while (*idx != NULL) { - if (!strcmp(*idx, feature)) { - return 0; - } - idx++; - } - return -1; -} - -#endif /* MBEDTLS_VERSION_C */ diff --git a/scripts/data_files/vs2017-app-template.vcxproj b/scripts/data_files/vs2017-app-template.vcxproj deleted file mode 100644 index 36ca31705..000000000 --- a/scripts/data_files/vs2017-app-template.vcxproj +++ /dev/null @@ -1,175 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - - Win32Proj - - - - - Application - true - Unicode - v141 - - - Application - true - Unicode - v141 - - - Application - false - true - Unicode - v141 - - - Application - false - true - Unicode - v141 - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - bcrypt.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - bcrypt.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - true - true - Release - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - true - true - Release - bcrypt.lib;%(AdditionalDependencies) - - - - - - diff --git a/scripts/data_files/vs2017-main-template.vcxproj b/scripts/data_files/vs2017-main-template.vcxproj deleted file mode 100644 index 448f9cd95..000000000 --- a/scripts/data_files/vs2017-main-template.vcxproj +++ /dev/null @@ -1,163 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - {46CF2D25-6A36-4189-B59C-E4815388E554} - Win32Proj - mbedTLS - - - - StaticLibrary - true - Unicode - v141 - - - StaticLibrary - true - Unicode - v141 - - - StaticLibrary - false - true - Unicode - v141 - - - StaticLibrary - false - true - Unicode - v141 - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - CompileAsC - - - Windows - true - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - Disabled - _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - CompileAsC - - - Windows - true - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Windows - true - true - true - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Windows - true - true - true - - - -HEADER_ENTRIES - - -SOURCE_ENTRIES - - - - - diff --git a/scripts/data_files/vs2017-sln-template.sln b/scripts/data_files/vs2017-sln-template.sln deleted file mode 100644 index 80efb1083..000000000 --- a/scripts/data_files/vs2017-sln-template.sln +++ /dev/null @@ -1,30 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 2017 -VisualStudioVersion = 15.0.26228.4 -MinimumVisualStudioVersion = 15.0.26228.4 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" -EndProject -APP_ENTRIES -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.ActiveCfg = Debug|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.Build.0 = Debug|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.ActiveCfg = Debug|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.Build.0 = Debug|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.ActiveCfg = Release|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64 -CONF_ENTRIES - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/tests/scripts/doxygen.sh b/scripts/doxygen.sh similarity index 100% rename from tests/scripts/doxygen.sh rename to scripts/doxygen.sh diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt deleted file mode 100644 index 7b002ec78..000000000 --- a/scripts/driver.requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -# Python package requirements for driver implementers. - -# Jinja2 <3.0 needs an older version of markupsafe, but does not -# declare it. -# https://github.com/pallets/markupsafe/issues/282 -# https://github.com/pallets/jinja/issues/1585 -markupsafe < 2.1 - -# Use the version of Jinja that's in Ubuntu 20.04. -# See https://github.com/Mbed-TLS/mbedtls/pull/5067#discussion_r738794607 . -# Note that Jinja 3.0 drops support for Python 3.5, so we need to support -# Jinja 2.x as long as we're still using Python 3.5 anywhere. -# Jinja 2.10.1 doesn't support Python 3.10+ -Jinja2 >= 2.10.1; python_version < '3.10' -Jinja2 >= 2.10.3; python_version >= '3.10' -# Jinja2 >=2.10, <3.0 needs a separate package for type annotations -types-Jinja2 >= 2.11.9 -jsonschema >= 3.2.0 -types-jsonschema >= 3.2.0 diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh deleted file mode 100755 index 3eb2ff449..000000000 --- a/scripts/ecc-heap.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -# Measure heap usage (and performance) of ECC operations with various values of -# the relevant tunable compile-time parameters. -# -# Usage (preferably on a 32-bit platform): -# cmake -D CMAKE_BUILD_TYPE=Release . -# scripts/ecc-heap.sh | tee ecc-heap.log -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then :; else - echo "Needs Cmake" >&2 - exit 1 -fi - -if git status | grep -F $CONFIG_H >/dev/null 2>&1; then - echo "mbedtls_config.h not clean" >&2 - exit 1 -fi - -CONFIG_BAK=${CONFIG_H}.bak -cp $CONFIG_H $CONFIG_BAK - -cat << EOF >$CONFIG_H -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_DEBUG - -#define MBEDTLS_TIMING_C - -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_SHA256_C // ECDSA benchmark needs it -#define MBEDTLS_SHA224_C // SHA256 requires this for now -#define MBEDTLS_ECDH_C - -// NIST curves >= 256 bits -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -// SECP "koblitz-like" curve >= 256 bits -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -// Brainpool curves (no specialised "mod p" routine) -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -// Montgomery curves -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#define MBEDTLS_HAVE_ASM // just make things a bit faster -#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations - -//#define MBEDTLS_ECP_WINDOW_SIZE 4 -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -EOF - -for F in 0 1; do - for W in 2 3 4; do - scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W - scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F - make benchmark >/dev/null 2>&1 - echo "fixed point optim = $F, max window size = $W" - echo "--------------------------------------------" - programs/test/benchmark ecdh ecdsa - done -done - -# cleanup - -mv $CONFIG_BAK $CONFIG_H -make clean diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py deleted file mode 100755 index 6146e881c..000000000 --- a/scripts/ecp_comb_table.py +++ /dev/null @@ -1,237 +0,0 @@ -#!/usr/bin/env python3 -""" -Purpose - -This script dumps comb table of ec curve. When you add a new ec curve, you -can use this script to generate codes to define `_T` in ecp_curves.c -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import subprocess -import sys -import tempfile - -HOW_TO_ADD_NEW_CURVE = """ -If you are trying to add new curve, you can follow these steps: - -1. Define curve parameters (_p, _gx, etc...) in ecp_curves.c. -2. Add a macro to define _T to NULL following these parameters. -3. Build mbedcrypto -4. Run this script with an argument of new curve -5. Copy the output of this script into ecp_curves.c and replace the macro added - in Step 2 -6. Rebuild and test if everything is ok - -Replace the in the above with the name of the curve you want to add.""" - -CC = os.getenv('CC', 'cc') -MBEDTLS_LIBRARY_PATH = os.getenv('MBEDTLS_LIBRARY_PATH', "library") - -SRC_DUMP_COMB_TABLE = r''' -#include -#include -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" - -static void dump_mpi_initialize( const char *name, const mbedtls_mpi *d ) -{ - uint8_t buf[128] = {0}; - size_t olen; - uint8_t *p; - - olen = mbedtls_mpi_size( d ); - mbedtls_mpi_write_binary_le( d, buf, olen ); - printf("static const mbedtls_mpi_uint %s[] = {\n", name); - for (p = buf; p < buf + olen; p += 8) { - printf( " BYTES_TO_T_UINT_8( 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X ),\n", - p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7] ); - } - printf("};\n"); -} - -static void dump_T( const mbedtls_ecp_group *grp ) -{ - char name[128]; - - printf( "#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1\n" ); - - for (size_t i = 0; i < grp->T_size; ++i) { - snprintf( name, sizeof(name), "%s_T_%zu_X", CURVE_NAME, i ); - dump_mpi_initialize( name, &grp->T[i].X ); - - snprintf( name, sizeof(name), "%s_T_%zu_Y", CURVE_NAME, i ); - dump_mpi_initialize( name, &grp->T[i].Y ); - } - printf( "static const mbedtls_ecp_point %s_T[%zu] = {\n", CURVE_NAME, grp->T_size ); - size_t olen; - for (size_t i = 0; i < grp->T_size; ++i) { - int z; - if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 0) == 0 ) { - z = 0; - } else if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 1) == 0 ) { - z = 1; - } else { - fprintf( stderr, "Unexpected value of Z (i = %d)\n", (int)i ); - exit( 1 ); - } - printf( " ECP_POINT_INIT_XY_Z%d(%s_T_%zu_X, %s_T_%zu_Y),\n", - z, - CURVE_NAME, i, - CURVE_NAME, i - ); - } - printf("};\n#endif\n\n"); -} - -int main() -{ - int rc; - mbedtls_mpi m; - mbedtls_ecp_point R; - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init( &grp ); - rc = mbedtls_ecp_group_load( &grp, CURVE_ID ); - if (rc != 0) { - char buf[100]; - mbedtls_strerror( rc, buf, sizeof(buf) ); - fprintf( stderr, "mbedtls_ecp_group_load: %s (-0x%x)\n", buf, -rc ); - return 1; - } - grp.T = NULL; - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &m); - mbedtls_mpi_lset( &m, 1 ); - rc = mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ); - if ( rc != 0 ) { - char buf[100]; - mbedtls_strerror( rc, buf, sizeof(buf) ); - fprintf( stderr, "mbedtls_ecp_mul: %s (-0x%x)\n", buf, -rc ); - return 1; - } - if ( grp.T == NULL ) { - fprintf( stderr, "grp.T is not generated. Please make sure" - "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in mbedtls_config.h\n" ); - return 1; - } - dump_T( &grp ); - return 0; -} -''' - -SRC_DUMP_KNOWN_CURVE = r''' -#include -#include -#include "mbedtls/ecp.h" - -int main() { - const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init( &grp ); - while ( info->name != NULL ) { - mbedtls_ecp_group_load( &grp, info->grp_id ); - if ( mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) { - printf( " %s", info->name ); - } - info++; - } - printf( "\n" ); - return 0; -} -''' - - -def join_src_path(*args): - return os.path.normpath(os.path.join(os.path.dirname(__file__), "..", *args)) - - -def run_c_source(src, cflags): - """ - Compile and run C source code - :param src: the c language code to run - :param cflags: additional cflags passing to compiler - :return: - """ - binname = tempfile.mktemp(prefix="mbedtls") - fd, srcname = tempfile.mkstemp(prefix="mbedtls", suffix=".c") - srcfile = os.fdopen(fd, mode="w") - srcfile.write(src) - srcfile.close() - args = [CC, - *cflags, - '-I' + join_src_path("include"), - "-o", binname, - '-L' + MBEDTLS_LIBRARY_PATH, - srcname, - '-lmbedcrypto'] - - p = subprocess.run(args=args, check=False) - if p.returncode != 0: - return False - p = subprocess.run(args=[binname], check=False, env={ - 'LD_LIBRARY_PATH': MBEDTLS_LIBRARY_PATH - }) - if p.returncode != 0: - return False - os.unlink(srcname) - os.unlink(binname) - return True - - -def compute_curve(curve): - """compute comb table for curve""" - r = run_c_source( - SRC_DUMP_COMB_TABLE, - [ - '-g', - '-DCURVE_ID=MBEDTLS_ECP_DP_%s' % curve.upper(), - '-DCURVE_NAME="%s"' % curve.lower(), - ]) - if not r: - print("""\ -Unable to compile and run utility.""", file=sys.stderr) - sys.exit(1) - - -def usage(): - print(""" -Usage: python %s ... - -Arguments: - curve Specify one or more curve names (e.g secp256r1) - -All possible curves: """ % sys.argv[0]) - run_c_source(SRC_DUMP_KNOWN_CURVE, []) - print(""" -Environment Variable: - CC Specify which c compile to use to compile utility. - MBEDTLS_LIBRARY_PATH - Specify the path to mbedcrypto library. (e.g. build/library/) - -How to add a new curve: %s""" % HOW_TO_ADD_NEW_CURVE) - - -def run_main(): - shared_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.so")) - static_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.a")) - if not os.path.exists(shared_lib_path) and not os.path.exists(static_lib_path): - print("Warning: both '%s' and '%s' are not exists. This script will use " - "the library from your system instead of the library compiled by " - "this source directory.\n" - "You can specify library path using environment variable " - "'MBEDTLS_LIBRARY_PATH'." % (shared_lib_path, static_lib_path), - file=sys.stderr) - - if len(sys.argv) <= 1: - usage() - else: - for curve in sys.argv[1:]: - compute_curve(curve) - - -if __name__ == '__main__': - run_main() diff --git a/scripts/footprint.sh b/scripts/footprint.sh deleted file mode 100755 index 614a49309..000000000 --- a/scripts/footprint.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# This script determines ROM size (or code size) for the standard Mbed TLS -# configurations, when built for a Cortex M3/M4 target. -# -# Configurations included: -# default include/mbedtls/mbedtls_config.h -# thread configs/config-thread.h -# suite-b configs/config-suite-b.h -# psk configs/config-ccm-psk-tls1_2.h -# -# Usage: footprint.sh -# -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - echo "This script needs to be run from the root of" >&2 - echo "a git checkout or uncompressed tarball" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then - echo "Not compatible with CMake" >&2 - exit 1 -fi - -if which arm-none-eabi-gcc >/dev/null 2>&1; then :; else - echo "You need the ARM-GCC toolchain in your path" >&2 - echo "See https://launchpad.net/gcc-arm-embedded/" >&2 - exit 1 -fi - -ARMGCC_FLAGS='-Os -march=armv7-m -mthumb' -OUTFILE='00-footprint-summary.txt' - -log() -{ - echo "$@" - echo "$@" >> "$OUTFILE" -} - -doit() -{ - NAME="$1" - FILE="$2" - - log "" - log "$NAME ($FILE):" - - cp $CONFIG_H ${CONFIG_H}.bak - if [ "$FILE" != $CONFIG_H ]; then - cp "$FILE" $CONFIG_H - fi - - { - scripts/config.py unset MBEDTLS_NET_C || true - scripts/config.py unset MBEDTLS_TIMING_C || true - scripts/config.py unset MBEDTLS_FS_IO || true - scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY || true - } >/dev/null 2>&1 - - make clean >/dev/null - CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ - CFLAGS="$ARMGCC_FLAGS" make lib >/dev/null - - OUT="size-${NAME}.txt" - arm-none-eabi-size -t library/libmbed*.a > "$OUT" - log "$( head -n1 "$OUT" )" - log "$( tail -n1 "$OUT" )" - - cp ${CONFIG_H}.bak $CONFIG_H -} - -# truncate the file just this time -echo "(generated by $0)" > "$OUTFILE" -echo "" >> "$OUTFILE" - -log "Footprint of standard configurations (minus net_sockets.c, timing.c, fs_io)" -log "for bare-metal ARM Cortex-M3/M4 microcontrollers." - -VERSION_H="include/mbedtls/version.h" -MBEDTLS_VERSION=$( sed -n 's/.*VERSION_STRING *"\(.*\)"/\1/p' $VERSION_H ) -if git rev-parse HEAD >/dev/null; then - GIT_HEAD=$( git rev-parse HEAD | head -c 10 ) - GIT_VERSION=" (git head: $GIT_HEAD)" -else - GIT_VERSION="" -fi - -log "" -log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION" -log "$( arm-none-eabi-gcc --version | head -n1 )" -log "CFLAGS=$ARMGCC_FLAGS" - -doit default include/mbedtls/mbedtls_config.h -doit thread configs/config-thread.h -doit suite-b configs/config-suite-b.h -doit psk configs/config-ccm-psk-tls1_2.h - -zip mbedtls-footprint.zip "$OUTFILE" size-*.txt >/dev/null diff --git a/scripts/framework_scripts_path.py b/scripts/framework_scripts_path.py deleted file mode 100644 index 4d4a440c2..000000000 --- a/scripts/framework_scripts_path.py +++ /dev/null @@ -1,17 +0,0 @@ -"""Add our Python library directory to the module search path. - -Usage: - - import framework_scripts_path # pylint: disable=unused-import -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import os -import sys - -sys.path.append(os.path.join(os.path.dirname(__file__), - os.path.pardir, - 'framework', 'scripts')) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl deleted file mode 100755 index c05184227..000000000 --- a/scripts/generate_errors.pl +++ /dev/null @@ -1,244 +0,0 @@ -#!/usr/bin/env perl - -# Generate error.c -# -# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, -# or generate_errors.pl crypto_include_dir tls_include_dir data_dir error_file -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; -use warnings; - -my ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file); - -if( @ARGV ) { - die "Invalid number of arguments" if scalar @ARGV != 4; - ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file) = @ARGV; - - -d $crypto_include_dir or die "No such directory: $crypto_include_dir\n"; - -d $tls_include_dir or die "No such directory: $tls_include_dir\n"; - -d $data_dir or die "No such directory: $data_dir\n"; -} else { - $crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; - $tls_include_dir = 'include/mbedtls'; - $data_dir = 'scripts/data_files'; - $error_file = 'library/error.c'; - - unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) { - chdir '..' or die; - -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir - or die "Without arguments, must be run from root or scripts\n" - } -} - -my $error_format_file = $data_dir.'/error.fmt'; - -my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM - CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES - ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 - NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 - SHA1 SHA256 SHA512 SHA3 THREADING ); -my @high_level_modules = qw( CIPHER DHM ECP MD - PEM PK PKCS12 PKCS5 - RSA SSL X509 PKCS7 ); - -undef $/; - -open(FORMAT_FILE, '<:crlf', "$error_format_file") or die "Opening error format file '$error_format_file': $!"; -my $error_format = ; -close(FORMAT_FILE); - -my @files = glob qq("$crypto_include_dir/*.h"); -push(@files, glob qq("$tls_include_dir/*.h")); -my @necessary_include_files; -my @matches; -foreach my $file (@files) { - open(FILE, '<:crlf', $file) or die("$0: $file: $!"); - my $content = ; - close FILE; - my $found = 0; - while ($content =~ m[ - # Both the before-comment and the after-comment are optional. - # Only the comment content is a regex capture group. The comment - # start and end parts are outside the capture group. - (?:/\*[*!](?!<) # Doxygen before-comment start - ((?:[^*]|\*+[^*/])*) # $1: Comment content (no */ inside) - \*/)? # Comment end - \s*\#\s*define\s+(MBEDTLS_ERR_\w+) # $2: name - \s+\-(0[Xx][0-9A-Fa-f]+)\s* # $3: value (without the sign) - (?:/\*[*!]< # Doxygen after-comment start - ((?:[^*]|\*+[^*/])*) # $4: Comment content (no */ inside) - \*/)? # Comment end - ]gsx) { - my ($before, $name, $value, $after) = ($1, $2, $3, $4); - # Discard Doxygen comments that are coincidentally present before - # an error definition but not attached to it. This is ad hoc, based - # on what actually matters (or mattered at some point). - undef $before if defined($before) && $before =~ /\s*\\name\s/s; - die "Description neither before nor after $name in $file\n" - if !defined($before) && !defined($after); - die "Description both before and after $name in $file\n" - if defined($before) && defined($after); - my $description = (defined($before) ? $before : $after); - $description =~ s/^\s+//; - $description =~ s/\n( *\*)? */ /g; - $description =~ s/\.?\s+$//; - push @matches, [$name, $value, $description]; - ++$found; - } - if ($found) { - my $include_name = $file; - $include_name =~ s!.*/!!; - $include_name = "error.h" if ($include_name eq "error_common.h"); - push @necessary_include_files, $include_name; - } -} - -my $ll_old_define = ""; -my $hl_old_define = ""; - -my $ll_code_check = ""; -my $hl_code_check = ""; - -my $headers = ""; -my %included_headers; - -my %error_codes_seen; - -foreach my $match (@matches) -{ - my ($error_name, $error_code, $description) = @$match; - - die "Duplicated error code: $error_code ($error_name)\n" - if( $error_codes_seen{$error_code}++ ); - - $description =~ s/\\/\\\\/g; - - my ($module_name) = $error_name =~ /^MBEDTLS_ERR_([^_]+)/; - - # Fix faulty ones - $module_name = "BIGNUM" if ($module_name eq "MPI"); - $module_name = "CTR_DRBG" if ($module_name eq "CTR"); - $module_name = "HMAC_DRBG" if ($module_name eq "HMAC"); - - my $define_name = $module_name; - $define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509"); - $define_name = "ASN1_PARSE" if ($define_name eq "ASN1"); - $define_name = "SSL_TLS" if ($define_name eq "SSL"); - $define_name = "PEM_PARSE,PEM_WRITE" if ($define_name eq "PEM"); - $define_name = "PKCS7" if ($define_name eq "PKCS7"); - - my $include_name = $module_name; - $include_name =~ tr/A-Z/a-z/; - - # Fix faulty ones - $include_name = "net_sockets" if ($module_name eq "NET"); - - $included_headers{"${include_name}.h"} = $module_name; - - my $found_ll = grep $_ eq $module_name, @low_level_modules; - my $found_hl = grep $_ eq $module_name, @high_level_modules; - if (!$found_ll && !$found_hl) - { - printf("Error: Do not know how to handle: $module_name\n"); - exit 1; - } - - my $code_check; - my $old_define; - my $white_space; - my $first; - - if ($found_ll) - { - $code_check = \$ll_code_check; - $old_define = \$ll_old_define; - $white_space = ' '; - } - else - { - $code_check = \$hl_code_check; - $old_define = \$hl_old_define; - $white_space = ' '; - } - - if ($define_name ne ${$old_define}) - { - if (${$old_define} ne "") - { - ${$code_check} .= "#endif /* "; - $first = 0; - foreach my $dep (split(/,/, ${$old_define})) - { - ${$code_check} .= " || " if ($first++); - ${$code_check} .= "MBEDTLS_${dep}_C"; - } - ${$code_check} .= " */\n\n"; - } - - ${$code_check} .= "#if "; - $headers .= "#if " if ($include_name ne ""); - $first = 0; - foreach my $dep (split(/,/, ${define_name})) - { - ${$code_check} .= " || " if ($first); - $headers .= " || " if ($first++); - - ${$code_check} .= "defined(MBEDTLS_${dep}_C)"; - $headers .= "defined(MBEDTLS_${dep}_C)" if - ($include_name ne ""); - } - ${$code_check} .= "\n"; - $headers .= "\n#include \"mbedtls/${include_name}.h\"\n". - "#endif\n\n" if ($include_name ne ""); - ${$old_define} = $define_name; - } - - ${$code_check} .= "${white_space}case -($error_name):\n". - "${white_space} return( \"$module_name - $description\" );\n" -}; - -if ($ll_old_define ne "") -{ - $ll_code_check .= "#endif /* "; - my $first = 0; - foreach my $dep (split(/,/, $ll_old_define)) - { - $ll_code_check .= " || " if ($first++); - $ll_code_check .= "MBEDTLS_${dep}_C"; - } - $ll_code_check .= " */\n"; -} -if ($hl_old_define ne "") -{ - $hl_code_check .= "#endif /* "; - my $first = 0; - foreach my $dep (split(/,/, $hl_old_define)) - { - $hl_code_check .= " || " if ($first++); - $hl_code_check .= "MBEDTLS_${dep}_C"; - } - $hl_code_check .= " */\n"; -} - -$error_format =~ s/HEADER_INCLUDED\n/$headers/g; -$error_format =~ s/LOW_LEVEL_CODE_CHECKS\n/$ll_code_check/g; -$error_format =~ s/HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; - -open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!"; -print ERROR_FILE $error_format; -close(ERROR_FILE); - -my $errors = 0; -for my $include_name (@necessary_include_files) -{ - if (not $included_headers{$include_name}) - { - print STDERR "The header file \"$include_name\" defines error codes but has not been included!\n"; - ++$errors; - } -} - -exit !!$errors; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl deleted file mode 100755 index 5e50ca6a4..000000000 --- a/scripts/generate_features.pl +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my ($include_dir, $data_dir, $feature_file); - -if( @ARGV ) { - die "Invalid number of arguments" if scalar @ARGV != 3; - ($include_dir, $data_dir, $feature_file) = @ARGV; - - -d $include_dir or die "No such directory: $include_dir\n"; - -d $data_dir or die "No such directory: $data_dir\n"; -} else { - $include_dir = 'include/mbedtls'; - $data_dir = 'scripts/data_files'; - $feature_file = 'library/version_features.c'; - - unless( -d $include_dir && -d $data_dir ) { - chdir '..' or die; - -d $include_dir && -d $data_dir - or die "Without arguments, must be run from root or scripts\n" - } -} - -my $feature_format_file = $data_dir.'/version_features.fmt'; - -my @sections = ( "Platform abstraction layer", "General configuration options", - "TLS feature selection", "X.509 feature selection" ); - -my $line_separator = $/; -undef $/; - -open(FORMAT_FILE, '<:crlf', "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!"; -my $feature_format = ; -close(FORMAT_FILE); - -$/ = $line_separator; - -open(CONFIG_H, '<:crlf', "$include_dir/mbedtls_config.h") || die("Failure when opening mbedtls_config.h: $!"); - -my $feature_defines = ""; -my $in_section = 0; - -while (my $line = ) -{ - next if ($in_section && $line !~ /#define/ && $line !~ /SECTION/); - next if (!$in_section && $line !~ /SECTION/); - - if ($in_section) { - if ($line =~ /SECTION/) { - $in_section = 0; - next; - } - # Strip leading MBEDTLS_ to save binary size - my ($mbedtls_prefix, $define) = $line =~ /#define (MBEDTLS_)?(\w+)/; - if (!$mbedtls_prefix) { - die "Feature does not start with 'MBEDTLS_': $line\n"; - } - $feature_defines .= "#if defined(MBEDTLS_${define})\n"; - $feature_defines .= " \"${define}\", //no-check-names\n"; - $feature_defines .= "#endif /* MBEDTLS_${define} */\n"; - } - - if (!$in_section) { - my ($section_name) = $line =~ /SECTION: ([\w ]+)/; - my $found_section = grep $_ eq $section_name, @sections; - - $in_section = 1 if ($found_section); - } -}; - -$feature_format =~ s/FEATURE_DEFINES\n/$feature_defines/g; - -open(ERROR_FILE, ">$feature_file") or die "Opening destination file '$feature_file': $!"; -print ERROR_FILE $feature_format; -close(ERROR_FILE); diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl deleted file mode 100755 index 6a2f9cbdf..000000000 --- a/scripts/generate_query_config.pl +++ /dev/null @@ -1,116 +0,0 @@ -#! /usr/bin/env perl - -# Generate query_config.c -# -# The file query_config.c contains a C function that can be used to check if -# a configuration macro is defined and to retrieve its expansion in string -# form (if any). This facilitates querying the compile time configuration of -# the library, for example, for testing. -# -# The query_config.c is generated from the default configuration files -# include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h. -# The idea is that mbedtls_config.h and crypto_config.h contain ALL the -# compile time configurations available in Mbed TLS (commented or uncommented). -# This script extracts the configuration macros from the two files and this -# information is used to automatically generate the body of the query_config() -# function by using the template in scripts/data_files/query_config.fmt. -# -# Usage: scripts/generate_query_config.pl without arguments, or -# generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file); - -my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h"; -my $default_psa_crypto_config_file = "./tf-psa-crypto/include/psa/crypto_config.h"; -my $default_query_config_format_file = "./scripts/data_files/query_config.fmt"; -my $default_query_config_file = "./programs/test/query_config.c"; - -if( @ARGV ) { - die "Invalid number of arguments - usage: $0 [MBED_TLS_CONFIG_FILE PSA_CRYPTO_CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4; - ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file) = @ARGV; - - -f $mbedtls_config_file or die "No such file: $mbedtls_config_file"; - -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file"; - -f $query_config_format_file or die "No such file: $query_config_format_file"; -} else { - $mbedtls_config_file = $default_mbedtls_config_file; - $psa_crypto_config_file = $default_psa_crypto_config_file; - $query_config_format_file = $default_query_config_format_file; - $query_config_file = $default_query_config_file; - - unless(-f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file) { - chdir '..' or die; - -f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file - or die "No arguments supplied, must be run from project root or a first-level subdirectory\n"; - } -} - -# Excluded macros from the generated query_config.c. For example, macros that -# have commas or function-like macros cannot be transformed into strings easily -# using the preprocessor, so they should be excluded or the preprocessor will -# throw errors. -my @excluded = qw( -MBEDTLS_SSL_CIPHERSUITES -); -my $excluded_re = join '|', @excluded; - -# This variable will contain the string to replace in the CHECK_CONFIG of the -# format file -my $config_check = ""; -my $list_config = ""; - -for my $config_file ($mbedtls_config_file, $psa_crypto_config_file) { - - next unless defined($config_file); # we might not have been given a PSA crypto config file - - open(CONFIG_FILE, "<", $config_file) or die "Opening config file '$config_file': $!"; - - while (my $line = ) { - if ($line =~ /^(\/\/)?\s*#\s*define\s+(MBEDTLS_\w+|PSA_WANT_\w+).*/) { - my $name = $2; - - # Skip over the macro if it is in the excluded list - next if $name =~ /$excluded_re/; - - $config_check .= <; -close(FORMAT_FILE); - -# Replace the body of the query_config() function with the code we just wrote -$query_config_format =~ s/CHECK_CONFIG/$config_check/g; -$query_config_format =~ s/LIST_CONFIG/$list_config/g; - -# Rewrite the query_config.c file -open(QUERY_CONFIG_FILE, ">", $query_config_file) or die "Opening destination file '$query_config_file': $!"; -print QUERY_CONFIG_FILE $query_config_format; -close(QUERY_CONFIG_FILE); diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl deleted file mode 100755 index d0fcb7d60..000000000 --- a/scripts/generate_visualc_files.pl +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/env perl - -# Generate main file, individual apps and solution files for -# MS Visual Studio 2017 -# -# Must be run from Mbed TLS root or scripts directory. -# Takes no argument. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use strict; -use Digest::MD5 'md5_hex'; - -my $vsx_dir = "visualc/VS2017"; -my $vsx_ext = "vcxproj"; -my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext"; -my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext"; -my $vsx_main_file = "$vsx_dir/mbedTLS.$vsx_ext"; -my $vsx_sln_tpl_file = "scripts/data_files/vs2017-sln-template.sln"; -my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; - -my $mbedtls_programs_dir = "programs"; -my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs"; - -my $mbedtls_header_dir = 'include/mbedtls'; -my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; -my $psa_header_dir = 'tf-psa-crypto/include/psa'; -my $tls_source_dir = 'library'; -my $crypto_core_source_dir = 'tf-psa-crypto/core'; -my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src'; -my $tls_test_source_dir = 'tests/src'; -my $tls_test_header_dir = 'tests/include/test'; -my $test_source_dir = 'framework/tests/src'; -my $test_header_dir = 'framework/tests/include/test'; -my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; -my $test_drivers_source_dir = 'framework/tests/src/drivers'; - -my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/everest -); -my @thirdparty_source_dirs = qw( - tf-psa-crypto/drivers/everest/library - tf-psa-crypto/drivers/everest/library/kremlib - tf-psa-crypto/drivers/everest/library/legacy -); - -# Directories to add to the include path. -# Order matters in case there are files with the same name in more than -# one directory: the compiler will use the first match. -my @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/everest - tf-psa-crypto/drivers/everest/include/everest/vs2013 - tf-psa-crypto/drivers/everest/include/everest/kremlib - tests/include - framework/tests/include -); -my $include_directories = join(';', map {"../../$_"} @include_directories); - -# Directories to add to the include path when building the libraries, but not -# when building tests or applications. -my @library_include_directories = qw( - library - tf-psa-crypto/core - tf-psa-crypto/drivers/builtin/src -); -my $library_include_directories = - join(';', map {"../../$_"} (@library_include_directories, - @include_directories)); - -my @excluded_files = qw( - tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c -); -my %excluded_files = (); -foreach (@excluded_files) { $excluded_files{$_} = 1 } - -my $vsx_hdr_tpl = < -EOT -my $vsx_src_tpl = < -EOT - -my $vsx_sln_app_entry_tpl = <; - close $fh; - - return $content; -} - -sub content_to_file { - my ($content, $filename) = @_; - - open my $fh, '>:crlf', $filename or die "Could not write to $filename\n"; - print $fh $content; - close $fh; -} - -sub gen_app_guid { - my ($path) = @_; - - my $guid = md5_hex( "mbedTLS:$path" ); - $guid =~ s/(.{8})(.{4})(.{4})(.{4})(.{12})/\U{$1-$2-$3-$4-$5}/; - - return $guid; -} - -sub gen_app { - my ($path, $template, $dir, $ext) = @_; - - my $guid = gen_app_guid( $path ); - $path =~ s!/!\\!g; - (my $appname = $path) =~ s/.*\\//; - my $is_test_app = ($path =~ m/^test\\/); - - my $srcs = ""; - if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or - $appname eq "query_compile_time_config" ) { - $srcs .= "\n "; - } - if( $appname eq "ssl_client2" or $appname eq "ssl_server2" ) { - $srcs .= "\n "; - } - - my $content = $template; - $content =~ s//$srcs/g; - $content =~ s//$appname/g; - $content =~ s//$guid/g; - $content =~ s/INCLUDE_DIRECTORIES\n/($is_test_app ? - $library_include_directories : - $include_directories)/ge; - - content_to_file( $content, "$dir/$appname.$ext" ); -} - -sub get_app_list { - my $makefile_contents = slurp_file('programs/Makefile'); - $makefile_contents =~ /\n\s*APPS\s*=[\\\s]*(.*?)(? } @header_dirs); - my @source_dirs = ( - $tls_source_dir, - $crypto_core_source_dir, - $crypto_source_dir, - $test_source_dir, - $tls_test_source_dir, - $test_drivers_source_dir, - @thirdparty_source_dirs, - ); - my @sources = (map { <$_/*.c> } @source_dirs); - - @headers = grep { ! $excluded_files{$_} } @headers; - @sources = grep { ! $excluded_files{$_} } @sources; - map { s!/!\\!g } @headers; - map { s!/!\\!g } @sources; - - gen_app_files( @app_list ); - - gen_main_file( \@headers, \@sources, - $vsx_hdr_tpl, $vsx_src_tpl, - $vsx_main_tpl_file, $vsx_main_file ); - - gen_vsx_solution( @app_list ); - - return 0; -} diff --git a/scripts/lcov.sh b/scripts/lcov.sh deleted file mode 100755 index 60fce6cbc..000000000 --- a/scripts/lcov.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -help () { - cat <&1; exit 120;; - esac -done -shift $((OPTIND - 1)) - -"$main" "$@" diff --git a/scripts/maintainer.requirements.txt b/scripts/maintainer.requirements.txt deleted file mode 100644 index b149921a2..000000000 --- a/scripts/maintainer.requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -# Python packages that are only useful to Mbed TLS maintainers. - --r ci.requirements.txt - -# For source code analyses -clang - -# For building some test vectors -pycryptodomex -pycryptodome-test-vectors diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat deleted file mode 100644 index 4982f77db..000000000 --- a/scripts/make_generated_files.bat +++ /dev/null @@ -1,35 +0,0 @@ -@rem Generate automatically-generated configuration-independent source files -@rem and build scripts. -@rem Requirements: -@rem * Perl must be on the PATH ("perl" command). -@rem * Python 3.8 or above must be on the PATH ("python" command). -@rem * Either a C compiler called "cc" must be on the PATH, or -@rem the "CC" environment variable must point to a C compiler. - -@rem @@@@ library\** @@@@ -@rem psa_crypto_driver_wrappers.h needs to be generated prior to -@rem generate_visualc_files.pl being invoked. -python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1 -perl scripts\generate_errors.pl || exit /b 1 -perl scripts\generate_query_config.pl || exit /b 1 -perl scripts\generate_features.pl || exit /b 1 -python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1 - -@rem @@@@ Build @@@@ -perl scripts\generate_visualc_files.pl || exit /b 1 - -@rem @@@@ programs\** @@@@ -cd tf-psa-crypto -python scripts\generate_psa_constants.py || exit /b 1 -cd .. - -@rem @@@@ tests\** @@@@ -python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_config_tests.py tests\suites\test_suite_config.mbedtls_boolean.data || exit /b 1 -python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1 -python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 -python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1 -python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 -python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl deleted file mode 100755 index 52ca606b5..000000000 --- a/scripts/massif_max.pl +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env perl - -# Parse a massif.out.xxx file and output peak total memory usage -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -die unless @ARGV == 1; - -my @snaps; -open my $fh, '<', $ARGV[0] or die; -{ local $/ = 'snapshot='; @snaps = <$fh>; } -close $fh or die; - -my ($max, $max_heap, $max_he, $max_stack) = (0, 0, 0, 0); -for (@snaps) -{ - my ($heap, $heap_extra, $stack) = m{ - mem_heap_B=(\d+)\n - mem_heap_extra_B=(\d+)\n - mem_stacks_B=(\d+) - }xm; - next unless defined $heap; - my $total = $heap + $heap_extra + $stack; - if( $total > $max ) { - ($max, $max_heap, $max_he, $max_stack) = ($total, $heap, $heap_extra, $stack); - } -} - -printf "$max (heap $max_heap+$max_he, stack $max_stack)\n"; diff --git a/scripts/memory.sh b/scripts/memory.sh deleted file mode 100755 index d119374d5..000000000 --- a/scripts/memory.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/sh - -# Measure memory usage of a minimal client using a small configuration -# Currently hardwired to ccm-psk and suite-b, may be expanded later -# -# Use different build options for measuring executable size and memory usage, -# since for memory we want debug information. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -CLIENT='mini_client' - -CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections -fdata-sections' -CFLAGS_MEM=-g3 - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then - echo "Not compatible with CMake" >&2 - exit 1 -fi - -if [ $( uname ) != Linux ]; then - echo "Only work on Linux" >&2 - exit 1 -fi - -if git status | grep -F $CONFIG_H >/dev/null 2>&1; then - echo "mbedtls_config.h not clean" >&2 - exit 1 -fi - -# make measurements with one configuration -# usage: do_config -do_config() -{ - NAME=$1 - UNSET_LIST=$2 - SERVER_ARGS=$3 - - echo "" - echo "config-$NAME:" - cp configs/config-$NAME.h $CONFIG_H - scripts/config.py unset MBEDTLS_SSL_SRV_C - - for FLAG in $UNSET_LIST; do - scripts/config.py unset $FLAG - done - - grep -F SSL_MAX_CONTENT_LEN $CONFIG_H || echo 'SSL_MAX_CONTENT_LEN=16384' - - printf " Executable size... " - - make clean - CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os lib >/dev/null 2>&1 - cd programs - CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null - strip ssl/$CLIENT - stat -c '%s' ssl/$CLIENT - cd .. - - printf " Peak ram usage... " - - make clean - CFLAGS=$CFLAGS_MEM make OFLAGS=-Os lib >/dev/null 2>&1 - cd programs - CFLAGS=$CFLAGS_MEM make OFLAGS=-Os ssl/$CLIENT >/dev/null - cd .. - - ./ssl_server2 $SERVER_ARGS >/dev/null & - SRV_PID=$! - sleep 1; - - if valgrind --tool=massif --stacks=yes programs/ssl/$CLIENT >/dev/null 2>&1 - then - FAILED=0 - else - echo "client failed" >&2 - FAILED=1 - fi - - kill $SRV_PID - wait $SRV_PID - - scripts/massif_max.pl massif.out.* - mv massif.out.* massif-$NAME.$$ -} - -# preparation - -CONFIG_BAK=${CONFIG_H}.bak -cp $CONFIG_H $CONFIG_BAK - -rm -f massif.out.* - -printf "building server... " - -make clean -make lib >/dev/null 2>&1 -(cd programs && make ssl/ssl_server2) >/dev/null -cp programs/ssl/ssl_server2 . - -echo "done" - -# actual measurements - -do_config "ccm-psk-tls1_2" \ - "" \ - "psk=000102030405060708090A0B0C0D0E0F" - -do_config "suite-b" \ - "MBEDTLS_BASE64_C MBEDTLS_PEM_PARSE_C" \ - "" - -# cleanup - -mv $CONFIG_BAK $CONFIG_H -make clean -rm ssl_server2 - -exit $FAILED diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py deleted file mode 100755 index b36f90662..000000000 --- a/scripts/min_requirements.py +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/env python3 -"""Install all the required Python packages, with the minimum Python version. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import os -import re -import subprocess -import sys -import tempfile -import typing - -from typing import List, Optional - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import typing_util - -def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations( - _list: List[typing.Any], -) -> None: - pass - - -class Requirements: - """Collect and massage Python requirements.""" - - def __init__(self) -> None: - self.requirements = [] #type: List[str] - - def adjust_requirement(self, req: str) -> str: - """Adjust a requirement to the minimum specified version.""" - # allow inheritance #pylint: disable=no-self-use - # If a requirement specifies a minimum version, impose that version. - split_req = req.split(';', 1) - split_req[0] = re.sub(r'>=|~=', r'==', split_req[0]) - return ';'.join(split_req) - - def add_file(self, filename: str) -> None: - """Add requirements from the specified file. - - This method supports a subset of pip's requirement file syntax: - * One requirement specifier per line, which is passed to - `adjust_requirement`. - * Comments (``#`` at the beginning of the line or after whitespace). - * ``-r FILENAME`` to include another file. - """ - for line in open(filename): - line = line.strip() - line = re.sub(r'(\A|\s+)#.*', r'', line) - if not line: - continue - m = re.match(r'-r\s+', line) - if m: - nested_file = os.path.join(os.path.dirname(filename), - line[m.end(0):]) - self.add_file(nested_file) - continue - self.requirements.append(self.adjust_requirement(line)) - - def write(self, out: typing_util.Writable) -> None: - """List the gathered requirements.""" - for req in self.requirements: - out.write(req + '\n') - - def install( - self, - pip_general_options: Optional[List[str]] = None, - pip_install_options: Optional[List[str]] = None, - ) -> None: - """Call pip to install the requirements.""" - if pip_general_options is None: - pip_general_options = [] - if pip_install_options is None: - pip_install_options = [] - with tempfile.TemporaryDirectory() as temp_dir: - # This is more complicated than it needs to be for the sake - # of Windows. Use a temporary file rather than the command line - # to avoid quoting issues. Use a temporary directory rather - # than NamedTemporaryFile because with a NamedTemporaryFile on - # Windows, the subprocess can't open the file because this process - # has an exclusive lock on it. - req_file_name = os.path.join(temp_dir, 'requirements.txt') - with open(req_file_name, 'w') as req_file: - self.write(req_file) - subprocess.check_call([sys.executable, '-m', 'pip'] + - pip_general_options + - ['install'] + pip_install_options + - ['-r', req_file_name]) - -DEFAULT_REQUIREMENTS_FILE = 'ci.requirements.txt' - -def main() -> None: - """Command line entry point.""" - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument('--no-act', '-n', - action='store_true', - help="Don't act, just print what will be done") - parser.add_argument('--pip-install-option', - action='append', dest='pip_install_options', - help="Pass this option to pip install") - parser.add_argument('--pip-option', - action='append', dest='pip_general_options', - help="Pass this general option to pip") - parser.add_argument('--user', - action='append_const', dest='pip_install_options', - const='--user', - help="Install to the Python user install directory" - " (short for --pip-install-option --user)") - parser.add_argument('files', nargs='*', metavar='FILE', - help="Requirement files" - " (default: {} in the script's directory)" \ - .format(DEFAULT_REQUIREMENTS_FILE)) - options = parser.parse_args() - if not options.files: - options.files = [os.path.join(os.path.dirname(__file__), - DEFAULT_REQUIREMENTS_FILE)] - reqs = Requirements() - for filename in options.files: - reqs.add_file(filename) - reqs.write(sys.stdout) - if not options.no_act: - reqs.install(pip_general_options=options.pip_general_options, - pip_install_options=options.pip_install_options) - -if __name__ == '__main__': - main() diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh deleted file mode 100755 index 3b63ed9e6..000000000 --- a/scripts/prepare_release.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -print_usage() -{ - cat <&2 "$0: unknown option: -$OPTLET" - echo 1>&2 "Try '$0 --help' for more information." - exit 3;; - esac -done - - - -#### .gitignore processing #### - -GITIGNORES=$(find . -name ".gitignore") -for GITIGNORE in $GITIGNORES; do - if [ -n "$unrelease" ]; then - sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE - sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE - sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE - else - sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE - sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE - sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE - fi -done - - - -#### Build scripts #### - -# GEN_FILES defaults on (non-empty) in development, off (empty) in releases -if [ -n "$unrelease" ]; then - r=' yes' -else - r='' -fi -sed -i 's/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1'"$r/" Makefile */Makefile - -# GEN_FILES defaults on in development, off in releases -if [ -n "$unrelease" ]; then - r='ON' -else - r='OFF' -fi -sed -i '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt diff --git a/scripts/project_name.txt b/scripts/project_name.txt deleted file mode 100644 index a38cf263b..000000000 --- a/scripts/project_name.txt +++ /dev/null @@ -1 +0,0 @@ -Mbed TLS diff --git a/tests/scripts/recursion.pl b/scripts/recursion.pl similarity index 100% rename from tests/scripts/recursion.pl rename to scripts/recursion.pl diff --git a/scripts/sbom.cdx.json b/scripts/sbom.cdx.json deleted file mode 100644 index 59798d9a0..000000000 --- a/scripts/sbom.cdx.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "bomFormat": "CycloneDX", - "specVersion": "1.6", - "version": 1, - "metadata": { - "authors": [ - { - "name": "@VCS_SBOM_AUTHORS@" - } - ] - }, - "components": [ - { - "type": "library", - "bom-ref": "pkg:github/Mbed-TLS/mbedtls@@VCS_TAG@", - "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:@VCS_TAG@:*:*:*:*:*:*:*", - "name": "mbedtls", - "version": "@VCS_VERSION@", - "description": "Implements cryptographic primitives, X.509 certificate manipulation and SSL/TLS and DTLS protocols", - "authors": [ - { - "name": "@VCS_AUTHORS@" - } - ], - "supplier": { - "name": "Trusted Firmware" - }, - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - }, - { - "license": { - "id": "GPL-2.0-or-later" - } - } - ], - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/Mbed-TLS/mbedtls" - } - ] - } - ] -} diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh deleted file mode 100755 index 455f892a2..000000000 --- a/scripts/tmp_ignore_makefiles.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# Temporarily (de)ignore Makefiles generated by CMake to allow easier -# git development -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -IGNORE="" - -# Parse arguments -# -until [ -z "$1" ] -do - case "$1" in - -u|--undo) - IGNORE="0" - ;; - -v|--verbose) - # Be verbose - VERBOSE="1" - ;; - -h|--help) - # print help - echo "Usage: $0" - echo -e " -h|--help\t\tPrint this help." - echo -e " -u|--undo\t\tRemove ignores and continue tracking." - echo -e " -v|--verbose\t\tVerbose." - exit 1 - ;; - *) - # print error - echo "Unknown argument: '$1'" - exit 1 - ;; - esac - shift -done - -if [ "X" = "X$IGNORE" ]; -then - [ $VERBOSE ] && echo "Ignoring Makefiles" - git update-index --assume-unchanged Makefile library/Makefile programs/Makefile tests/Makefile -else - [ $VERBOSE ] && echo "Tracking Makefiles" - git update-index --no-assume-unchanged Makefile library/Makefile programs/Makefile tests/Makefile -fi diff --git a/tests/.gitignore b/tests/.gitignore deleted file mode 100644 index 997101cc8..000000000 --- a/tests/.gitignore +++ /dev/null @@ -1,26 +0,0 @@ -*.sln -*.vcxproj - -*.log -/test_suite* -/data_files/mpi_write -/data_files/hmac_drbg_seed -/data_files/ctr_drbg_seed -/data_files/entropy_seed - -/include/alt-extra/psa/crypto_platform_alt.h -/include/alt-extra/psa/crypto_struct_alt.h -/include/test/instrument_record_status.h - -/src/libmbed* - -/libtestdriver1/* - -###START_GENERATED_FILES### -# Generated source files -/opt-testcases/tls13-compat.sh -/suites/*.generated.data -/suites/test_suite_config.mbedtls_boolean.data -/src/test_keys.h -/src/test_certs.h -###END_GENERATED_FILES### diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile deleted file mode 100644 index ed04053d2..000000000 --- a/tests/.jenkins/Jenkinsfile +++ /dev/null @@ -1 +0,0 @@ -mbedtls.run_job() diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt deleted file mode 100644 index 950c36597..000000000 --- a/tests/CMakeLists.txt +++ /dev/null @@ -1,224 +0,0 @@ -set(libs - ${mbedtls_target} - ${CMAKE_THREAD_LIBS_INIT} -) - -if(NOT MBEDTLS_PYTHON_EXECUTABLE) - message(FATAL_ERROR "Cannot build test suites without Python 3") -endif() - -# generated .data files will go there -file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites) - -# Get base names for generated files -execute_process( - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py - --list-for-cmake - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - OUTPUT_VARIABLE - base_config_generated_data_files_raw) -string(REGEX REPLACE "[^;]*/" "" - base_config_generated_data_files_raw "${base_config_generated_data_files_raw}") -# Can be replace by list(FILTER ...) when CI CMake version is >=3.6 -foreach(file ${base_config_generated_data_files_raw}) - if(${file} MATCHES "mbedtls") - list(APPEND base_config_generated_data_files ${file}) - endif() -endforeach() - -# Derive generated file paths in the build directory. The generated data -# files go into the suites/ subdirectory. -set(base_generated_data_files - ${base_config_generated_data_files}) -string(REGEX REPLACE "([^;]+)" "suites/\\1" - all_generated_data_files "${base_generated_data_files}") -set(config_generated_data_files "") -foreach(file ${base_config_generated_data_files}) - list(APPEND config_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file}) -endforeach() - -if(GEN_FILES) - add_custom_command( - OUTPUT - ${config_generated_data_files} - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py - --directory ${CMAKE_CURRENT_BINARY_DIR}/suites - ${config_generated_data_files} - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py - # Do not declare the configuration files as dependencies: they - # change too often in ways that don't affect the result - # ((un)commenting some options). - ) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py - ) - add_custom_target(tls13-compat.sh - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh) - set_target_properties(tls13-compat.sh PROPERTIES EXCLUDE_FROM_ALL NO) - add_dependencies(${ssl_opt_target} tls13-compat.sh) - -else() - foreach(file ${all_generated_data_files}) - link_to_source(${file}) - endforeach() -endif() -# CMake generates sub-makefiles for each target and calls them in subprocesses. -# Without this command, cmake will generate rules in each sub-makefile. As a result, -# they can cause race conditions in parallel builds. -# With this line, only 4 sub-makefiles include the above command, that reduces -# the risk of a race. -add_custom_target(test_suite_config_generated_data DEPENDS ${config_generated_data_files}) -# If SKIP_TEST_SUITES is not defined with -D, get it from the environment. -if((NOT DEFINED SKIP_TEST_SUITES) AND (DEFINED ENV{SKIP_TEST_SUITES})) - set(SKIP_TEST_SUITES $ENV{SKIP_TEST_SUITES}) -endif() -# Test suites caught by SKIP_TEST_SUITES are built but not executed. -# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" -# but not "test_suite_foobar". -string(REGEX REPLACE "[ ,;]" "|" SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES}") -string(REPLACE "." "\\." SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES_REGEX}") -set(SKIP_TEST_SUITES_REGEX "^(${SKIP_TEST_SUITES_REGEX})(\$|\\.)") - -function(add_test_suite suite_name) - if(ARGV1) - set(data_name ${ARGV1}) - else() - set(data_name ${suite_name}) - endif() - - # Get the test names of the tests with generated .data files - # from the generated_data_files list in parent scope. - set(config_generated_data_names "") - foreach(generated_data_file ${config_generated_data_files}) - # Get the plain filename - get_filename_component(generated_data_name ${generated_data_file} NAME) - # Remove the ".data" extension - get_name_without_last_ext(generated_data_name ${generated_data_name}) - # Remove leading "test_suite_" - string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name) - list(APPEND config_generated_data_names ${generated_data_name}) - endforeach() - - if(";${config_generated_data_names};" MATCHES ";${data_name};") - set(data_file - ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data) - set(dependency test_suite_config_generated_data) - else() - set(data_file - ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data) - set(dependency - test_suite_config_generated_data) - endif() - - add_custom_command( - OUTPUT - # The output filename of generate_test_code.py is derived from the -d - # input argument. - test_suite_${data_name}.c - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py - -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function - -d ${data_file} - -t ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/main_test.function - -p ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/host_test.function - -s ${CMAKE_CURRENT_SOURCE_DIR}/suites - --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/helpers.function - -o . - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py - ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function - ${data_file} - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/main_test.function - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/host_test.function - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/helpers.function - ${mbedtls_target} - BYPRODUCTS - test_suite_${data_name}.datax - ) - - add_executable(test_suite_${data_name} test_suite_${data_name}.c - $ - $) - set_base_compile_options(test_suite_${data_name}) - target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS}) - add_dependencies(test_suite_${data_name} ${dependency}) - target_link_libraries(test_suite_${data_name} ${libs}) - # Include test-specific header files from ./include and private header - # files (used by some invasive tests) from ../library. Public header - # files are automatically included because the library targets declare - # them as PUBLIC. - target_include_directories(test_suite_${data_name} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src) - # Request C11, which is needed for memory poisoning tests - set_target_properties(test_suite_${data_name} PROPERTIES C_STANDARD 11) - - if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) - message(STATUS "The test suite ${data_name} will not be executed.") - else() - add_test(${data_name}-suite test_suite_${data_name} --verbose) - endif() -endfunction(add_test_suite) - -# Enable definition of various functions used throughout the testsuite -# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless -# on non-POSIX platforms. -add_definitions("-D_POSIX_C_SOURCE=200809L") - -if(CMAKE_COMPILER_IS_CLANG) - set(TEST_C_FLAGS -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) -endif(CMAKE_COMPILER_IS_CLANG) - -if(MSVC) - # If a warning level has been defined, suppress all warnings for test code - set(TEST_C_FLAGS /W0 /WX-) -endif(MSVC) - -file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data) -list(APPEND test_suites ${all_generated_data_files}) -# If the generated .data files are present in the source tree, we just added -# them twice, both through GLOB and through ${all_generated_data_files}. -list(REMOVE_DUPLICATES test_suites) -list(SORT test_suites) -foreach(test_suite ${test_suites}) - get_filename_component(data_name ${test_suite} NAME) - string(REGEX REPLACE "\\.data\$" "" data_name "${data_name}") - string(REPLACE "test_suite_" "" data_name "${data_name}") - string(REGEX MATCH "[^.]*" function_name "${data_name}") - add_test_suite(${function_name} ${data_name}) -endforeach(test_suite) - -# Make scripts and data files needed for testing available in an -# out-of-source build. -if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/seedfile") - link_to_source(seedfile) - endif() - link_to_source(Descriptions.txt) - link_to_source(compat.sh) - link_to_source(context-info.sh) - link_to_source(../framework/data_files) - link_to_source(scripts) - link_to_source(ssl-opt.sh) - link_to_source(opt-testcases) -endif() diff --git a/tests/Descriptions.txt b/tests/Descriptions.txt deleted file mode 100644 index 8b13bb39f..000000000 --- a/tests/Descriptions.txt +++ /dev/null @@ -1,22 +0,0 @@ -test_suites - The various 'test_suite_XXX' programs from the 'tests' directory, executed - using 'make check' (Unix make) or 'make test' (Cmake), include test cases - (reference test vectors, sanity checks, malformed input for parsing - functions, etc.) for all modules except the SSL modules. - -selftests - The 'programs/test/selftest' program runs the 'XXX_self_test()' functions - of each individual module. Most of them are included in the respective - test suite, but some slower ones are only included here. - -compat - The 'tests/compat.sh' script checks interoperability with OpenSSL and - GnuTLS (and ourselves!) for every common ciphersuite, in every TLS - version, both ways (client/server), using client authentication or not. - For each ciphersuite/version/side/authmode it performs a full handshake - and a small data exchange. - -ssl_opt - The 'tests/ssl-opt.sh' script checks various options and/or operations not - covered by compat.sh: session resumption (using session cache or tickets), - renegotiation, SNI, other extensions, etc. diff --git a/tests/Makefile b/tests/Makefile deleted file mode 100644 index e13eb50c7..000000000 --- a/tests/Makefile +++ /dev/null @@ -1,386 +0,0 @@ -MBEDTLS_TEST_PATH = . -include ../scripts/common.make - -# Set this to -v to see the details of failing test cases -TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) - -# Also include private headers, for the sake of invasive tests. -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library -I$(MBEDTLS_PATH)/tf-psa-crypto/core -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - -# Enable definition of various functions used throughout the testsuite -# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless -# on non-POSIX platforms. -LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG -endif - -GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) - -GENERATED_CONFIG_DATA_FILES_RAW := $(patsubst tests/%,%,$(shell \ - $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) -endif -GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring mbedtls,$(file)),$(file),)) -GENERATED_PSA_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring psa,$(file)),$(addprefix ../tf-psa-crypto/tests/,$(file)),)) -GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)$(GENERATED_PSA_CONFIG_DATA_FILES) -GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) - -GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_ECP_DATA_FILES) - -GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES) - -GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES) -GENERATED_FILES += ../framework/tests/include/test/test_keys.h \ - ../tf-psa-crypto/framework/tests/include/test/test_keys.h \ - src/test_certs.h - -# Generated files needed to (fully) run ssl-opt.sh -.PHONY: ssl-opt - -opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@ -GENERATED_FILES += opt-testcases/tls13-compat.sh -ssl-opt: opt-testcases/tls13-compat.sh - -.PHONY: generated_files -generated_files: $(GENERATED_FILES) - -# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing -# inputs than generating outputs. Its inputs are the same no matter which files -# are being generated. -# It's rare not to want all the outputs. So always generate all of its outputs. -# Use an intermediate phony dependency so that parallel builds don't run -# a separate instance of the recipe for each output file. -$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data -generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_bignum_test_data: - echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_bignum_test_data - -# We deliberately omit the configuration files (mbedtls_config.h, -# crypto_config.h) from the depenency list because during development -# and on the CI, we often edit those in a way that doesn't change the -# output, to comment out certain options, or even to remove certain -# lines which do affect the output negatively (it will miss the -# corresponding test cases). -$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data -generated_config_test_data: ../framework/scripts/generate_config_tests.py -generated_config_test_data: ../scripts/config.py -generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_config_test_data: - echo " Gen $(GENERATED_CONFIG_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_config_tests.py $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) - $(PYTHON) ../framework/scripts/generate_config_tests.py --directory ../tf-psa-crypto/tests/suites $(GENERATED_PSA_CONFIG_DATA_FILES) -.SECONDARY: generated_config_test_data - -$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data -generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_ecp_test_data: - echo " Gen $(GENERATED_ECP_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_ecp_test_data - -$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data -generated_psa_test_data: ../framework/scripts/generate_psa_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -## The generated file only depends on the options that are present in -## crypto_config.h, not on which options are set. To avoid regenerating this -## file all the time when switching between configurations, don't declare -## crypto_config.h as a dependency. Remove this file from your working tree -## if you've just added or removed an option in crypto_config.h. -#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h -generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -generated_psa_test_data: - echo " Gen $(GENERATED_PSA_DATA_FILES) ..." - $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_psa_test_data - -# A test application is built for each suites/test_suite_*.data file. -# Application name is same as .data file's base name and can be -# constructed by stripping path 'suites/' and extension .data. -DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data)) -CRYPTO_DATA_FILES = $(filter-out $(GENERATED_CRYPTO_DATA_FILES), $(wildcard ../tf-psa-crypto/tests/suites/test_suite_*.data)) - -# Make sure that generated data files are included even if they don't -# exist yet when the makefile is parsed. -DATA_FILES += $(GENERATED_DATA_FILES) -CRYPTO_DATA_FILES += $(GENERATED_CRYPTO_DATA_FILES) - -APPS = $(basename $(subst suites/,,$(DATA_FILES))) -CRYPTO_APPS = $(basename $(subst suites/,,$(CRYPTO_DATA_FILES))) - -# Construct executable name by adding OS specific suffix $(EXEXT). -BINARIES := $(addsuffix $(EXEXT),$(APPS)) -CRYPTO_BINARIES := $(addsuffix $(EXEXT),$(CRYPTO_APPS)) - -.SILENT: - -.PHONY: all check test clean - -all: $(BINARIES) $(CRYPTO_BINARIES) - -mbedtls_test: $(MBEDTLS_TEST_OBJS) - -src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ - $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ - -../framework/tests/include/test/test_keys.h: ../framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ - -../tf-psa-crypto/framework/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ - -TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -# Explicitly depend on this header because on a clean copy of the source tree, -# it doesn't exist yet and must be generated as part of the build, and -# therefore the wildcard enumeration above doesn't include it. -TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h -endif -TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/include/test/test_keys.h \ - ../tf-psa-crypto/framework/tests/include/test/test_keys.h - -# Rule to compile common test C files in framework -../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -../framework/tests/src/drivers/%.o : ../framework/tests/src/drivers/%.c - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -# Rule to compile common test C files in src folder -src/%.o : src/%.c $(TEST_OBJS_DEPS) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -src/test_helpers/%.o : src/test_helpers/%.c - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -C_FILES := $(addsuffix .c,$(APPS)) $(addsuffix .c,$(CRYPTO_APPS)) -c: $(C_FILES) - -# Wildcard target for test code generation: -# A .c file is generated for each .data file in the suites/ directory. Each .c -# file depends on a .data and .function file from suites/ directory. Following -# nameing convention is followed: -# -# C file | Depends on -#----------------------------------------------------------------------------- -# foo.c | suites/foo.function suites/foo.data -# foo.bar.c | suites/foo.function suites/foo.bar.data -# -# Note above that .c and .data files have same base name. -# However, corresponding .function file's base name is the word before first -# dot in .c file's base name. -# -.SECONDEXPANSION: - -# First handle the tf-psa-crypto case, which has different paths from -# the local case. In GNU Make >=3.82, the shortest match applies regardless -# of the order in the makefile. In GNU Make <=3.81, the first matching rule -# applies. -../tf-psa-crypto/tests/%.c: ../tf-psa-crypto/tests/suites/$$(firstword $$(subst ., ,$$*)).function ../tf-psa-crypto/tests/suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function - echo " Gen $@" - cd ../tf-psa-crypto/tests && $(PYTHON) ../../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ - -d suites/$*.data \ - -t suites/main_test.function \ - -p suites/host_test.function \ - -s suites \ - --helpers-file suites/helpers.function \ - -o . - -%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ - -d suites/$*.data \ - -t ../tf-psa-crypto/tests/suites/main_test.function \ - -p ../tf-psa-crypto/tests/suites/host_test.function \ - -s suites \ - --helpers-file ../tf-psa-crypto/tests/suites/helpers.function \ - -o . - -$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -LOCAL_CRYPTO_CFLAGS = $(patsubst -I./include, -I../../tests/include, $(patsubst -I../%,-I../../%, $(LOCAL_CFLAGS))) -LOCAL_CRYPTO_LDFLAGS = $(patsubst -L../library, -L../../library, \ - $(patsubst -L../tests/%, -L../../tests/%, \ - $(patsubst ./src/%,../../tests/src/%, \ - $(patsubst ../framework/tests/src/%,../../framework/tests/src/%, \ - $(LOCAL_LDFLAGS))))) -$(CRYPTO_BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) - echo " CC $<" - cd ../tf-psa-crypto/tests && $(CC) $(LOCAL_CRYPTO_CFLAGS) $(CFLAGS) $(subst $(EXEXT),,$(@F)).c $(LOCAL_CRYPTO_LDFLAGS) $(LDFLAGS) -o $(@F) - -clean: -ifndef WINDOWS - $(MAKE) -C psa-client-server/psasim clean - rm -rf $(BINARIES) *.c *.datax - rm -rf $(CRYPTO_BINARIES) ../tf-psa-crypto/tests/*.c ../tf-psa-crypto/tests/*.datax - rm -f src/*.o src/test_helpers/*.o src/libmbed* - rm -f ../framework/tests/src/*.o ../framework/tests/src/drivers/*.o - rm -f ../framework/tests/include/test/instrument_record_status.h - rm -f ../framework/tests/include/alt-extra/*/*_alt.h - rm -rf libtestdriver1 - rm -rf libpsaclient libpsaserver - rm -f ../library/libtestdriver1.a -else - if exist *.c del /Q /F *.c - if exist *.exe del /Q /F *.exe - if exist *.datax del /Q /F *.datax - if exist ../tf-psa-crypto/tests/*.c del /Q /F ../tf-psa-crypto/tests/*.c - if exist ../tf-psa-crypto/tests/*.exe del /Q /F ../tf-psa-crypto/tests/*.exe - if exist ../tf-psa-crypto/tests/*.datax del /Q /F ../tf-psa-crypto/tests/*.datax - if exist src/*.o del /Q /F src/*.o - if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o - if exist src/libmbed* del /Q /F src/libmbed* - if exist ../framework/tests/src/*.o del /Q /F ../framework/tests/src/*.o - if exist ../framework/tests/src/drivers/*.o del /Q /F ../framework/tests/src/drivers/*.o - if exist ../framework/tests/include/test/instrument_record_status.h del /Q /F ../framework/tests/include/test/instrument_record_status.h -endif - -# Test suites caught by SKIP_TEST_SUITES are built but not executed. -check: $(BINARIES) $(CRYPTO_BINARIES) - perl scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES) - -test: check - -# Generate variants of some headers for testing -../framework/tests/include/alt-extra/%_alt.h: ../include/%.h - perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ -../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h - perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ -../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h - perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ - -# Generate test library - -# Perl code that is executed to transform each original line from a library -# source file into the corresponding line in the test driver copy of the -# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx -# symbols. -define libtestdriver1_rewrite := - s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \ - s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \ - s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!$${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; \ - next if /^\s*#\s*include/; \ - s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; \ - s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g; -endef - -libtestdriver1.a: - rm -Rf ./libtestdriver1 - mkdir ./libtestdriver1 - mkdir ./libtestdriver1/framework - mkdir ./libtestdriver1/tf-psa-crypto - mkdir ./libtestdriver1/tf-psa-crypto/drivers - mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest - mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m - touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc - touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc - cp -Rf ../framework/scripts ./libtestdriver1/framework - cp -Rf ../library ./libtestdriver1 - cp -Rf ../include ./libtestdriver1 - cp -Rf ../scripts ./libtestdriver1 - cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto - cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto - cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers - cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto - - # Set the test driver base (minimal) configuration. - cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h - cp ../tf-psa-crypto/tests/configs/crypto_config_test_driver.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - - # Set the PSA cryptography configuration for the test library. - # The configuration is created by joining the base - # ../tf-psa-crypto/tests/configs/crypto_config_test_driver.h, - # with the the library's PSA_WANT_* macros extracted from - # ./tf-psa-crypto/include/psa/crypto_config.h - # and then extended with entries of - # ../tf-psa-crypto/tests/configs/crypto_config_test_driver_extension.h - # to mirror the PSA_ACCEL_* macros. - - mv ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak - head -n -1 ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak > ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - grep '^#define PSA_WANT_*' ../tf-psa-crypto/include/psa/crypto_config.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - cat ../tf-psa-crypto/tests/configs/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - - # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as - # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash - # when this test driver library is linked with the Mbed TLS library. - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/core/*.[ch] - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] - - $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a - cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -../framework/tests/include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile - echo " Gen $@" - sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' -endif diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh deleted file mode 100755 index e703c5723..000000000 --- a/tests/compat-in-docker.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -eu - -# compat-in-docker.sh -# -# Purpose -# ------- -# This runs compat.sh in a Docker container. -# -# WARNING: the Dockerfile used by this script is no longer maintained! See -# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start -# for the set of Docker images we use on the CI. -# -# Notes for users -# --------------- -# If OPENSSL, GNUTLS_CLI, or GNUTLS_SERV are specified the path must -# correspond to an executable inside the Docker container. The special -# values "next" (OpenSSL only) and "legacy" are also allowed as shorthand -# for the installations inside the container. -# -# See also: -# - scripts/docker_env.sh for general Docker prerequisites and other information. -# - compat.sh for notes about invocation of that script. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -source tests/scripts/docker_env.sh - -case "${OPENSSL:-default}" in - "legacy") export OPENSSL="/usr/local/openssl-1.0.1j/bin/openssl";; - "next") export OPENSSL="/usr/local/openssl-1.1.1a/bin/openssl";; - *) ;; -esac - -case "${GNUTLS_CLI:-default}" in - "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";; - "next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";; - *) ;; -esac - -case "${GNUTLS_SERV:-default}" in - "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";; - "next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";; - *) ;; -esac - -run_in_docker \ - -e M_CLI \ - -e M_SRV \ - -e GNUTLS_CLI \ - -e GNUTLS_SERV \ - -e OPENSSL \ - -e OSSL_NO_DTLS \ - tests/compat.sh \ - $@ diff --git a/tests/compat.sh b/tests/compat.sh deleted file mode 100755 index 05102e3f1..000000000 --- a/tests/compat.sh +++ /dev/null @@ -1,1240 +0,0 @@ -#!/bin/sh - -# compat.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Test interoperbility with OpenSSL, GnuTLS as well as itself. -# -# Check each common ciphersuite, with each version, both ways (client/server), -# with and without client authentication. - -set -u - -# Limit the size of each log to 10 GiB, in case of failures with this script -# where it may output seemingly unlimited length error logs. -ulimit -f 20971520 - -ORIGINAL_PWD=$PWD -if ! cd "$(dirname "$0")"; then - exit 125 -fi - -# initialise counters -TESTS=0 -FAILED=0 -SKIPPED=0 -SRVMEM=0 - -# default commands, can be overridden by the environment -: ${M_SRV:=../programs/ssl/ssl_server2} -: ${M_CLI:=../programs/ssl/ssl_client2} -: ${OPENSSL:=openssl} -: ${GNUTLS_CLI:=gnutls-cli} -: ${GNUTLS_SERV:=gnutls-serv} - -# The OPENSSL variable used to be OPENSSL_CMD for historical reasons. -# To help the migration, error out if the old variable is set, -# but only if it has a different value than the new one. -if [ "${OPENSSL_CMD+set}" = set ]; then - # the variable is set, we can now check its value - if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then - echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 - exit 125 - fi -fi - -# do we have a recent enough GnuTLS? -if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then - G_VER="$( $GNUTLS_CLI --version | head -n1 )" - if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version - PEER_GNUTLS=" GnuTLS" - else - eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' ) - if [ $MAJOR -lt 3 -o \ - \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \ - \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ] - then - PEER_GNUTLS="" - else - PEER_GNUTLS=" GnuTLS" - if [ $MINOR -lt 4 ]; then - GNUTLS_MINOR_LT_FOUR='x' - fi - fi - fi -else - PEER_GNUTLS="" -fi - -guess_config_name() { - if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then - echo "default" - else - echo "unknown" - fi -} -: ${MBEDTLS_TEST_OUTCOME_FILE=} -: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} -: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} - -# default values for options -# /!\ keep this synchronised with: -# - basic-build-test.sh -# - all.sh (multiple components) -MODES="tls12 dtls12" -VERIFIES="NO YES" -TYPES="ECDSA RSA PSK" -FILTER="" -# By default, exclude: -# - NULL: excluded from our default config + requires OpenSSL legacy -# - ARIA: requires OpenSSL >= 1.1.1 -# - ChachaPoly: requires OpenSSL >= 1.1.0 -EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305' -VERBOSE="" -MEMCHECK=0 -MIN_TESTS=1 -PRESERVE_LOGS=0 -PEERS="OpenSSL$PEER_GNUTLS mbedTLS" - -# hidden option: skip DTLS with OpenSSL -# (travis CI has a version that doesn't work for us) -: ${OSSL_NO_DTLS:=0} - -print_usage() { - echo "Usage: $0" - printf " -h|--help\tPrint this help.\n" - printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER" - printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE" - printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES" - printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES" - printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES" - printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS" - printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" - printf " -M|--memcheck\tCheck memory leaks and errors.\n" - printf " -v|--verbose\tSet verbose output.\n" - printf " --list-test-cases\tList all potential test cases (No Execution)\n" - printf " --min \tMinimum number of non-skipped tests (default 1)\n" - printf " --outcome-file\tFile where test outcomes are written\n" - printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" - printf " --preserve-logs\tPreserve logs of successful tests as well\n" -} - -# print_test_case -print_test_case() { - for i in $3; do - uniform_title $1 $2 $i - echo "compat;$TITLE" - done -} - -# list_test_cases lists all potential test cases in compat.sh without execution -list_test_cases() { - for TYPE in $TYPES; do - reset_ciphersuites - add_common_ciphersuites - add_openssl_ciphersuites - add_gnutls_ciphersuites - add_mbedtls_ciphersuites - - # PSK cipher suites do not allow client certificate verification. - SUB_VERIFIES=$VERIFIES - if [ "$TYPE" = "PSK" ]; then - SUB_VERIFIES="NO" - fi - - for VERIFY in $SUB_VERIFIES; do - VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') - for MODE in $MODES; do - print_test_case m O "$O_CIPHERS" - print_test_case O m "$O_CIPHERS" - print_test_case m G "$G_CIPHERS" - print_test_case G m "$G_CIPHERS" - print_test_case m m "$M_CIPHERS" - done - done - done -} - -get_options() { - while [ $# -gt 0 ]; do - case "$1" in - -f|--filter) - shift; FILTER=$1 - ;; - -e|--exclude) - shift; EXCLUDE=$1 - ;; - -m|--modes) - shift; MODES=$1 - ;; - -t|--types) - shift; TYPES=$1 - ;; - -V|--verify) - shift; VERIFIES=$1 - ;; - -p|--peers) - shift; PEERS=$1 - ;; - -v|--verbose) - VERBOSE=1 - ;; - -M|--memcheck) - MEMCHECK=1 - ;; - # Please check scripts/check_test_cases.py correspondingly - # if you have to modify option, --list-test-cases - --list-test-cases) - list_test_cases - exit $? - ;; - --min) - shift; MIN_TESTS=$1 - ;; - --outcome-file) - shift; MBEDTLS_TEST_OUTCOME_FILE=$1 - ;; - --preserve-logs) - PRESERVE_LOGS=1 - ;; - -h|--help) - print_usage - exit 0 - ;; - *) - echo "Unknown argument: '$1'" - print_usage - exit 1 - ;; - esac - shift - done - - # sanitize some options (modes checked later) - VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )" - TYPES="$( echo $TYPES | tr [a-z] [A-Z] )" -} - -log() { - if [ "X" != "X$VERBOSE" ]; then - echo "" - echo "$@" - fi -} - -# is_dtls -is_dtls() -{ - test "$1" = "dtls12" -} - -# minor_ver -minor_ver() -{ - case "$1" in - tls12|dtls12) - echo 3 - ;; - *) - echo "error: invalid mode: $MODE" >&2 - # exiting is no good here, typically called in a subshell - echo -1 - esac -} - -filter() -{ - LIST="$1" - NEW_LIST="" - - EXCLMODE="$EXCLUDE" - - for i in $LIST; - do - NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )" - done - - # normalize whitespace - echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//' -} - -filter_ciphersuites() -{ - if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; - then - # Ciphersuite for Mbed TLS - M_CIPHERS=$( filter "$M_CIPHERS" ) - - # Ciphersuite for OpenSSL - O_CIPHERS=$( filter "$O_CIPHERS" ) - - # Ciphersuite for GnuTLS - G_CIPHERS=$( filter "$G_CIPHERS" ) - fi -} - -reset_ciphersuites() -{ - M_CIPHERS="" - O_CIPHERS="" - G_CIPHERS="" -} - -# translate_ciphers {g|m|o} {STANDARD_CIPHER_SUITE_NAME...} -# Set $ciphers to the cipher suite name translations for the specified -# program (gnutls, mbedtls or openssl). $ciphers is a space-separated -# list of entries of the form "STANDARD_NAME=PROGRAM_NAME". -translate_ciphers() -{ - ciphers=$(../framework/scripts/translate_ciphers.py "$@") - if [ $? -ne 0 ]; then - echo "translate_ciphers.py failed with exit code $1" >&2 - echo "$2" >&2 - exit 1 - fi -} - -# Ciphersuites that can be used with all peers. -# Since we currently have three possible peers, each ciphersuite should appear -# three times: in each peer's list (with the name that this peer uses). -add_common_ciphersuites() -{ - CIPHERS="" - case $TYPE in - - "ECDSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDHE_ECDSA_WITH_NULL_SHA \ - " - ;; - - "RSA") - CIPHERS="$CIPHERS \ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA \ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA \ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \ - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDHE_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_RSA_WITH_AES_256_CBC_SHA \ - TLS_RSA_WITH_AES_256_CBC_SHA256 \ - TLS_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \ - TLS_RSA_WITH_NULL_MD5 \ - TLS_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_NULL_SHA256 \ - " - ;; - - "PSK") - CIPHERS="$CIPHERS \ - TLS_PSK_WITH_AES_128_CBC_SHA \ - TLS_PSK_WITH_AES_256_CBC_SHA \ - " - ;; - esac - - O_CIPHERS="$O_CIPHERS $CIPHERS" - G_CIPHERS="$G_CIPHERS $CIPHERS" - M_CIPHERS="$M_CIPHERS $CIPHERS" -} - -# Ciphersuites usable only with Mbed TLS and OpenSSL -# A list of ciphersuites in the standard naming convention is appended -# to the list of Mbed TLS ciphersuites $M_CIPHERS and -# to the list of OpenSSL ciphersuites $O_CIPHERS respectively. -# Based on client's naming convention, all ciphersuite names will be -# translated into another naming format before sent to the client. -# -# ChachaPoly suites are here rather than in "common", as they were added in -# GnuTLS in 3.5.0 and the CI only has 3.4.x so far. -add_openssl_ciphersuites() -{ - CIPHERS="" - case $TYPE in - - "ECDSA") - CIPHERS="$CIPHERS \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_NULL_SHA \ - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ - " - ;; - - "RSA") - CIPHERS="$CIPHERS \ - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_RSA_WITH_ARIA_256_GCM_SHA384 \ - " - ;; - - "PSK") - CIPHERS="$CIPHERS \ - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 \ - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 \ - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_PSK_WITH_ARIA_128_GCM_SHA256 \ - TLS_PSK_WITH_ARIA_256_GCM_SHA384 \ - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 \ - " - ;; - esac - - O_CIPHERS="$O_CIPHERS $CIPHERS" - M_CIPHERS="$M_CIPHERS $CIPHERS" -} - -# Ciphersuites usable only with Mbed TLS and GnuTLS -# A list of ciphersuites in the standard naming convention is appended -# to the list of Mbed TLS ciphersuites $M_CIPHERS and -# to the list of GnuTLS ciphersuites $G_CIPHERS respectively. -# Based on client's naming convention, all ciphersuite names will be -# translated into another naming format before sent to the client. -add_gnutls_ciphersuites() -{ - CIPHERS="" - case $TYPE in - - "ECDSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_ECDSA_WITH_AES_128_CCM \ - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 \ - TLS_ECDHE_ECDSA_WITH_AES_256_CCM \ - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ - " - ;; - - "RSA") - CIPHERS="$CIPHERS \ - TLS_DHE_RSA_WITH_AES_128_CCM \ - TLS_DHE_RSA_WITH_AES_128_CCM_8 \ - TLS_DHE_RSA_WITH_AES_256_CCM \ - TLS_DHE_RSA_WITH_AES_256_CCM_8 \ - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ - TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_RSA_WITH_AES_128_CCM \ - TLS_RSA_WITH_AES_128_CCM_8 \ - TLS_RSA_WITH_AES_256_CCM \ - TLS_RSA_WITH_AES_256_CCM_8 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - " - ;; - - "PSK") - CIPHERS="$CIPHERS \ - TLS_DHE_PSK_WITH_AES_128_CBC_SHA \ - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_DHE_PSK_WITH_AES_128_CCM \ - TLS_DHE_PSK_WITH_AES_128_CCM_8 \ - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 \ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA \ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_DHE_PSK_WITH_AES_256_CCM \ - TLS_DHE_PSK_WITH_AES_256_CCM_8 \ - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 \ - TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_DHE_PSK_WITH_NULL_SHA256 \ - TLS_DHE_PSK_WITH_NULL_SHA384 \ - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \ - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \ - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDHE_PSK_WITH_NULL_SHA256 \ - TLS_ECDHE_PSK_WITH_NULL_SHA384 \ - TLS_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_PSK_WITH_AES_128_CCM \ - TLS_PSK_WITH_AES_128_CCM_8 \ - TLS_PSK_WITH_AES_128_GCM_SHA256 \ - TLS_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_PSK_WITH_AES_256_CCM \ - TLS_PSK_WITH_AES_256_CCM_8 \ - TLS_PSK_WITH_AES_256_GCM_SHA384 \ - TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_PSK_WITH_NULL_SHA256 \ - TLS_PSK_WITH_NULL_SHA384 \ - " - ;; - esac - - G_CIPHERS="$G_CIPHERS $CIPHERS" - M_CIPHERS="$M_CIPHERS $CIPHERS" -} - -# Ciphersuites usable only with Mbed TLS (not currently supported by another -# peer usable in this script). This provides only very rudimentaty testing, as -# this is not interop testing, but it's better than nothing. -add_mbedtls_ciphersuites() -{ - case $TYPE in - - "ECDSA") - M_CIPHERS="$M_CIPHERS \ - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \ - " - ;; - - "RSA") - M_CIPHERS="$M_CIPHERS \ - TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_RSA_WITH_ARIA_256_CBC_SHA384 \ - " - ;; - - "PSK") - # *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 - M_CIPHERS="$M_CIPHERS \ - TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_DHE_PSK_WITH_NULL_SHA \ - TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDHE_PSK_WITH_NULL_SHA \ - TLS_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_PSK_WITH_NULL_SHA \ - " - ;; - esac -} - -# o_check_ciphersuite STANDARD_CIPHER_SUITE -o_check_ciphersuite() -{ - # skip DTLS when lack of support was declared - if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then - SKIP_NEXT_="YES" - fi - - # skip DTLS 1.2 is support was not detected - if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then - SKIP_NEXT="YES" - fi - - # skip static ECDH when OpenSSL doesn't support it - if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then - case "$1" in - *ECDH_*) SKIP_NEXT="YES" - esac - fi -} - -setup_arguments() -{ - DATA_FILES_PATH="../framework/data_files" - - O_MODE="" - G_MODE="" - case "$MODE" in - "tls12") - O_MODE="tls1_2" - G_PRIO_MODE="+VERS-TLS1.2" - ;; - "dtls12") - O_MODE="dtls1_2" - G_PRIO_MODE="+VERS-DTLS1.2" - G_MODE="-u" - ;; - *) - echo "error: invalid mode: $MODE" >&2 - exit 1; - esac - - # GnuTLS < 3.4 will choke if we try to allow CCM-8 - if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then - G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:" - else - G_PRIO_CCM="" - fi - - M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" - O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE" - G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE" - - # The default prime for `openssl s_server` depends on the version: - # * OpenSSL <= 1.0.2a: 512-bit - # * OpenSSL 1.0.2b to 1.1.1b: 1024-bit - # * OpenSSL >= 1.1.1c: 2048-bit - # Mbed TLS wants >=1024, so force that for older versions. Don't force - # it for newer versions, which reject a 1024-bit prime. Indifferently - # force it or not for intermediate versions. - case $($OPENSSL version) in - "OpenSSL 1.0"*) - O_SERVER_ARGS="$O_SERVER_ARGS -dhparam $DATA_FILES_PATH/dhparams.pem" - ;; - esac - - # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes - if is_dtls "$MODE"; then - O_SERVER_ARGS="$O_SERVER_ARGS" - else - O_SERVER_ARGS="$O_SERVER_ARGS -www" - fi - - M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" - O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE" - G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" - - # Newer versions of OpenSSL have a syntax to enable all "ciphers", even - # low-security ones. This covers not just cipher suites but also protocol - # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on - # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in - # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find - # a way to discover it from -help, so check the openssl version. - case $($OPENSSL version) in - "OpenSSL 0"*|"OpenSSL 1.0"*) :;; - *) - O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0" - O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0" - ;; - esac - - case $($OPENSSL ciphers ALL) in - *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";; - *) O_SUPPORT_STATIC_ECDH="NO";; - esac - - case $($OPENSSL ciphers ALL) in - *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";; - *) O_SUPPORT_SINGLE_DES="NO";; - esac - - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL - # supports -dtls1_2 from the s_server help. (The s_client - # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 - # but doesn't list it. But the s_server help seems to be - # accurate.) - O_SUPPORT_DTLS12="NO" - if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then - O_SUPPORT_DTLS12="YES" - fi - - if [ "X$VERIFY" = "XYES" ]; - then - M_SERVER_ARGS="$M_SERVER_ARGS ca_file=$DATA_FILES_PATH/test-ca_cat12.crt auth_mode=required" - O_SERVER_ARGS="$O_SERVER_ARGS -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -Verify 10" - G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --require-client-cert" - - M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=$DATA_FILES_PATH/test-ca_cat12.crt auth_mode=required" - O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -verify 10" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" - else - # don't request a client cert at all - M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" - G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" - - M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none" - O_CLIENT_ARGS="$O_CLIENT_ARGS" - G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" - fi - - case $TYPE in - "ECDSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" - - if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $DATA_FILES_PATH/server6.crt -key $DATA_FILES_PATH/server6.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $DATA_FILES_PATH/server6.crt --x509keyfile $DATA_FILES_PATH/server6.key" - else - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" - fi - ;; - - "RSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key" - - if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$DATA_FILES_PATH/cert_sha256.crt key_file=$DATA_FILES_PATH/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $DATA_FILES_PATH/cert_sha256.crt -key $DATA_FILES_PATH/server1.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $DATA_FILES_PATH/cert_sha256.crt --x509keyfile $DATA_FILES_PATH/server1.key" - else - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" - fi - ;; - - "PSK") - M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none" - O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" - G_SERVER_ARGS="$G_SERVER_ARGS --pskpasswd $DATA_FILES_PATH/passwd.psk" - - M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" - O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" - G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" - ;; - esac -} - -# is_mbedtls -is_mbedtls() { - case $1 in - *ssl_client2*) true;; - *ssl_server2*) true;; - *) false;; - esac -} - -# has_mem_err -has_mem_err() { - if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && - grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null - then - return 1 # false: does not have errors - else - return 0 # true: has errors - fi -} - -# Wait for process $2 to be listening on port $1 -if type lsof >/dev/null 2>/dev/null; then - wait_server_start() { - START_TIME=$(date +%s) - if is_dtls "$MODE"; then - proto=UDP - else - proto=TCP - fi - while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do - if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "SERVERSTART TIMEOUT" - echo "SERVERSTART TIMEOUT" >> $SRV_OUT - break - fi - # Linux and *BSD support decimal arguments to sleep. On other - # OSes this may be a tight loop. - sleep 0.1 2>/dev/null || true - done - } -else - echo "Warning: lsof not available, wait_server_start = sleep" - wait_server_start() { - sleep 2 - } -fi - - -# start_server -# also saves name and command -start_server() { - case $1 in - [Oo]pen*) - SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS" - ;; - [Gg]nu*) - SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" - ;; - mbed*) - SERVER_CMD="$M_SRV $M_SERVER_ARGS" - if [ "$MEMCHECK" -gt 0 ]; then - SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" - fi - ;; - *) - echo "error: invalid server name: $1" >&2 - exit 1 - ;; - esac - SERVER_NAME=$1 - - log "$SERVER_CMD" - echo "$SERVER_CMD" > $SRV_OUT - # for servers without -www or equivalent - while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & - SRV_PID=$! - - wait_server_start "$PORT" "$SRV_PID" -} - -# terminate the running server -stop_server() { - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to SRV_OUT - kill $SRV_PID >/dev/null 2>&1 - wait $SRV_PID >> $SRV_OUT 2>&1 - - if [ "$MEMCHECK" -gt 0 ]; then - if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then - echo " ! Server had memory errors" - SRVMEM=$(( $SRVMEM + 1 )) - return - fi - fi - - rm -f $SRV_OUT -} - -# kill the running server (used when killed by signal) -cleanup() { - rm -f $SRV_OUT $CLI_OUT - kill $SRV_PID >/dev/null 2>&1 - kill $WATCHDOG_PID >/dev/null 2>&1 - exit 1 -} - -# wait for client to terminate and set EXIT -# must be called right after starting the client -wait_client_done() { - CLI_PID=$! - - ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) & - WATCHDOG_PID=$! - - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to CLI_OUT - wait $CLI_PID >> $CLI_OUT 2>&1 - EXIT=$? - - kill $WATCHDOG_PID >/dev/null 2>&1 - wait $WATCHDOG_PID >> $CLI_OUT 2>&1 - - echo "EXIT: $EXIT" >> $CLI_OUT -} - -# uniform_title -# $TITLE is considered as test case description for both --list-test-cases and -# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of -# each test case description. -uniform_title() { - TITLE="$1->$2 $MODE,$VERIF $3" -} - -# record_outcome [] -record_outcome() { - echo "$1" - if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then - # The test outcome file has the format (in single line): - # platform;configuration; - # test suite name;test case description; - # PASS/FAIL/SKIP;[failure cause] - printf '%s;%s;%s;%s;%s;%s\n' \ - "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ - "compat" "$TITLE" \ - "$1" "${2-}" \ - >> "$MBEDTLS_TEST_OUTCOME_FILE" - fi -} - -save_logs() { - cp $SRV_OUT c-srv-${TESTS}.log - cp $CLI_OUT c-cli-${TESTS}.log -} - -# display additional information if test case fails -report_fail() { - FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" - record_outcome "FAIL" "$FAIL_PROMPT" - save_logs - echo " ! $FAIL_PROMPT" - - if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then - echo " ! server output:" - cat c-srv-${TESTS}.log - echo " ! ===================================================" - echo " ! client output:" - cat c-cli-${TESTS}.log - fi -} - -# run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE -run_client() { - # announce what we're going to do - TESTS=$(( $TESTS + 1 )) - uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2 - DOTS72="........................................................................" - printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" - - # should we skip? - if [ "X$SKIP_NEXT" = "XYES" ]; then - SKIP_NEXT="NO" - record_outcome "SKIP" - SKIPPED=$(( $SKIPPED + 1 )) - return - fi - - # run the command and interpret result - case $1 in - [Oo]pen*) - CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $3" - log "$CLIENT_CMD" - echo "$CLIENT_CMD" > $CLI_OUT - printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & - wait_client_done - - if [ $EXIT -eq 0 ]; then - RESULT=0 - else - # If it is NULL cipher ... - if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then - RESULT=1 - else - RESULT=2 - fi - fi - ;; - - [Gg]nu*) - CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$3 localhost" - log "$CLIENT_CMD" - echo "$CLIENT_CMD" > $CLI_OUT - printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & - wait_client_done - - if [ $EXIT -eq 0 ]; then - RESULT=0 - else - RESULT=2 - # interpret early failure, with a handshake_failure alert - # before the server hello, as "no ciphersuite in common" - if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then - if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then : - else - RESULT=1 - fi - fi >/dev/null - fi - ;; - - mbed*) - CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$3" - if [ "$MEMCHECK" -gt 0 ]; then - CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" - fi - log "$CLIENT_CMD" - echo "$CLIENT_CMD" > $CLI_OUT - $CLIENT_CMD >> $CLI_OUT 2>&1 & - wait_client_done - - case $EXIT in - # Success - "0") RESULT=0 ;; - - # Ciphersuite not supported - "2") RESULT=1 ;; - - # Error - *) RESULT=2 ;; - esac - - if [ "$MEMCHECK" -gt 0 ]; then - if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then - RESULT=2 - fi - fi - - ;; - - *) - echo "error: invalid client name: $1" >&2 - exit 1 - ;; - esac - - echo "EXIT: $EXIT" >> $CLI_OUT - - # report and count result - case $RESULT in - "0") - record_outcome "PASS" - if [ "$PRESERVE_LOGS" -gt 0 ]; then - save_logs - fi - ;; - "1") - record_outcome "SKIP" - SKIPPED=$(( $SKIPPED + 1 )) - ;; - "2") - report_fail - FAILED=$(( $FAILED + 1 )) - ;; - esac - - rm -f $CLI_OUT -} - -# -# MAIN -# - -get_options "$@" - -# Make the outcome file path relative to the original directory, not -# to .../tests -case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) - MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" - ;; -esac - -# sanity checks, avoid an avalanche of errors -if [ ! -x "$M_SRV" ]; then - echo "Command '$M_SRV' is not an executable file" >&2 - exit 1 -fi -if [ ! -x "$M_CLI" ]; then - echo "Command '$M_CLI' is not an executable file" >&2 - exit 1 -fi - -if echo "$PEERS" | grep -i openssl > /dev/null; then - if which "$OPENSSL" >/dev/null 2>&1; then :; else - echo "Command '$OPENSSL' not found" >&2 - exit 1 - fi -fi - -if echo "$PEERS" | grep -i gnutls > /dev/null; then - for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do - if which "$CMD" >/dev/null 2>&1; then :; else - echo "Command '$CMD' not found" >&2 - exit 1 - fi - done -fi - -for PEER in $PEERS; do - case "$PEER" in - mbed*|[Oo]pen*|[Gg]nu*) - ;; - *) - echo "Unknown peers: $PEER" >&2 - exit 1 - esac -done - -# Pick a "unique" port in the range 10000-19999. -PORT="0000$$" -PORT="1$(echo $PORT | tail -c 5)" - -# Also pick a unique name for intermediate files -SRV_OUT="srv_out.$$" -CLI_OUT="cli_out.$$" - -# client timeout delay: be more patient with valgrind -if [ "$MEMCHECK" -gt 0 ]; then - DOG_DELAY=30 -else - DOG_DELAY=10 -fi - -SKIP_NEXT="NO" - -trap cleanup INT TERM HUP - -for MODE in $MODES; do - for TYPE in $TYPES; do - - # PSK cipher suites do not allow client certificate verification. - # This means PSK test cases with VERIFY=YES should be replaced by - # VERIFY=NO or be ignored. SUB_VERIFIES variable is used to constrain - # verification option for PSK test cases. - SUB_VERIFIES=$VERIFIES - if [ "$TYPE" = "PSK" ]; then - SUB_VERIFIES="NO" - fi - - for VERIFY in $SUB_VERIFIES; do - VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') - for PEER in $PEERS; do - - setup_arguments - - case "$PEER" in - - [Oo]pen*) - - reset_ciphersuites - add_common_ciphersuites - add_openssl_ciphersuites - filter_ciphersuites - - if [ "X" != "X$M_CIPHERS" ]; then - start_server "OpenSSL" - translate_ciphers m $M_CIPHERS - for i in $ciphers; do - o_check_ciphersuite "${i%%=*}" - run_client mbedTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - if [ "X" != "X$O_CIPHERS" ]; then - start_server "mbedTLS" - translate_ciphers o $O_CIPHERS - for i in $ciphers; do - o_check_ciphersuite "${i%%=*}" - run_client OpenSSL ${i%%=*} ${i#*=} - done - stop_server - fi - - ;; - - [Gg]nu*) - - reset_ciphersuites - add_common_ciphersuites - add_gnutls_ciphersuites - filter_ciphersuites - - if [ "X" != "X$M_CIPHERS" ]; then - start_server "GnuTLS" - translate_ciphers m $M_CIPHERS - for i in $ciphers; do - run_client mbedTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - if [ "X" != "X$G_CIPHERS" ]; then - start_server "mbedTLS" - translate_ciphers g $G_CIPHERS - for i in $ciphers; do - run_client GnuTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - ;; - - mbed*) - - reset_ciphersuites - add_common_ciphersuites - add_openssl_ciphersuites - add_gnutls_ciphersuites - add_mbedtls_ciphersuites - filter_ciphersuites - - if [ "X" != "X$M_CIPHERS" ]; then - start_server "mbedTLS" - translate_ciphers m $M_CIPHERS - for i in $ciphers; do - run_client mbedTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - ;; - - *) - echo "Unknown peer: $PEER" >&2 - exit 1 - ;; - - esac - - done - done - done -done - -echo "------------------------------------------------------------------------" - -if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; then - printf "FAILED" -else - printf "PASSED" -fi - -if [ "$MEMCHECK" -gt 0 ]; then - MEMREPORT=", $SRVMEM server memory errors" -else - MEMREPORT="" -fi - -PASSED=$(( $TESTS - $FAILED )) -echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))" - -if [ $((TESTS - SKIPPED)) -lt $MIN_TESTS ]; then - cat < -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); -#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read -#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ diff --git a/tests/configs/user-config-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h deleted file mode 100644 index c1a1214fd..000000000 --- a/tests/configs/user-config-malloc-0-null.h +++ /dev/null @@ -1,22 +0,0 @@ -/* crypto_config.h modifier that forces calloc(0) to return NULL. - * Used for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -#ifndef MBEDTLS_PLATFORM_STD_CALLOC -static inline void *custom_calloc(size_t nmemb, size_t size) -{ - if (nmemb == 0 || size == 0) { - return NULL; - } - return calloc(nmemb, size); -} - -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc -#endif diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h deleted file mode 100644 index 270d12584..000000000 --- a/tests/configs/user-config-zeroize-memset.h +++ /dev/null @@ -1,17 +0,0 @@ -/* crypto_config.h modifier that defines mbedtls_platform_zeroize() to be - * memset(), so that the compile can check arguments for us. - * Used for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -/* Define _ALT so we don't get the built-in implementation. The test code will - * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the - * declaration. */ -#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) diff --git a/tests/context-info.sh b/tests/context-info.sh deleted file mode 100755 index 6c08b865b..000000000 --- a/tests/context-info.sh +++ /dev/null @@ -1,428 +0,0 @@ -#!/bin/sh - -# context-info.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# This program is intended for testing the ssl_context_info program -# - -set -eu - -if ! cd "$(dirname "$0")"; then - exit 125 -fi - -# Variables - -THIS_SCRIPT_NAME=$(basename "$0") -PROG_PATH="../programs/ssl/ssl_context_info" -OUT_FILE="ssl_context_info.log" -IN_DIR="../framework/data_files/base64" - -USE_VALGRIND=0 - -T_COUNT=0 -T_PASSED=0 -T_FAILED=0 - - -# Functions - -print_usage() { - echo "Usage: $0 [options]" - printf " -h|--help\tPrint this help.\n" - printf " -m|--memcheck\tUse valgrind to check the memory.\n" -} - -# Print test name -print_name() { - printf "%s %.*s " "$1" $(( 71 - ${#1} )) \ - "........................................................................" -} - -# Print header to the test output file -print_header() -{ - date="$(date)" - echo "******************************************************************" > $2 - echo "* File created by: $THIS_SCRIPT_NAME" >> $2 - echo "* Test name: $1" >> $2 - echo "* Date: $date" >> $2 - echo "* Command: $3" >> $2 - echo "******************************************************************" >> $2 - echo "" >> $2 -} - -# Print footer at the end of file -print_footer() -{ - echo "" >> $1 - echo "******************************************************************" >> $1 - echo "* End command" >> $1 - echo "******************************************************************" >> $1 - echo "" >> $1 -} - -# Use the arguments of this script -get_options() { - while [ $# -gt 0 ]; do - case "$1" in - -h|--help) - print_usage - exit 0 - ;; - -m|--memcheck) - USE_VALGRIND=1 - ;; - *) - echo "Unknown argument: '$1'" - print_usage - exit 1 - ;; - esac - shift - done -} - -# Current test failed -fail() -{ - T_FAILED=$(( $T_FAILED + 1)) - FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE" - - echo "FAIL" - echo " Error: $1" - - cp -f "$OUT_FILE" "$FAIL_OUT" - echo "Error: $1" >> "$FAIL_OUT" -} - -# Current test passed -pass() -{ - T_PASSED=$(( $T_PASSED + 1)) - echo "PASS" -} - -# Usage: run_test [ -arg ] [option [...]] -# Options: -m -# -n -# -u -run_test() -{ - TEST_NAME="$1" - RUN_CMD="$PROG_PATH -f $IN_DIR/$2" - - if [ "-arg" = "$3" ]; then - RUN_CMD="$RUN_CMD $4" - shift 4 - else - shift 2 - fi - - # prepend valgrind to our commands if active - if [ "$USE_VALGRIND" -gt 0 ]; then - RUN_CMD="valgrind --leak-check=full $RUN_CMD" - fi - - T_COUNT=$(( $T_COUNT + 1)) - print_name "$TEST_NAME" - - # run tested program - print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD" - eval "$RUN_CMD" >> "$OUT_FILE" 2>&1 - print_footer "$OUT_FILE" - - # check valgrind's results - if [ "$USE_VALGRIND" -gt 0 ]; then - if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" && - grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null - then - fail "Memory error detected" - return - fi - fi - - # check other assertions - # lines beginning with == are added by valgrind, ignore them, because we already checked them before - # lines with 'Serious error when reading debug info', are valgrind issues as well - # lines beginning with * are added by this script, ignore too - while [ $# -gt 0 ] - do - case $1 in - "-m") - if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the output" - return - fi - ;; - - "-n") - if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then - fail "pattern '$2' MUST NOT be present in the output" - return - fi - ;; - - "-u") - if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then - fail "lines following pattern '$2' must be once in the output" - return - fi - ;; - - *) - echo "Unknown test: $1" >&2 - exit 1 - esac - shift 2 - done - - rm -f "$OUT_FILE" - - pass -} - -get_options "$@" - -# Tests - -run_test "Default configuration, server" \ - "srv_def.txt" \ - -n "ERROR" \ - -u "major.* 2$" \ - -u "minor.* 21$" \ - -u "path.* 0$" \ - -u "MBEDTLS_HAVE_TIME$" \ - -u "MBEDTLS_X509_CRT_PARSE_C$" \ - -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -u "MBEDTLS_SSL_ALPN$" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* SHA256$" \ - -u "compression.* disabled$" \ - -u "DTLS datagram packing.* enabled$" \ - -n "Certificate" \ - -n "bytes left to analyze from context" - -run_test "Default configuration, client" \ - "cli_def.txt" \ - -n "ERROR" \ - -u "major.* 2$" \ - -u "minor.* 21$" \ - -u "path.* 0$" \ - -u "MBEDTLS_HAVE_TIME$" \ - -u "MBEDTLS_X509_CRT_PARSE_C$" \ - -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -u "MBEDTLS_SSL_ALPN$" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* SHA256$" \ - -u "compression.* disabled$" \ - -u "DTLS datagram packing.* enabled$" \ - -u "cert. version .* 3$" \ - -u "serial number.* 02$" \ - -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \ - -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \ - -u "issued on.* 2019-02-10 14:44:06$" \ - -u "expires on.* 2029-02-10 14:44:06$" \ - -u "signed using.* RSA with SHA-256$" \ - -u "RSA key size.* 2048 bits$" \ - -u "basic constraints.* CA=false$" \ - -n "bytes left to analyze from context" - -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ - "srv_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ - "cli_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - -run_test "No packing, server" \ - "srv_no_packing.txt" \ - -n "ERROR" \ - -u "DTLS datagram packing.* disabled" - -run_test "No packing, client" \ - "cli_no_packing.txt" \ - -n "ERROR" \ - -u "DTLS datagram packing.* disabled" - -run_test "DTLS CID, server" \ - "srv_cid.txt" \ - -n "ERROR" \ - -u "in CID.* DE AD" \ - -u "out CID.* BE EF" - -run_test "DTLS CID, client" \ - "cli_cid.txt" \ - -n "ERROR" \ - -u "in CID.* BE EF" \ - -u "out CID.* DE AD" - -run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \ - "srv_no_mfl.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - -run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \ - "cli_no_mfl.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - -run_test "No MBEDTLS_SSL_ALPN, server" \ - "srv_no_alpn.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_ALPN" - -run_test "No MBEDTLS_SSL_ALPN, client" \ - "cli_no_alpn.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_ALPN" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \ - "srv_no_keep_cert.txt" \ - -arg "--keep-peer-cert=0" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00" \ - -u "compression.* disabled" \ - -u "DTLS datagram packing.* enabled" \ - -n "ERROR" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \ - "cli_no_keep_cert.txt" \ - -arg "--keep-peer-cert=0" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00" \ - -u "compression.* disabled" \ - -u "DTLS datagram packing.* enabled" \ - -n "ERROR" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \ - "srv_no_keep_cert.txt" \ - -m "Deserializing" \ - -m "ERROR" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \ - "cli_no_keep_cert.txt" \ - -m "Deserializing" \ - -m "ERROR" - -run_test "Minimal configuration, server" \ - "srv_min_cfg.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -n "MBEDTLS_SSL_ALPN$" \ - -run_test "Minimal configuration, client" \ - "cli_min_cfg.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -n "MBEDTLS_SSL_ALPN$" \ - -run_test "MTU=10000" \ - "mtu_10000.txt" \ - -n "ERROR" \ - -u "MTU.* 10000$" - -run_test "MFL=1024" \ - "mfl_1024.txt" \ - -n "ERROR" \ - -u "MFL.* 1024$" - -run_test "Older version (v2.19.1)" \ - "v2.19.1.txt" \ - -n "ERROR" \ - -u "major.* 2$" \ - -u "minor.* 19$" \ - -u "path.* 1$" \ - -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ - -u "Message-Digest.* SHA256$" \ - -u "compression.* disabled$" \ - -u "serial number.* 01:70:AF:40:B4:E6$" \ - -u "issuer name.* CN=ca$" \ - -u "subject name.* L=160001, OU=acc1, CN=device01$" \ - -u "issued on.* 2020-03-06 09:50:18$" \ - -u "expires on.* 2056-02-26 09:50:18$" \ - -u "signed using.* ECDSA with SHA256$" \ - -u "lifetime.* 0 sec.$" \ - -u "MFL.* none$" \ - -u "negotiate truncated HMAC.* disabled$" \ - -u "Encrypt-then-MAC.* enabled$" \ - -u "DTLS datagram packing.* enabled$" \ - -u "verify result.* 0x00000000$" \ - -n "bytes left to analyze from context" - -run_test "Wrong base64 format" \ - "def_bad_b64.txt" \ - -m "ERROR" \ - -u "The length of the base64 code found should be a multiple of 4" \ - -n "bytes left to analyze from context" - -run_test "Too much data at the beginning of base64 code" \ - "def_b64_too_big_1.txt" \ - -m "ERROR" \ - -n "The length of the base64 code found should be a multiple of 4" \ - -run_test "Too much data in the middle of base64 code" \ - "def_b64_too_big_2.txt" \ - -m "ERROR" \ - -n "The length of the base64 code found should be a multiple of 4" \ - -run_test "Too much data at the end of base64 code" \ - "def_b64_too_big_3.txt" \ - -m "ERROR" \ - -n "The length of the base64 code found should be a multiple of 4" \ - -u "bytes left to analyze from context" - -run_test "Empty file as input" \ - "empty.txt" \ - -u "Finished. No valid base64 code found" - -run_test "Not empty file without base64 code" \ - "../../../tests/context-info.sh" \ - -n "Deserializing" - -run_test "Binary file instead of text file" \ - "../../../programs/ssl/ssl_context_info" \ - -m "ERROR" \ - -u "Too many bad symbols detected. File check aborted" \ - -n "Deserializing" - -run_test "Decoder continues past 0xff character" \ - "def_b64_ff.bin" \ - -n "No valid base64" \ - -u "ciphersuite.* TLS-" - - -# End of tests - -echo -if [ $T_FAILED -eq 0 ]; then - echo "PASSED ( $T_COUNT tests )" -else - echo "FAILED ( $T_FAILED / $T_COUNT tests )" -fi - -exit $T_FAILED diff --git a/tests/git-scripts/README.md b/tests/git-scripts/README.md deleted file mode 100644 index 23db168c3..000000000 --- a/tests/git-scripts/README.md +++ /dev/null @@ -1,16 +0,0 @@ -README for git hooks script -=========================== -git has a way to run scripts, which are invoked by specific git commands. -The git hooks are located in `/.git/hooks`, and as such are not under version control -for more information, see the [git documentation](https://git-scm.com/docs/githooks). - -The Mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tests/git-scripts`, in order to make the hook scripts successfully work. - -Example: - -Execute the following command to create a link on Linux from the Mbed TLS `.git/hooks` directory: -`ln -s ../../tests/git-scripts/pre-push.sh pre-push` - -**Note: Currently the Mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** - -These scripts can also be used independently. diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh deleted file mode 100755 index 9192678a5..000000000 --- a/tests/git-scripts/pre-push.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# pre-push.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Called by "git push" after it has checked the remote status, but before anything has been -# pushed. If this script exits with a non-zero status nothing will be pushed. -# This script can also be used independently, not using git. -# -# This hook is called with the following parameters: -# -# $1 -- Name of the remote to which the push is being done -# $2 -- URL to which the push is being done -# -# If pushing without using a named remote those arguments will be equal. -# -# Information about the commits which are being pushed is supplied as lines to -# the standard input in the form: -# -# -# - -REMOTE="$1" -URL="$2" - -echo "REMOTE is $REMOTE" -echo "URL is $URL" - -set -eu - -tests/scripts/all.sh -q -k 'check_*' diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h deleted file mode 100644 index 67573926e..000000000 --- a/tests/include/alt-dummy/platform_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PLATFORM_ALT_H -#define PLATFORM_ALT_H - -typedef struct mbedtls_platform_context { - int dummy; -} -mbedtls_platform_context; - - -#endif /* platform_alt.h */ diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h deleted file mode 100644 index 07d5da427..000000000 --- a/tests/include/alt-dummy/threading_alt.h +++ /dev/null @@ -1,14 +0,0 @@ -/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef THREADING_ALT_H -#define THREADING_ALT_H - -typedef struct mbedtls_threading_mutex_t { - int dummy; -} mbedtls_threading_mutex_t; - -#endif /* threading_alt.h */ diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h deleted file mode 100644 index 69bee60f6..000000000 --- a/tests/include/alt-dummy/timing_alt.h +++ /dev/null @@ -1,19 +0,0 @@ -/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TIMING_ALT_H -#define TIMING_ALT_H - -struct mbedtls_timing_hr_time { - int dummy; -}; - -typedef struct mbedtls_timing_delay_context { - int dummy; -} mbedtls_timing_delay_context; - - -#endif /* timing_alt.h */ diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h deleted file mode 100644 index db69536a6..000000000 --- a/tests/include/test/certs.h +++ /dev/null @@ -1,234 +0,0 @@ -/** - * \file certs.h - * - * \brief Sample certificates and DHM parameters for testing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_CERTS_H -#define MBEDTLS_CERTS_H - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* List of all PEM-encoded CA certificates, terminated by NULL; - * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded - * otherwise. */ -extern const char *mbedtls_test_cas[]; -extern const size_t mbedtls_test_cas_len[]; - -/* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char *mbedtls_test_cas_der[]; -extern const size_t mbedtls_test_cas_der_len[]; - -#if defined(MBEDTLS_PEM_PARSE_C) -/* Concatenation of all CA certificates in PEM format if available */ -extern const char mbedtls_test_cas_pem[]; -extern const size_t mbedtls_test_cas_pem_len; -#endif /* MBEDTLS_PEM_PARSE_C */ - -/* - * CA test certificates - */ - -extern const char mbedtls_test_ca_crt_ec_pem[]; -extern const char mbedtls_test_ca_key_ec_pem[]; -extern const char mbedtls_test_ca_pwd_ec_pem[]; -extern const char mbedtls_test_ca_key_rsa_pem[]; -extern const char mbedtls_test_ca_pwd_rsa_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_ca_crt_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_rsa_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_ca_crt_ec_pem_len; -extern const size_t mbedtls_test_ca_key_ec_pem_len; -extern const size_t mbedtls_test_ca_pwd_ec_pem_len; -extern const size_t mbedtls_test_ca_key_rsa_pem_len; -extern const size_t mbedtls_test_ca_pwd_rsa_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_ca_crt_ec_der_len; -extern const size_t mbedtls_test_ca_key_ec_der_len; -extern const size_t mbedtls_test_ca_pwd_ec_der_len; -extern const size_t mbedtls_test_ca_key_rsa_der_len; -extern const size_t mbedtls_test_ca_pwd_rsa_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_ca_crt_ec[]; -extern const char mbedtls_test_ca_key_ec[]; -extern const char mbedtls_test_ca_pwd_ec[]; -extern const char mbedtls_test_ca_key_rsa[]; -extern const char mbedtls_test_ca_pwd_rsa[]; -extern const char mbedtls_test_ca_crt_rsa_sha1[]; -extern const char mbedtls_test_ca_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_ca_crt_ec_len; -extern const size_t mbedtls_test_ca_key_ec_len; -extern const size_t mbedtls_test_ca_pwd_ec_len; -extern const size_t mbedtls_test_ca_key_rsa_len; -extern const size_t mbedtls_test_ca_pwd_rsa_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_ca_crt_rsa[]; -extern const size_t mbedtls_test_ca_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_ca_crt; -extern const char *mbedtls_test_ca_key; -extern const char *mbedtls_test_ca_pwd; -extern const size_t mbedtls_test_ca_crt_len; -extern const size_t mbedtls_test_ca_key_len; -extern const size_t mbedtls_test_ca_pwd_len; - -/* - * Server test certificates - */ - -extern const char mbedtls_test_srv_crt_ec_pem[]; -extern const char mbedtls_test_srv_key_ec_pem[]; -extern const char mbedtls_test_srv_pwd_ec_pem[]; -extern const char mbedtls_test_srv_key_rsa_pem[]; -extern const char mbedtls_test_srv_pwd_rsa_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_srv_crt_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_rsa_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_srv_crt_ec_pem_len; -extern const size_t mbedtls_test_srv_key_ec_pem_len; -extern const size_t mbedtls_test_srv_pwd_ec_pem_len; -extern const size_t mbedtls_test_srv_key_rsa_pem_len; -extern const size_t mbedtls_test_srv_pwd_rsa_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_srv_crt_ec_der_len; -extern const size_t mbedtls_test_srv_key_ec_der_len; -extern const size_t mbedtls_test_srv_pwd_ec_der_len; -extern const size_t mbedtls_test_srv_key_rsa_der_len; -extern const size_t mbedtls_test_srv_pwd_rsa_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_srv_crt_ec[]; -extern const char mbedtls_test_srv_key_ec[]; -extern const char mbedtls_test_srv_pwd_ec[]; -extern const char mbedtls_test_srv_key_rsa[]; -extern const char mbedtls_test_srv_pwd_rsa[]; -extern const char mbedtls_test_srv_crt_rsa_sha1[]; -extern const char mbedtls_test_srv_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_srv_crt_ec_len; -extern const size_t mbedtls_test_srv_key_ec_len; -extern const size_t mbedtls_test_srv_pwd_ec_len; -extern const size_t mbedtls_test_srv_key_rsa_len; -extern const size_t mbedtls_test_srv_pwd_rsa_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_srv_crt_rsa[]; -extern const size_t mbedtls_test_srv_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_srv_crt; -extern const char *mbedtls_test_srv_key; -extern const char *mbedtls_test_srv_pwd; -extern const size_t mbedtls_test_srv_crt_len; -extern const size_t mbedtls_test_srv_key_len; -extern const size_t mbedtls_test_srv_pwd_len; - -/* - * Client test certificates - */ - -extern const char mbedtls_test_cli_crt_ec_pem[]; -extern const char mbedtls_test_cli_key_ec_pem[]; -extern const char mbedtls_test_cli_pwd_ec_pem[]; -extern const char mbedtls_test_cli_key_rsa_pem[]; -extern const char mbedtls_test_cli_pwd_rsa_pem[]; -extern const char mbedtls_test_cli_crt_rsa_pem[]; - -extern const unsigned char mbedtls_test_cli_crt_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_rsa_der[]; -extern const unsigned char mbedtls_test_cli_crt_rsa_der[]; - -extern const size_t mbedtls_test_cli_crt_ec_pem_len; -extern const size_t mbedtls_test_cli_key_ec_pem_len; -extern const size_t mbedtls_test_cli_pwd_ec_pem_len; -extern const size_t mbedtls_test_cli_key_rsa_pem_len; -extern const size_t mbedtls_test_cli_pwd_rsa_pem_len; -extern const size_t mbedtls_test_cli_crt_rsa_pem_len; - -extern const size_t mbedtls_test_cli_crt_ec_der_len; -extern const size_t mbedtls_test_cli_key_ec_der_len; -extern const size_t mbedtls_test_cli_key_rsa_der_len; -extern const size_t mbedtls_test_cli_crt_rsa_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_cli_crt_ec[]; -extern const char mbedtls_test_cli_key_ec[]; -extern const char mbedtls_test_cli_pwd_ec[]; -extern const char mbedtls_test_cli_key_rsa[]; -extern const char mbedtls_test_cli_pwd_rsa[]; -extern const char mbedtls_test_cli_crt_rsa[]; - -extern const size_t mbedtls_test_cli_crt_ec_len; -extern const size_t mbedtls_test_cli_key_ec_len; -extern const size_t mbedtls_test_cli_pwd_ec_len; -extern const size_t mbedtls_test_cli_key_rsa_len; -extern const size_t mbedtls_test_cli_pwd_rsa_len; -extern const size_t mbedtls_test_cli_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_cli_crt; -extern const char *mbedtls_test_cli_key; -extern const char *mbedtls_test_cli_pwd; -extern const size_t mbedtls_test_cli_crt_len; -extern const size_t mbedtls_test_cli_key_len; -extern const size_t mbedtls_test_cli_pwd_len; - -#ifdef __cplusplus -} -#endif - -#endif /* certs.h */ diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h deleted file mode 100644 index 90d51b783..000000000 --- a/tests/include/test/ssl_helpers.h +++ /dev/null @@ -1,664 +0,0 @@ -/** \file ssl_helpers.h - * - * \brief This file contains helper functions to set up a TLS connection. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef SSL_HELPERS_H -#define SSL_HELPERS_H - -#include "mbedtls/build_info.h" - -#include - -#include -#include -#include -#include - -#if defined(MBEDTLS_SSL_TLS_C) -#include -#include -#include - -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 -#endif -#if defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 -#endif -#endif /* PSA_WANT_ALG_GCM */ -#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 -#endif -#endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 -#endif - -#if defined(MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256) -#define MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -#endif -enum { -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - tls13_label_ ## name, - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL -}; - -#if defined(MBEDTLS_SSL_ALPN) -#define MBEDTLS_TEST_MAX_ALPN_LIST_SIZE 10 -#endif - -typedef struct mbedtls_test_ssl_log_pattern { - const char *pattern; - size_t counter; -} mbedtls_test_ssl_log_pattern; - -typedef struct mbedtls_test_handshake_test_options { - const char *cipher; - uint16_t *group_list; - mbedtls_ssl_protocol_version client_min_version; - mbedtls_ssl_protocol_version client_max_version; - mbedtls_ssl_protocol_version server_min_version; - mbedtls_ssl_protocol_version server_max_version; - mbedtls_ssl_protocol_version expected_negotiated_version; - int expected_handshake_result; - int expected_ciphersuite; - int pk_alg; - int opaque_alg; - int opaque_alg2; - int opaque_usage; - data_t *psk_str; - int dtls; - int srv_auth_mode; - int serialize; - int mfl; - int cli_msg_len; - int srv_msg_len; - int expected_cli_fragments; - int expected_srv_fragments; - int renegotiate; - int legacy_renegotiation; - void *srv_log_obj; - void *cli_log_obj; - void (*srv_log_fun)(void *, int, const char *, int, const char *); - void (*cli_log_fun)(void *, int, const char *, int, const char *); - int resize_buffers; - int early_data; - int max_early_data_size; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context *cache; -#endif -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[MBEDTLS_TEST_MAX_ALPN_LIST_SIZE]; -#endif -} mbedtls_test_handshake_test_options; - -/* - * Buffer structure for custom I/O callbacks. - */ -typedef struct mbedtls_test_ssl_buffer { - size_t start; - size_t content_length; - size_t capacity; - unsigned char *buffer; -} mbedtls_test_ssl_buffer; - -/* - * Context for a message metadata queue (fifo) that is on top of the ring buffer. - */ -typedef struct mbedtls_test_ssl_message_queue { - size_t *messages; - int pos; - int num; - int capacity; -} mbedtls_test_ssl_message_queue; - -/* - * Context for the I/O callbacks simulating network connection. - */ - -#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 - -typedef struct mbedtls_test_mock_socket { - int status; - mbedtls_test_ssl_buffer *input; - mbedtls_test_ssl_buffer *output; - struct mbedtls_test_mock_socket *peer; -} mbedtls_test_mock_socket; - -/* Errors used in the message socket mocks */ - -#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 -#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 -#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 - -/* - * Structure used as an addon, or a wrapper, around the mocked sockets. - * Contains an input queue, to which the other socket pushes metadata, - * and an output queue, to which this one pushes metadata. This context is - * considered as an owner of the input queue only, which is initialized and - * freed in the respective setup and free calls. - */ -typedef struct mbedtls_test_message_socket_context { - mbedtls_test_ssl_message_queue *queue_input; - mbedtls_test_ssl_message_queue *queue_output; - mbedtls_test_mock_socket *socket; -} mbedtls_test_message_socket_context; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Structure with endpoint's certificates for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint_certificate { - mbedtls_x509_crt *ca_cert; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint_certificate; - -/* - * Endpoint structure for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint { - const char *name; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_test_mock_socket socket; - mbedtls_test_ssl_endpoint_certificate cert; -} mbedtls_test_ssl_endpoint; - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Random number generator aimed for TLS unitary tests. Its main purpose is to - * simplify the set-up of a random number generator for TLS - * unitary tests: no need to set up a good entropy source for example. - */ -int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len); - -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str); - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts); - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts); - -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); - -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity); - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); - -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len); - -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len); - -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity); - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue); - -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len); - -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len); - -/* - * Setup and teardown functions for mock sockets. - */ -void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); - -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_test_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); - -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_test_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize); - - -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len); - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); - -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len); - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx); - -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx); - -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx); - -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len); - -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. - */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage); - -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue); - -/* - * Deinitializes endpoint represented by \p ep. - */ -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context); - -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state); - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && - PSA_WANT_KEY_TYPE_AES */ - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -/** - * \param[in,out] record The record to prepare. - * It must contain the data to MAC at offset - * `record->data_offset`, of length - * `record->data_length`. - * On success, write the MAC immediately - * after the data and increment - * `record->data_length` accordingly. - * \param[in,out] transform_out The out transform, typically prepared by - * mbedtls_test_ssl_build_transforms(). - * Its HMAC context may be used. Other than that - * it is treated as an input parameter. - * - * \return 0 on success, an `MBEDTLS_ERR_xxx` error code - * or -1 on error. - */ -int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, - mbedtls_ssl_transform *transform_out); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type, - const char *crt_file); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_exchange_data( - mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -/* - * Tweak vector lengths in a TLS 1.3 Certificate message - * - * \param[in] buf Buffer containing the Certificate message to tweak - * \param[in]]out] end End of the buffer to parse - * \param tweak Tweak identifier (from 1 to the number of tweaks). - * \param[out] expected_result Error code expected from the parsing function - * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that - * is expected to fail. All zeroes if no - * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. - */ -int mbedtls_test_tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_test_ticket_write( - void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *ticket_lifetime); - -int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len); -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_get_tls13_ticket( - mbedtls_test_handshake_test_options *client_options, - mbedtls_test_handshake_test_options *server_options, - mbedtls_ssl_session *session); -#endif - -#define ECJPAKE_TEST_PWD "bla" - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = (use_opaque_arg) ? \ - mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ - mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#else -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ - pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - group_id_); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - tls_id_); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_type, &psa_bits), PSA_SUCCESS); \ - TEST_EQUAL(psa_family_, PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type)); \ - TEST_EQUAL(psa_bits_, psa_bits); - -#define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - MBEDTLS_ECP_DP_NONE); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - 0); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_type, &psa_bits), \ - PSA_ERROR_NOT_SUPPORTED); - -#endif /* MBEDTLS_SSL_TLS_C */ - -#endif /* SSL_HELPERS_H */ diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh deleted file mode 100755 index e57d09d34..000000000 --- a/tests/make-in-docker.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu - -# make-in-docker.sh -# -# Purpose -# ------- -# This runs make in a Docker container. -# -# See also: -# - scripts/docker_env.sh for general Docker prerequisites and other information. -# -# WARNING: the Dockerfile used by this script is no longer maintained! See -# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start -# for the set of Docker images we use on the CI. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -source tests/scripts/docker_env.sh - -run_in_docker make $@ diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh deleted file mode 100644 index 88f3b1297..000000000 --- a/tests/opt-testcases/sample.sh +++ /dev/null @@ -1,383 +0,0 @@ -# Test that SSL sample programs can interoperate with each other -# and with OpenSSL and GnuTLS. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -: ${PROGRAMS_DIR:=../programs/ssl} - -# Disable session tickets for ssl_client1 when potentially using TLS 1.3 -# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved -# and (if relevant) implemented in ssl_client1. -run_test "Sample: ssl_client1, ssl_server2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server2 tickets=0" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_client1, openssl server, TLS 1.2" \ - -P 4433 \ - "$O_SRV -tls1_2" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -c "Protocol.*TLSv1.2" \ - -S "ERROR" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \ - -P 4433 \ - "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "Version: TLS1.2" \ - -c "Protocol version:TLS1.2" \ - -S "Error" \ - -C "error" - -# Disable session tickets for ssl_client1 when using TLS 1.3 -# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved -# and (if relevant) implemented in ssl_client1. -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_client1, openssl server, TLS 1.3" \ - -P 4433 \ - "$O_NEXT_SRV -tls1_3 -num_tickets 0" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -c "New, TLSv1.3, Cipher is" \ - -S "ERROR" \ - -C "error" - -# Disable session tickets for ssl_client1 when using TLS 1.3 -# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved -# and (if relevant) implemented in ssl_client1. -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \ - -P 4433 \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 --noticket" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "Version: TLS1.3" \ - -c "Protocol version:TLS1.3" \ - -S "Error" \ - -C "error" - -# The server complains of extra data after it closes the connection -# because the client keeps sending data, so the server receives -# more application data when it expects a new handshake. We consider -# the test a success if both sides have sent and received application -# data, no matter what happens afterwards. -run_test "Sample: dtls_client, ssl_server2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -C "error" - -# The dtls_client program connects to localhost. This test case fails on -# systems where the name "localhost" resolves to an IPv6 address, but -# the IPv6 connection is not possible. Possible reasons include: -# * OpenSSL is too old (IPv6 support was added in 1.1.0). -# * OpenSSL was built without IPv6 support. -# * A firewall blocks IPv6. -# -# To facilitate working with this test case, have it run with $OPENSSL_NEXT -# which is at least 1.1.1a. At the time it was introduced, this test case -# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled. -requires_protocol_version dtls12 -run_test "Sample: dtls_client, openssl server, DTLS 1.2" \ - -P 4433 \ - "$O_NEXT_SRV -dtls1_2" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "Echo this" \ - -c "Echo this" \ - -c "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -S "ERROR" \ - -C "error" - -requires_protocol_version dtls12 -run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \ - -P 4433 \ - "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "Server listening" \ - -s "[1-9][0-9]* bytes command:" \ - -c "Echo this" \ - -c "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -S "Error" \ - -C "error" - -run_test "Sample: ssl_server, ssl_client2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$PROGRAMS_DIR/ssl_client2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client1 with ssl_server" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_server, openssl client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$O_CLI -tls1_2" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls12 -run_test "Sample: ssl_server, gnutls client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Description:.*TLS1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_server, openssl client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "New, TLSv1.3, Cipher is" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_server, gnutls client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "Description:.*TLS1.3" \ - -S "error" \ - -C "ERROR" - -run_test "Sample: ssl_fork_server, ssl_client2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$PROGRAMS_DIR/ssl_client2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client1 with ssl_fork_server" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$O_CLI -tls1_2" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls12 -run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Description:.*TLS1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "New, TLSv1.3, Cipher is" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "Description:.*TLS1.3" \ - -S "error" \ - -C "ERROR" - -run_test "Sample: ssl_pthread_server, ssl_client2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$PROGRAMS_DIR/ssl_client2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client1 with ssl_pthread_server" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$O_CLI -tls1_2" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls12 -run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Description:.*TLS1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "New, TLSv1.3, Cipher is" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "Description:.*TLS1.3" \ - -S "error" \ - -C "ERROR" - -run_test "Sample: dtls_client with dtls_server" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client2, dtls_server" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$PROGRAMS_DIR/ssl_client2 dtls=1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version dtls12 -run_test "Sample: dtls_server, openssl client, DTLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$O_CLI -dtls1_2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version dtls12 -run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "Description:.*DTLS1.2" \ - -S "error" \ - -C "ERROR" diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh deleted file mode 100644 index 1bb251fdb..000000000 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ /dev/null @@ -1,3325 +0,0 @@ -# Systematic testing of TLS 1.3 key exchange modes. - -# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by -# scripts in future(#6280) - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: all/psk, good" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No suitable PSK key exchange mode" \ - -S "Pre shared key found" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No suitable PSK key exchange mode" \ - -S "Pre shared key found" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: secp256r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: secp521r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: x25519" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: x448" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: all/psk, good" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No suitable PSK key exchange mode" \ - -S "Pre shared key found" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: secp256r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_521 -run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: secp521r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255 -run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: x25519" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448 -run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: x448" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ - "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ - 0 \ - -s "write selected_group: secp384r1" \ - -s "HRR selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ - 0 \ - -s "write selected_group: secp384r1" \ - -s "HRR selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - - -# Add psk test cases for mbedtls client code - -# MbedTls->MbedTLS kinds of tls13_kex_modes -# PSK mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->m: psk/psk, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# psk_ephemeral mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# ephemeral mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 1 \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 1 \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 1 \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -# ephemeral_all mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "key exchange mode: ephemeral" \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "key exchange mode: ephemeral" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "key exchange mode: ephemeral" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# psk_all mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# all mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "key exchange mode: ephemeral" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -#OPENSSL-SERVER psk mode -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->O: psk/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" - -#OPENSSL-SERVER psk_all mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_all/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER psk_ephemeral mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER ephemeral mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER ephemeral_all mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER all mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: all/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -#GNUTLS-SERVER psk mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->G: psk/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" - -#GNUTLS-SERVER psk_all mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_all/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER psk_ephemeral mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER ephemeral mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER ephemeral_all mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER all mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: all/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh deleted file mode 100644 index cc6a31d79..000000000 --- a/tests/opt-testcases/tls13-misc.sh +++ /dev/null @@ -1,1310 +0,0 @@ -# Miscellaneous tests of TLS 1.3 features. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ - "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 0" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -S "ticket is not authentic" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ - "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -s "ticket is not authentic" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "key exchange mode: psk$" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "key exchange mode: psk_ephemeral$" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "key exchange mode: ephemeral$" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption with servername" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption with early data" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -C "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -C "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -C "received max_early_data_size" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -c "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ - "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -C "received max_early_data_size" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -c "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -C "bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -C "bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... failed" \ - -S "Protocol is TLSv1.3" \ - -S "key exchange mode: psk" \ - -S "Select PSK ciphersuite" \ - -s "Ticket lifetime (604801) is greater than 7 days." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \ - "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -c "Discard new session ticket" \ - -c "Reconnecting with saved session... failed" \ - -s "Protocol is TLSv1.3" \ - -S "key exchange mode: psk" \ - -S "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, servername check failed" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "Hostname mismatch the session ticket, disable session resumption." \ - -s "Protocol is TLSv1.3" \ - -S "key exchange mode: psk" \ - -S "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -s "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket expired." \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -s "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -s "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -s "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->O: resumption" \ - "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS -run_test "TLS 1.3 m->O: resumption fails, no ticket support" \ - "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -C "Reconnecting with saved session... ok" \ - -c "Ignore NewSessionTicket, not supported." - -# No early data m->O tests for the time being. The option -early_data is needed -# to enable early data on OpenSSL server and it is not compatible with the -# -www option we usually use for testing with OpenSSL server (see -# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the -# ephemeral then ticket based scenario we use for early data testing the first -# handshake fails. The following skipped test is here to illustrate the kind -# of testing we would like to do. -# https://github.com/Mbed-TLS/mbedtls/issues/9582 -skip_next_test -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->O: resumption with early data" \ - "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -s "decrypted early data with length:" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS -run_test "TLS 1.3 m->G: resumption fails, no ticket support" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -C "Reconnecting with saved session... ok" \ - -c "Ignore NewSessionTicket, not supported." - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption with early data" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -s "decrypted early data with length:" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -s "decrypted early data with length:" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -C "received max_early_data_size: 16384" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -# https://github.com/openssl/openssl/issues/10714 -# Until now, OpenSSL client does not support reconnect. -skip_next_test -run_test "TLS 1.3 O->m: resumption" \ - "$P_SRV debug_level=2 tickets=1" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption" \ - "$P_SRV debug_level=2 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -# Test the session resumption when the cipher suite for the original session is -# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not -# 256 bits long as with all the other TLS 1.3 cipher suites. -run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=2 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" - -EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) -EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption with early data" \ - "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "$( head -1 $EARLY_DATA_INPUT )" \ - -s "$( tail -1 $EARLY_DATA_INPUT )" \ - -s "200 early data bytes read" \ - -s "106 early data bytes read" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ - -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "$( head -1 $EARLY_DATA_INPUT )" \ - -s "$( tail -1 $EARLY_DATA_INPUT )" \ - -s "200 early data bytes read" \ - -s "106 early data bytes read" - -# The Mbed TLS server does not allow early data for the ticket it sends but -# the GnuTLS indicates early data anyway when resuming with the ticket and -# sends early data. The Mbed TLS server does not expect early data in -# association with the ticket thus it eventually fails the resumption -# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 -# specification and thus its behavior may change in following versions. -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \ - "$P_SRV debug_level=4 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 1 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EarlyData: rejected, feature disabled in server configuration." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -s "EarlyData: deprotect and discard app data records" \ - -s "EarlyData: Too much early data received" - -# The Mbed TLS server does not allow early data for the ticket it sends but -# the GnuTLS indicates early data anyway when resuming with the ticket and -# sends early data. The Mbed TLS server does not expect early data in -# association with the ticket thus it eventually fails the resumption -# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 -# specification and thus its behavior may change in following versions. -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \ - "$P_SRV debug_level=4 tickets=1 early_data=0" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 1 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EarlyData: rejected, feature disabled in server configuration." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -s "EarlyData: deprotect and discard app data records" \ - -s "EarlyData: Too much early data received" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ - "$P_SRV debug_level=4 tickets=1 early_data=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." - -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ - "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \ - "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \ - 0 \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk" \ - -s "found matched identity" \ - -s "EarlyData: rejected, not a session resumption" \ - -C "EncryptedExtensions: early_data(42) extension exists." diff --git a/tests/psa-client-server/README.md b/tests/psa-client-server/README.md deleted file mode 100644 index e6d9c873b..000000000 --- a/tests/psa-client-server/README.md +++ /dev/null @@ -1,6 +0,0 @@ -### PSA Crypto Client-Server Testing - -Everything in this directory should currently be considered experimental. We are adding features and extending CI support for it. - -Once stable, of production quality, and being tested by the CI, it will eventually be migrated into -the [MbedTLS framework repository](https://github.com/Mbed-TLS/mbedtls-framework). diff --git a/tests/psa-client-server/psasim/.gitignore b/tests/psa-client-server/psasim/.gitignore deleted file mode 100644 index 4065abf77..000000000 --- a/tests/psa-client-server/psasim/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -bin/* -*.o -*.so -test/psa_ff_bootstrap.c -test/psa_manifest/* -test/client -test/partition -cscope.out -*.orig -*.swp -*.DS_Store -*psa_ff_bootstrap_* diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile deleted file mode 100644 index ec6691f42..000000000 --- a/tests/psa-client-server/psasim/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L - -ifeq ($(DEBUG),1) -override CFLAGS += -DDEBUG -O0 -g -endif - -CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto -SERVER_LIBS := -Lserver_libs -lmbedcrypto - -MBEDTLS_ROOT_PATH = ../../.. -COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \ - -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - -GENERATED_H_FILES = include/psa_manifest/manifest.h \ - include/psa_manifest/pid.h \ - include/psa_manifest/sid.h - -LIBPSACLIENT_SRC = src/psa_ff_client.c \ - src/psa_sim_crypto_client.c \ - src/psa_sim_serialise.c -LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o) - -PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c - -PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \ - $(wildcard src/aut_*.c) - -PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c - -PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ - src/psa_ff_server.c \ - src/psa_sim_crypto_server.c \ - src/psa_sim_serialise.c - -.PHONY: all clean client_libs server_libs - -all: - -test/seedfile: - dd if=/dev/urandom of=./test/seedfile bs=64 count=1 - -src/%.o: src/%.c $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@ - -client_libs/libpsaclient: $(LIBPSACLIENT_OBJS) - mkdir -p client_libs - $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS) - -test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ - -test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ - -test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@ - -$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c - tools/psa_autogen.py src/manifest.json - -# Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to -# build client/server applications. -# -# Note: these rules assume that mbedtls_config.h is already configured by all.sh. -# If not using all.sh then the user must do it manually. -client_libs: client_libs/libpsaclient -client_libs server_libs: - $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a - mkdir -p $@ - cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/ - -clean_server_intermediate_files: - rm -f $(PARTITION_SERVER_BOOTSTRAP) - rm -rf include/psa_manifest - -clean: clean_server_intermediate_files - rm -f test/psa_client_base test/psa_client_full test/psa_server - rm -rf client_libs server_libs - rm -f test/psa_service_* test/psa_notify_* test/*.log - rm -f test/seedfile diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md deleted file mode 100644 index 1b950d6b1..000000000 --- a/tests/psa-client-server/psasim/README.md +++ /dev/null @@ -1,61 +0,0 @@ -# psasim - -This tool simulates a PSA Firmware Framework implementation. -It allows you to develop secure partitions and their clients on a desktop computer. -It should be able to run on all systems that support POSIX and System V IPC: -e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2. - -Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular: - -* This simulator is not intended to pass or demonstrate compliance. -* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients. - -## Building - -To build and run the test program make sure you have `make`, `python` and a -C compiler installed and then enter the following commands: - -```sh -make run -``` - -Optionally the `DEBUG=1` command line option can be enabled to increase verbosity: - -```sh -make DEBUG=1 run -``` - -Once done with the test, it is possible to clean all the generated files with: - -```sh -make clean -``` - -## Features - -The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress: - -* `psa_notify` support -* "strict" policy in manifest - -The only supported "interrupts" are POSIX signals, which act -as a "virtual interrupt". - -The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc). - -## Design - -The code is designed to be readable rather than fast or secure. -In this implementation only one message is delivered to a -RoT service at a time. -The code is not thread-safe. - -## Unsupported features - -Because this is a simulator there are a few things that -can't be reasonably emulated: - -* Manifest MMIO regions are unsupported -* Manifest priority field is ignored -* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime, - making it infeasible to populate pid.h with correct values. diff --git a/tests/psa-client-server/psasim/include/client.h b/tests/psa-client-server/psasim/include/client.h deleted file mode 100644 index d48498e68..000000000 --- a/tests/psa-client-server/psasim/include/client.h +++ /dev/null @@ -1,75 +0,0 @@ -/* PSA Firmware Framework client header for psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef __PSA_CLIENT_H__ -#define __PSA_CLIENT_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -#include "psa/crypto.h" - -#include "error_ext.h" -/*********************** PSA Client Macros and Types *************************/ - -#define PSA_FRAMEWORK_VERSION (0x0100) - -#define PSA_VERSION_NONE (0) - -/* PSA response types */ -#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED -#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY -#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR - -/* PSA message handles */ -#define PSA_NULL_HANDLE ((psa_handle_t) 0) - -#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0) -#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle)) - -/** - * A read-only input memory region provided to an RoT Service. - */ -typedef struct psa_invec { - const void *base; - size_t len; -} psa_invec; - -/** - * A writable output memory region provided to an RoT Service. - */ -typedef struct psa_outvec { - void *base; - size_t len; -} psa_outvec; - -/*************************** PSA Client API **********************************/ - -uint32_t psa_framework_version(void); - -uint32_t psa_version(uint32_t sid); - -psa_handle_t psa_connect(uint32_t sid, uint32_t version); - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len); - -void psa_close(psa_handle_t handle); - -#ifdef __cplusplus -} -#endif - -#endif /* __PSA_CLIENT_H__ */ diff --git a/tests/psa-client-server/psasim/include/common.h b/tests/psa-client-server/psasim/include/common.h deleted file mode 100644 index ee5b5a378..000000000 --- a/tests/psa-client-server/psasim/include/common.h +++ /dev/null @@ -1,52 +0,0 @@ -/* Common definitions used for clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef _COMMON_H_ -#define _COMMON_H_ - -#include -#include - -/* Increasing this might break on some platforms */ -#define MAX_FRAGMENT_SIZE 200 - -#define CONNECT_REQUEST 1 -#define CALL_REQUEST 2 -#define CLOSE_REQUEST 3 -#define VERSION_REQUEST 4 -#define READ_REQUEST 5 -#define READ_RESPONSE 6 -#define WRITE_REQUEST 7 -#define WRITE_RESPONSE 8 -#define SKIP_REQUEST 9 -#define PSA_REPLY 10 - -#define NON_SECURE (1 << 30) - -typedef int32_t psa_handle_t; - -#define PSA_MAX_IOVEC (4u) - -#define PSA_IPC_CALL (0) - -struct message_text { - int qid; - int32_t psa_type; - char buf[MAX_FRAGMENT_SIZE]; -}; - -struct message { - long message_type; - struct message_text message_text; -}; - -typedef struct vector_sizes { - size_t invec_sizes[PSA_MAX_IOVEC]; - size_t outvec_sizes[PSA_MAX_IOVEC]; -} vector_sizes_t; - -#endif /* _COMMON_H_ */ diff --git a/tests/psa-client-server/psasim/include/error_ext.h b/tests/psa-client-server/psasim/include/error_ext.h deleted file mode 100644 index 6c82b8a72..000000000 --- a/tests/psa-client-server/psasim/include/error_ext.h +++ /dev/null @@ -1,19 +0,0 @@ -/* PSA status codes used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_ERROR_H -#define PSA_ERROR_H - -#include - -#include "common.h" - -#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) -#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) -#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) - -#endif diff --git a/tests/psa-client-server/psasim/include/init.h b/tests/psa-client-server/psasim/include/init.h deleted file mode 100644 index de95d905c..000000000 --- a/tests/psa-client-server/psasim/include/init.h +++ /dev/null @@ -1,15 +0,0 @@ -/* Declarations of internal functions. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -void raise_signal(psa_signal_t signal); -void __init_psasim(const char **array, - int size, - const int allow_ns_clients_array[32], - const uint32_t versions[32], - const int strict_policy_array[32]); diff --git a/tests/psa-client-server/psasim/include/lifecycle.h b/tests/psa-client-server/psasim/include/lifecycle.h deleted file mode 100644 index 1148397a8..000000000 --- a/tests/psa-client-server/psasim/include/lifecycle.h +++ /dev/null @@ -1,17 +0,0 @@ -/* PSA lifecycle states used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u) -#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu) -#define PSA_LIFECYCLE_UNKNOWN (0x0000u) -#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u) -#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u) -#define PSA_LIFECYCLE_SECURED (0x3000u) -#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u) -#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u) -#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u) -#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN diff --git a/tests/psa-client-server/psasim/include/service.h b/tests/psa-client-server/psasim/include/service.h deleted file mode 100644 index cbcb918cb..000000000 --- a/tests/psa-client-server/psasim/include/service.h +++ /dev/null @@ -1,253 +0,0 @@ -/* PSA Firmware Framework service header for psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef __PSA_SERVICE_H__ -#define __PSA_SERVICE_H__ - -#ifdef __cplusplus -extern "C" { -#endif -#include -#include -#include - -#include "common.h" - -#include "psa/crypto.h" - -/********************** PSA Secure Partition Macros and Types ****************/ - -/* PSA wait timeouts */ -#define PSA_POLL (0x00000000u) -#define PSA_BLOCK (0x80000000u) - -/* A mask value that includes all Secure Partition signals */ -#define PSA_WAIT_ANY (~0u) - -/* Doorbell signal */ -#define PSA_DOORBELL (0x00000008u) - -/* PSA message types */ -#define PSA_IPC_CONNECT (-1) -#define PSA_IPC_DISCONNECT (-2) - -/* Return code from psa_get() */ -#define PSA_ERR_NOMSG (INT32_MIN + 3) - -/* Store a set of one or more Secure Partition signals */ -typedef uint32_t psa_signal_t; - -/** - * Describe a message received by an RoT Service after calling \ref psa_get(). - */ -typedef struct psa_msg_t { - uint32_t type; /* One of the following values: - * \ref PSA_IPC_CONNECT - * \ref PSA_IPC_CALL - * \ref PSA_IPC_DISCONNECT - */ - psa_handle_t handle; /* A reference generated by the SPM to the - * message returned by psa_get(). - */ - int32_t client_id; /* Partition ID of the sender of the message */ - void *rhandle; /* Be useful for binding a connection to some - * application-specific data or function - * pointer within the RoT Service - * implementation. - */ - size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input - * vector in bytes. - */ - size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output - * vector in bytes. - */ -} psa_msg_t; - -/************************* PSA Secure Partition API **************************/ - -/** - * \brief Return the Secure Partition interrupt signals that have been asserted - * from a subset of signals provided by the caller. - * - * \param[in] signal_mask A set of signals to query. Signals that are not - * in this set will be ignored. - * \param[in] timeout Specify either blocking \ref PSA_BLOCK or - * polling \ref PSA_POLL operation. - * - * \retval >0 At least one signal is asserted. - * \retval 0 No signals are asserted. This is only seen when - * a polling timeout is used. - */ -psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout); - -/** - * \brief Retrieve the message which corresponds to a given RoT Service signal - * and remove the message from the RoT Service queue. - * - * \param[in] signal The signal value for an asserted RoT Service. - * \param[out] msg Pointer to \ref psa_msg_t object for receiving - * the message. - * - * \retval PSA_SUCCESS Success, *msg will contain the delivered - * message. - * \retval PSA_ERR_NOMSG Message could not be delivered. - * \retval "Does not return" The call is invalid because one or more of the - * following are true: - * \arg signal has more than a single bit set. - * \arg signal does not correspond to an RoT Service. - * \arg The RoT Service signal is not currently - * asserted. - * \arg The msg pointer provided is not a valid memory - * reference. - */ -psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg); - -/** - * \brief Associate some RoT Service private data with a client connection. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] rhandle Reverse handle allocated by the RoT Service. - * - * \retval void Success, rhandle will be provided with all - * subsequent messages delivered on this - * connection. - * \retval "Does not return" msg_handle is invalid. - */ -void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); - -/** - * \brief Read a message parameter or part of a message parameter from a client - * input vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] invec_idx Index of the input vector to read from. Must be - * less than \ref PSA_MAX_IOVEC. - * \param[out] buffer Buffer in the Secure Partition to copy the - * requested data to. - * \param[in] num_bytes Maximum number of bytes to be read from the - * client input vector. - * - * \retval >0 Number of bytes copied. - * \retval 0 There was no remaining data in this input - * vector. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg invec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - * \arg the memory reference for buffer is invalid or - * not writable. - */ -size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, - void *buffer, size_t num_bytes); - -/** - * \brief Skip over part of a client input vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] invec_idx Index of input vector to skip from. Must be - * less than \ref PSA_MAX_IOVEC. - * \param[in] num_bytes Maximum number of bytes to skip in the client - * input vector. - * - * \retval >0 Number of bytes skipped. - * \retval 0 There was no remaining data in this input - * vector. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg invec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - */ -size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes); - -/** - * \brief Write a message response to a client output vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[out] outvec_idx Index of output vector in message to write to. - * Must be less than \ref PSA_MAX_IOVEC. - * \param[in] buffer Buffer with the data to write. - * \param[in] num_bytes Number of bytes to write to the client output - * vector. - * - * \retval void Success - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg outvec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - * \arg The memory reference for buffer is invalid. - * \arg The call attempts to write data past the end - * of the client output vector. - */ -void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, - const void *buffer, size_t num_bytes); - -/** - * \brief Complete handling of a specific message and unblock the client. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] status Message result value to be reported to the - * client. - * - * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg An invalid status code is specified for the - * type of message. - */ -void psa_reply(psa_handle_t msg_handle, psa_status_t status); - -/** - * \brief Send a PSA_DOORBELL signal to a specific Secure Partition. - * - * \param[in] partition_id Secure Partition ID of the target partition. - * - * \retval void Success. - * \retval "Does not return" partition_id does not correspond to a Secure - * Partition. - */ -void psa_notify(int32_t partition_id); - -/** - * \brief Clear the PSA_DOORBELL signal. - * - * \retval void Success. - * \retval "Does not return" The Secure Partition's doorbell signal is not - * currently asserted. - */ -void psa_clear(void); - -/** - * \brief Inform the SPM that an interrupt has been handled (end of interrupt). - * - * \param[in] irq_signal The interrupt signal that has been processed. - * - * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg irq_signal is not an interrupt signal. - * \arg irq_signal indicates more than one signal. - * \arg irq_signal is not currently asserted. - */ -void psa_eoi(psa_signal_t irq_signal); - -#define psa_panic(X) abort(); - -#ifdef __cplusplus -} -#endif - -#endif /* __PSA_SERVICE_H__ */ diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h deleted file mode 100644 index 5eb8238c5..000000000 --- a/tests/psa-client-server/psasim/include/util.h +++ /dev/null @@ -1,31 +0,0 @@ -/* Common definitions used for clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "service.h" - -#define PRINT(fmt, ...) \ - fprintf(stdout, fmt "\n", ##__VA_ARGS__) - -#if defined(DEBUG) -#define INFO(fmt, ...) \ - fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) -#else /* !DEBUG */ -#define INFO(...) -#endif /* DEBUG*/ - -#define ERROR(fmt, ...) \ - fprintf(stderr, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) - -#define FATAL(fmt, ...) \ - { \ - fprintf(stderr, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ - abort(); \ - } - -#define PROJECT_ID 'M' -#define PATHNAMESIZE 256 -#define TMP_FILE_BASE_PATH "./" diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c deleted file mode 100644 index ed198790c..000000000 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ /dev/null @@ -1,71 +0,0 @@ -/** - * This is the base AUT that exectues all other AUTs meant to test PSA APIs - * through PSASIM. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#include "mbedtls/build_info.h" - -#include "psa/crypto.h" - -#include -#include -#include - -int psa_hash_compute_main(void); -int psa_hash_main(void); -int psa_aead_encrypt_main(char *cipher_name); -int psa_aead_encrypt_decrypt_main(void); -int psa_cipher_encrypt_decrypt_main(void); -int psa_asymmetric_encrypt_decrypt_main(void); -int psa_random_main(void); -int psa_mac_main(void); -int psa_key_agreement_main(void); -int psa_sign_verify_main(void); -int psa_hkdf_main(void); - -#define TEST_MODULE(main_func) \ - do { \ - char title[128] = { 0 }; \ - char separator[128] = { 0 }; \ - int title_len = snprintf(title, sizeof(title), "=== Test: %s ===", #main_func); \ - memset(separator, '=', title_len); \ - printf("%s\n%s\n%s\n", separator, title, separator); \ - ret = main_func; \ - if (ret != 0) { \ - goto exit; \ - } \ - } while (0) - -int main() -{ - int ret; - - TEST_MODULE(psa_hash_compute_main()); - TEST_MODULE(psa_hash_main()); - - TEST_MODULE(psa_aead_encrypt_main("aes128-gcm")); - TEST_MODULE(psa_aead_encrypt_main("aes256-gcm")); - TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8")); - TEST_MODULE(psa_aead_encrypt_main("chachapoly")); - TEST_MODULE(psa_aead_encrypt_decrypt_main()); - TEST_MODULE(psa_cipher_encrypt_decrypt_main()); - TEST_MODULE(psa_asymmetric_encrypt_decrypt_main()); - - TEST_MODULE(psa_random_main()); - - TEST_MODULE(psa_mac_main()); - TEST_MODULE(psa_key_agreement_main()); - TEST_MODULE(psa_sign_verify_main()); - TEST_MODULE(psa_hkdf_main()); - -exit: - return (ret != 0) ? 1 : 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c deleted file mode 100644 index 64463f57f..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "psa/crypto.h" - -#include -#include -#include - -const char usage[] = - "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run a PSA function and bail out if it fails. - * The symbolic name of the error code can be recovered using: - * programs/psa/psa_constant_name status */ -#define PSA_CHECK(expr) \ - do \ - { \ - status = (expr); \ - if (status != PSA_SUCCESS) \ - { \ - printf("Error %d at line %d: %s\n", \ - (int) status, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } \ - while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: key and algorithm, which together hold all the information - */ -static psa_status_t aead_prepare(const char *info, - psa_key_id_t *key, - psa_algorithm_t *alg) -{ - psa_status_t status; - - /* Convert arg to alg + key_bits + key_type */ - size_t key_bits; - psa_key_type_t key_type; - if (strcmp(info, "aes128-gcm") == 0) { - *alg = PSA_ALG_GCM; - key_bits = 128; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "aes256-gcm") == 0) { - *alg = PSA_ALG_GCM; - key_bits = 256; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8); - key_bits = 128; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "chachapoly") == 0) { - *alg = PSA_ALG_CHACHA20_POLY1305; - key_bits = 256; - key_type = PSA_KEY_TYPE_CHACHA20; - } else { - puts(usage); - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Prepare key attributes */ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, *alg); - psa_set_key_type(&attributes, key_type); - psa_set_key_bits(&attributes, key_bits); // optional - - /* Import key */ - PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key)); - -exit: - return status; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (key, alg). - */ -static void aead_info(psa_key_id_t key, psa_algorithm_t alg) -{ - psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; - (void) psa_get_key_attributes(key, &attr); - psa_key_type_t key_type = psa_get_key_type(&attr); - size_t key_bits = psa_get_key_bits(&attr); - psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); - - const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES" - : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha" - : "???"; - const char *base_str = base_alg == PSA_ALG_GCM ? "GCM" - : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly" - : "???"; - - printf("%s, %u, %s, %u\n", - type_str, (unsigned) key_bits, base_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - psa_status_t status; - size_t olen, olen_tag; - unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)]; - unsigned char *p = out, *end = out + sizeof(out); - unsigned char tag[PSA_AEAD_TAG_MAX_SIZE]; - - psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT; - PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg)); - - PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len)); - PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len)); - PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen)); - p += olen; - PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen)); - p += olen; - PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen, - tag, sizeof(tag), &olen_tag)); - p += olen; - memcpy(p, tag, olen_tag); - p += olen_tag; - - olen = p - out; - print_buf("out", out, olen); - -exit: - psa_aead_abort(&op); // required on errors, harmless on success - return status; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static psa_status_t aead_demo(const char *info) -{ - psa_status_t status; - - psa_key_id_t key; - psa_algorithm_t alg; - - PSA_CHECK(aead_prepare(info, &key, &alg)); - - aead_info(key, alg); - - PSA_CHECK(aead_encrypt(key, alg, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - PSA_CHECK(aead_encrypt(key, alg, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - psa_destroy_key(key); - - return status; -} - -/* - * Main function - */ -int psa_aead_encrypt_main(char *cipher_name) -{ - psa_status_t status = PSA_SUCCESS; - - /* Initialize the PSA crypto library. */ - PSA_CHECK(psa_crypto_init()); - - /* Run the demo */ - PSA_CHECK(aead_demo(cipher_name)); - - /* Deinitialize the PSA crypto library. */ - mbedtls_psa_crypto_free(); - -exit: - return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c deleted file mode 100644 index ca090ccc6..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#define BUFFER_SIZE 500 - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_aead_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t plaintext[] = "Hello World!"; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; - size_t nonce_length = sizeof(nonce); - size_t ciphertext_length; - size_t plaintext_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_CCM); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 256); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(nonce, nonce_length); - if (status != PSA_SUCCESS) { - printf("psa_generate_random failed\n"); - return EXIT_FAILURE; - } - - status = psa_aead_encrypt(key_id, // key - PSA_ALG_CCM, // algorithm - nonce, nonce_length, // nonce - NULL, 0, // additional data - plaintext, sizeof(plaintext), // plaintext - encrypt, sizeof(encrypt), // ciphertext - &ciphertext_length); // length of output - if (status != PSA_SUCCESS) { - printf("psa_aead_encrypt failed\n"); - return EXIT_FAILURE; - } - - printf("AES-CCM encryption:\n"); - printf("- Plaintext: '%s':\n", plaintext); - printf("- Key: "); - print_bytestr(key_bytes, sizeof(key_bytes)); - printf("\n- Nonce: "); - print_bytestr(nonce, nonce_length); - printf("\n- No additional data\n"); - printf("- Ciphertext:\n"); - - for (size_t j = 0; j < ciphertext_length; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", encrypt[j]); - } - - printf("\n"); - - status = psa_aead_decrypt(key_id, // key - PSA_ALG_CCM, // algorithm - nonce, nonce_length, // nonce - NULL, 0, // additional data - encrypt, ciphertext_length, // ciphertext - decrypt, sizeof(decrypt), // plaintext - &plaintext_length); // length of output - if (status != PSA_SUCCESS) { - printf("psa_aead_decrypt failed\n"); - return EXIT_FAILURE; - } - - if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c deleted file mode 100644 index 02d8cf486..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#define KEY_BITS 4096 -#define BUFFER_SIZE PSA_BITS_TO_BYTES(KEY_BITS) - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_asymmetric_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t original[BUFFER_SIZE/2] = { 0 }; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - size_t encrypted_length; - size_t decrypted_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(original, sizeof(original)); - if (status != PSA_SUCCESS) { - printf("psa_generate_random() failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); - psa_set_key_bits(&attributes, KEY_BITS); - - status = psa_generate_key(&attributes, &key_id); - if (status != PSA_SUCCESS) { - printf("psa_generate_key failed (%d)\n", status); - return EXIT_FAILURE; - } - - status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, - original, sizeof(original), NULL, 0, - encrypt, sizeof(encrypt), &encrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_asymmetric_encrypt failed (%d)\n", status); - return EXIT_FAILURE; - } - - status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, - encrypt, encrypted_length, NULL, 0, - decrypt, sizeof(decrypt), &decrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_decrypt failed (%d)\n", status); - return EXIT_FAILURE; - } - - if (memcmp(original, decrypt, sizeof(original)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c deleted file mode 100644 index a923feb61..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#define BUFFER_SIZE 4096 - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_cipher_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t original[BUFFER_SIZE] = { 0 }; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - size_t encrypted_length; - size_t decrypted_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(original, sizeof(original)); - if (status != PSA_SUCCESS) { - printf("psa_generate_random() failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 256); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, - original, sizeof(original), - encrypt, sizeof(encrypt), &encrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_encrypt failed\n"); - return EXIT_FAILURE; - } - - status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING, - encrypt, encrypted_length, - decrypt, sizeof(decrypt), &decrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_decrypt failed\n"); - return EXIT_FAILURE; - } - - if (memcmp(original, decrypt, sizeof(original)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c deleted file mode 100644 index b429c0bc5..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hash.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define HASH_ALG PSA_ALG_SHA_256 - -static const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -static const size_t sample_message_length = sizeof(sample_message) - 1; - -#define EXPECTED_HASH_VALUE { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -static const size_t expected_hash_len = sizeof(expected_hash); - -int psa_hash_main(void) -{ - psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_length; - psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT; - - mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - /* Compute hash using multi-part operation */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_printf("unknown hash algorithm supplied\n"); - return EXIT_FAILURE; - } else if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_setup failed\n"); - return EXIT_FAILURE; - } - - status = psa_hash_update(&hash_operation, sample_message, sample_message_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_update failed\n"); - goto cleanup; - } - - status = psa_hash_clone(&hash_operation, &cloned_hash_operation); - if (status != PSA_SUCCESS) { - mbedtls_printf("PSA hash clone failed\n"); - goto cleanup; - } - - status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_finish failed\n"); - goto cleanup; - } - - /* Check the result of the operation against the sample */ - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - status = - psa_hash_verify(&cloned_hash_operation, expected_hash, - expected_hash_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_verify failed\n"); - goto cleanup; - } else { - mbedtls_printf("Multi-part hash operation successful!\n"); - } - - /* A bit of white-box testing: ensure that we can abort an operation more - * times than there are operation slots on the simulator server. - */ - for (int i = 0; i < 200; i++) { - /* This should be a no-op */ - status = psa_hash_abort(&hash_operation); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_abort failed\n"); - goto cleanup; - } - } - - /* Compute hash using multi-part operation using the same operation struct */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_printf("unknown hash algorithm supplied\n"); - goto cleanup; - } else if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_setup failed: %d\n", status); - goto cleanup; - } - - status = psa_hash_update(&hash_operation, sample_message, sample_message_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_update failed\n"); - goto cleanup; - } - - /* Don't use psa_hash_finish() when going to check against an expected result */ - status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_verify failed: %d\n", status); - goto cleanup; - } else { - mbedtls_printf("Second multi-part hash operation successful!\n"); - } - - /* Clear local variables prior to one-shot hash demo */ - memset(hash, 0, sizeof(hash)); - hash_length = 0; - - /* Compute hash using one-shot function call */ - status = psa_hash_compute(HASH_ALG, - sample_message, sample_message_length, - hash, sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_compute failed\n"); - goto cleanup; - } - - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - mbedtls_printf("One-shot hash operation successful!\n\n"); - - /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - - for (size_t j = 0; j < expected_hash_len; j++) { - mbedtls_printf("%02x", hash[j]); - } - - mbedtls_printf("\n"); - - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; - -cleanup: - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c deleted file mode 100644 index 959e0c38a..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define HASH_ALG PSA_ALG_SHA_256 - -static const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -static const size_t sample_message_length = sizeof(sample_message) - 1; - -#define EXPECTED_HASH_VALUE { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -static const size_t expected_hash_len = sizeof(expected_hash); - -int psa_hash_compute_main(void) -{ - psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_length; - - mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - /* Clear local variables prior to one-shot hash demo */ - memset(hash, 0, sizeof(hash)); - hash_length = 0; - - /* Compute hash using one-shot function call */ - status = psa_hash_compute(HASH_ALG, - sample_message, sample_message_length, - hash, sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_compute failed\n"); - goto cleanup; - } - - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - mbedtls_printf("One-shot hash operation successful!\n\n"); - - /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - - for (size_t j = 0; j < expected_hash_len; j++) { - mbedtls_printf("%02x", hash[j]); - } - - mbedtls_printf("\n"); - - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; - -cleanup: - return EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c deleted file mode 100644 index 891fdb3f9..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include -#include "mbedtls/build_info.h" - -int psa_hkdf_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - - /* Example test vector from RFC 5869 */ - - /* Input keying material (IKM) */ - unsigned char ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - unsigned char salt[] = - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; - - /* Context and application specific information, which can be of zero length */ - unsigned char info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; - - /* Expected OKM based on the RFC 5869-provided test vector */ - unsigned char expected_okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, - 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, - 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, - 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 }; - - /* The output size of the HKDF function depends on the hash function used. - * In our case we use SHA-256, which produces a 32 byte fingerprint. - * Therefore, we allocate a buffer of 32 bytes to hold the output keying - * material (OKM). - */ - unsigned char output[32]; - - psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); - - printf("PSA Crypto API: HKDF SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&attributes, ikm, sizeof(ikm), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_setup(&operation, alg); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_setup failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT, - salt, sizeof(salt)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_bytes (salt) failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SECRET, - key_id); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_key failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_INFO, - info, sizeof(info)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_bytes (info) failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_output_bytes(&operation, output, sizeof(output)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_output_bytes failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_abort(&operation); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_abort failed"); - return EXIT_FAILURE; - } - - printf("OKM: \n"); - - for (size_t j = 0; j < sizeof(output); j++) { - if (output[j] != expected_okm[j]) { - printf("\n --- Unexpected outcome!\n"); - return EXIT_FAILURE; - } - - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", output[j]); - } - - printf("\n"); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c deleted file mode 100644 index 4a0aab147..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "psa/crypto.h" -#include -#include -#include -#include "mbedtls/build_info.h" -#include "mbedtls/debug.h" -#include "mbedtls/platform.h" - -#define BUFFER_SIZE 500 - -#define SERVER_PK_VALUE { \ - 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, \ - 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, 0xa1, \ - 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, \ - 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, \ - 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5, 0xb9, \ - 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, \ - 0xb6, 0x98, 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, \ - 0xf3, 0x20 \ -} - -#define KEY_BITS 256 - -int psa_key_agreement_main(void) -{ - psa_status_t status; - psa_key_attributes_t client_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t server_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t client_key_id = 0; - psa_key_id_t server_key_id = 0; - uint8_t client_pk[BUFFER_SIZE] = { 0 }; - size_t client_pk_len; - size_t key_bits; - psa_key_type_t key_type; - - const uint8_t server_pk[] = SERVER_PK_VALUE; - uint8_t derived_key[BUFFER_SIZE] = { 0 }; - size_t derived_key_len; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&client_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&client_attributes, PSA_ALG_ECDH); - psa_set_key_type(&client_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - psa_set_key_bits(&client_attributes, KEY_BITS); - - /* Generate ephemeral key pair */ - status = psa_generate_key(&client_attributes, &client_key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_generate_key failed\n"); - return EXIT_FAILURE; - } - status = psa_export_public_key(client_key_id, - client_pk, sizeof(client_pk), - &client_pk_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_export_public_key failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Client Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", client_pk_len); - - for (size_t j = 0; j < client_pk_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", client_pk[j]); - } - mbedtls_printf("\n\n"); - - psa_set_key_usage_flags(&server_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm(&server_attributes, PSA_ALG_ECDSA_ANY); - psa_set_key_type(&server_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); - - /* Import server public key */ - status = psa_import_key(&server_attributes, server_pk, sizeof(server_pk), &server_key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_get_key_attributes(server_key_id, &check_attributes); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_get_key_attributes failed\n"); - return EXIT_FAILURE; - } - - key_bits = psa_get_key_bits(&check_attributes); - if (key_bits != 256) { - mbedtls_printf("Incompatible key size!\n"); - return EXIT_FAILURE; - } - - key_type = psa_get_key_type(&check_attributes); - if (key_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) { - mbedtls_printf("Unsupported key type!\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Server Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", sizeof(server_pk)); - - for (size_t j = 0; j < sizeof(server_pk); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", server_pk[j]); - } - mbedtls_printf("\n\n"); - - /* Generate ECDHE derived key */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, // algorithm - client_key_id, // client secret key - server_pk, sizeof(server_pk), // server public key - derived_key, sizeof(derived_key), // buffer to store derived key - &derived_key_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_raw_key_agreement failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Derived Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", derived_key_len); - - for (size_t j = 0; j < derived_key_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", derived_key[j]); - } - mbedtls_printf("\n"); - - psa_destroy_key(server_key_id); - psa_destroy_key(client_key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_mac.c b/tests/psa-client-server/psasim/src/aut_psa_mac.c deleted file mode 100644 index 18b4b571a..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_mac.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" - -/* constant-time buffer comparison */ -static inline int safer_memcmp(const void *a, const void *b, size_t n) -{ - size_t i; - volatile const unsigned char *A = (volatile const unsigned char *) a; - volatile const unsigned char *B = (volatile const unsigned char *) b; - volatile unsigned char diff = 0; - - for (i = 0; i < n; i++) { - /* Read volatile data in order before computing diff. - * This avoids IAR compiler warning: - * 'the order of volatile accesses is undefined ..' */ - unsigned char x = A[i], y = B[i]; - diff |= x ^ y; - } - - return diff; -} - - -int psa_mac_main(void) -{ - uint8_t input[] = "Hello World!"; - psa_status_t status; - size_t mac_size_real = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t mac[PSA_MAC_MAX_SIZE]; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - const uint8_t key_bytes[16] = "kkkkkkkkkkkkkkkk"; - const uint8_t mbedtls_test_hmac_sha256[] = { - 0xae, 0x72, 0x34, 0x5a, 0x10, 0x36, 0xfb, 0x71, - 0x35, 0x3c, 0x7d, 0x6c, 0x81, 0x98, 0x52, 0x86, - 0x00, 0x4a, 0x43, 0x7c, 0x2d, 0xb3, 0x1a, 0xd8, - 0x67, 0xb1, 0xad, 0x11, 0x4d, 0x18, 0x49, 0x8b - }; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE | - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Single-part MAC operation with psa_mac_compute() */ - status = psa_mac_compute(key_id, - PSA_ALG_HMAC(PSA_ALG_SHA_256), - input, - sizeof(input), - mac, - sizeof(mac), - &mac_size_real); - if (status != PSA_SUCCESS) { - printf("psa_mac_compute failed\n"); - return EXIT_FAILURE; - } - - printf("HMAC-SHA-256(%s) with psa_mac_compute():\n", input); - - for (size_t j = 0; j < mac_size_real; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", mac[j]); - } - - printf("\n"); - - if (safer_memcmp(mac, - mbedtls_test_hmac_sha256, - mac_size_real - ) != 0) { - printf("\nMAC verified incorrectly!\n"); - } else { - printf("\nMAC verified correctly!\n"); - } - - psa_destroy_key(key_id); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Single-part MAC operation with psa_mac_verify() */ - status = psa_mac_verify(key_id, - PSA_ALG_HMAC(PSA_ALG_SHA_256), - input, - sizeof(input), - mbedtls_test_hmac_sha256, - sizeof(mbedtls_test_hmac_sha256)); - if (status != PSA_SUCCESS) { - printf("psa_mac_verify failed\n"); - return EXIT_FAILURE; - } else { - printf("psa_mac_verify passed successfully\n"); - } - - psa_destroy_key(key_id); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Multi-part MAC operation */ - status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256)); - if (status != PSA_SUCCESS) { - printf("psa_mac_sign_setup failed\n"); - return EXIT_FAILURE; - } - - status = psa_mac_update(&operation, input, sizeof(input)); - if (status != PSA_SUCCESS) { - printf("psa_mac_update failed\n"); - return EXIT_FAILURE; - } - - status = psa_mac_sign_finish(&operation, mac, sizeof(mac), &mac_size_real); - if (status != PSA_SUCCESS) { - printf("psa_mac_sign_finish failed\n"); - return EXIT_FAILURE; - } - - if (safer_memcmp(mac, - mbedtls_test_hmac_sha256, - mac_size_real - ) != 0) { - printf("MAC, calculated with multi-part MAC operation, verified incorrectly!\n"); - } else { - printf("MAC, calculated with multi-part MAC operation, verified correctly!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c deleted file mode 100644 index 5880c4deb..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_random.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include -#include -#include -#include - -#include "mbedtls/entropy.h" - -#define BUFFER_SIZE 100 - -int psa_random_main(void) -{ - psa_status_t status; - uint8_t output[BUFFER_SIZE] = { 0 }; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(output, BUFFER_SIZE); - if (status != PSA_SUCCESS) { - printf("psa_generate_random failed\n"); - return EXIT_FAILURE; - } - - printf("Random bytes generated:\n"); - - for (size_t j = 0; j < BUFFER_SIZE; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", output[j]); - } - - printf("\n"); - - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c deleted file mode 100644 index 98df9e516..000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define KEY_BYTES_VALUE { \ - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, \ - 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, \ - 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee \ -} - -#define PLAINTEXT_VALUE "Hello World!" - -/* SHA-256(plaintext) */ -#define HASH_VALUE { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ -} - -int psa_sign_verify_main(void) -{ - psa_status_t status; - psa_key_id_t key_id = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t signature_length; - const uint8_t key_bytes[] = KEY_BYTES_VALUE; - const uint8_t plaintext[] = PLAINTEXT_VALUE; - const uint8_t hash[] = HASH_VALUE; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_sign_hash(key_id, // key handle - PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm - hash, sizeof(hash), // hash of the message - signature, sizeof(signature), // signature (as output) - &signature_length); // length of signature output - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_sign_hash failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("ECDSA-SHA256 signature of SHA-256('%s'):\n", plaintext); - - for (size_t j = 0; j < signature_length; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", signature[j]); - } - - mbedtls_printf("\n"); - - status = psa_verify_hash(key_id, // key handle - PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm - hash, sizeof(hash), // hash of message - signature, signature_length); // signature - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_verify_hash failed\n"); - return EXIT_FAILURE; - } else { - mbedtls_printf("\nSignature verification successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c deleted file mode 100644 index 4c63abf5a..000000000 --- a/tests/psa-client-server/psasim/src/client.c +++ /dev/null @@ -1,23 +0,0 @@ -/* psasim test client */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Includes from mbedtls */ -#include "psa/crypto.h" -#include "util.h" - -int main() -{ - /* psa_crypto_init() connects to the server */ - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - ERROR("psa_crypto_init returned %d", status); - return 1; - } - - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/manifest.json b/tests/psa-client-server/psasim/src/manifest.json deleted file mode 100644 index e67b636c1..000000000 --- a/tests/psa-client-server/psasim/src/manifest.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "psa_framework_version":1.0, - "name":"TEST_PARTITION", - "type":"PSA-ROT", - "priority":"LOW", - "entry_point":"psa_server_main", - "stack_size":"0x400", - "heap_size":"0x100", - "services":[ - { - "name":"PSA_SID_CRYPTO", - "sid":"0x0000F000", - "signal":"PSA_CRYPTO", - "non_secure_clients": "true", - "minor_version":1, - "minor_policy":"STRICT" - } - ], - "irqs": [ - { - "source": "SIGINT", - "signal": "SIGINT_SIG" - }, - { - "source": "SIGTSTP", - "signal": "SIGSTP_SIG" - } - ] -} diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c deleted file mode 100644 index 0d6bbf3c9..000000000 --- a/tests/psa-client-server/psasim/src/psa_ff_client.c +++ /dev/null @@ -1,385 +0,0 @@ -/* PSA firmware framework client API */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "client.h" -#include "common.h" -#include "error_ext.h" -#include "util.h" - -typedef struct internal_handle { - int server_qid; - int client_qid; - int internal_server_qid; - int valid; -} internal_handle_t; - -typedef struct vectors { - const psa_invec *in_vec; - size_t in_len; - psa_outvec *out_vec; - size_t out_len; -} vectors_t; - -/* Note that this implementation is functional and not secure */ -int __psa_ff_client_security_state = NON_SECURE; - -/* Access to this global is not thread safe */ -#define MAX_HANDLES 32 -static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; - -static int get_next_free_handle() -{ - /* Never return handle 0 as it's a special null handle */ - for (int i = 1; i < MAX_HANDLES; i++) { - if (handles[i].valid == 0) { - return i; - } - } - return -1; -} - -static int handle_is_valid(psa_handle_t handle) -{ - if (handle > 0 && handle < MAX_HANDLES) { - if (handles[handle].valid == 1) { - return 1; - } - } - ERROR("ERROR: Invalid handle"); - return 0; -} - -static int get_queue_info(char *path, int *cqid, int *sqid) -{ - key_t server_queue_key; - int rx_qid, server_qid; - - INFO("Attempting to contact a RoT service queue"); - - if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { - ERROR("msgget: rx_qid"); - return -1; - } - - if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { - ERROR("ftok"); - return -2; - } - - if ((server_qid = msgget(server_queue_key, 0)) == -1) { - ERROR("msgget: server_qid"); - return -3; - } - - *cqid = rx_qid; - *sqid = server_qid; - - return 0; -} - -static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, - int *internal_server_qid) -{ - struct message response, request; - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t invec_seek[4] = { 0 }; - size_t data_size; - psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ - - assert(internal_server_qid > 0); - - while (1) { - data_size = 0; - invec = 0; - outvec = 0; - - /* read response from server */ - if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { - ERROR(" msgrcv failed"); - return ret; - } - - /* process return message from server */ - switch (response.message_type) { - case PSA_REPLY: - memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); - INFO(" Message received from server: %d", ret); - if (type == PSA_IPC_CONNECT && ret > 0) { - *internal_server_qid = ret; - INFO(" ASSSIGNED q ID %d", *internal_server_qid); - ret = PSA_SUCCESS; - } - return ret; - break; - case READ_REQUEST: - /* read data request */ - request.message_type = READ_RESPONSE; - - assert(vecs != 0); - - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); - - /* need to add more checks here */ - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - - if (data_size > MAX_FRAGMENT_SIZE) { - data_size = MAX_FRAGMENT_SIZE; - } - - /* send response */ - INFO(" invec_seek[invec] is %lu", invec_seek[invec]); - INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); - memcpy(request.message_text.buf, - (vecs->in_vec[invec].base + invec_seek[invec]), - data_size); - - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - - INFO(" Sending message of type %li", request.message_type); - INFO(" with content %s", request.message_text.buf); - - if (msgsnd(*internal_server_qid, &request, - sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to read request"); - } - break; - case WRITE_REQUEST: - assert(vecs != 0); - - request.message_type = WRITE_RESPONSE; - - memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); - INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); - - assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); - - /* copy memory into message and send back amount written */ - size_t sofar = vecs->out_vec[outvec].len; - memcpy(vecs->out_vec[outvec].base + sofar, - response.message_text.buf+(sizeof(size_t)*2), data_size); - INFO(" Data size is %lu", data_size); - vecs->out_vec[outvec].len += data_size; - - INFO(" Sending message of type %li", request.message_type); - - /* send response */ - if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to write request"); - } - break; - case SKIP_REQUEST: - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - break; - - default: - FATAL(" ERROR: unknown internal message type: %ld", - response.message_type); - } - } -} - -static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, - int32_t type, uint32_t minor_version, vectors_t *vecs) -{ - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ - struct message request; - request.message_type = 1; /* TODO: change this */ - request.message_text.psa_type = type; - vector_sizes_t vec_sizes; - - /* If the client is non-secure then set the NS bit */ - if (__psa_ff_client_security_state != 0) { - request.message_type |= NON_SECURE; - } - - assert(request.message_type >= 0); - - INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); - INFO(" internal_server_qid = %i", *internal_server_qid); - - request.message_text.qid = rx_qid; - - if (type == PSA_IPC_CONNECT) { - memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); - request_msg_size = request_msg_size + sizeof(minor_version); - INFO(" Request msg size is %lu", request_msg_size); - } else { - assert(internal_server_qid > 0); - } - - if (vecs != NULL && type >= PSA_IPC_CALL) { - - memset(&vec_sizes, 0, sizeof(vec_sizes)); - - /* Copy invec sizes */ - for (size_t i = 0; i < (vecs->in_len); i++) { - vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; - INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); - } - - /* Copy outvec sizes */ - for (size_t i = 0; i < (vecs->out_len); i++) { - vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; - - /* Reset to 0 since we need to eventually fill in with bytes written */ - vecs->out_vec[i].len = 0; - } - - memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); - request_msg_size = request_msg_size + sizeof(vec_sizes); - } - - INFO(" Sending and then waiting"); - - /* send message to server */ - if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { - ERROR(" msgsnd failed"); - return ret; - } - - return process_response(rx_qid, vecs, type, internal_server_qid); -} - - -uint32_t psa_framework_version(void) -{ - return PSA_FRAMEWORK_VERSION; -} - -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - /* if there's a free handle available */ - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); - INFO("Attempting to contact RoT service at %s", pathname); - - /* if communication is possible */ - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - PSA_IPC_CONNECT, - minor_version, - NULL); - - /* if connection accepted by RoT service */ - if (ret >= 0) { - handles[idx].valid = 1; - return idx; - } else { - ERROR("Server didn't like you"); - } - } else { - ERROR("Couldn't contact RoT service. Does it exist?"); - - if (__psa_ff_client_security_state == 0) { - ERROR("Invalid SID"); - } - } - } - - INFO("Couldn't obtain a free handle"); - return PSA_ERROR_CONNECTION_REFUSED; -} - -uint32_t psa_version(uint32_t sid) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - VERSION_REQUEST, - 0, - NULL); - INFO("psa_version: Recieved from server %d", ret); - if (ret > 0) { - return ret; - } - } - } - ERROR("psa_version failed: does the service exist?"); - return PSA_VERSION_NONE; -} - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len) -{ - handle_is_valid(handle); - - if ((in_len + out_len) > PSA_MAX_IOVEC) { - ERROR("Too many iovecs: %lu + %lu", in_len, out_len); - } - - vectors_t vecs = { 0 }; - vecs.in_vec = in_vec; - vecs.in_len = in_len; - vecs.out_vec = out_vec; - vecs.out_len = out_len; - - return send(handles[handle].client_qid, - handles[handle].server_qid, - &handles[handle].internal_server_qid, - type, - 0, - &vecs); -} - -void psa_close(psa_handle_t handle) -{ - handle_is_valid(handle); - if (send(handles[handle].client_qid, handles[handle].server_qid, - &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { - ERROR("ERROR: Couldn't send disconnect msg"); - } else { - if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { - ERROR("ERROR: Failed to delete msg queue"); - } - } - INFO("Closing handle %u", handle); - handles[handle].valid = 0; -} diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c deleted file mode 100644 index 00c527264..000000000 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ /dev/null @@ -1,655 +0,0 @@ -/* PSA Firmware Framework service API */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "service.h" -#include "init.h" -#include "error_ext.h" -#include "common.h" -#include "util.h" - -#define MAX_CLIENTS 128 -#define MAX_MESSAGES 32 - -struct connection { - uint32_t client; - void *rhandle; - int client_to_server_q; -}; - -/* Note that this implementation is functional and not secure. */ -int __psa_ff_client_security_state = NON_SECURE; - -static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */ -static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */ -static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */ -static int nsacl[32]; -static int strict_policy[32] = { 0 }; -static uint32_t rot_svc_versions[32]; -static int rot_svc_incoming_queue[32] = { -1 }; -static struct connection connections[MAX_CLIENTS] = { { 0 } }; - -static uint32_t exposed_signals = 0; - -void print_vectors(vector_sizes_t *sizes) -{ - INFO("Printing iovec sizes"); - for (int j = 0; j < PSA_MAX_IOVEC; j++) { - INFO("Invec %d: %lu", j, sizes->invec_sizes[j]); - } - - for (int j = 0; j < PSA_MAX_IOVEC; j++) { - INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]); - } -} - -int find_connection(uint32_t client) -{ - for (int i = 1; i < MAX_CLIENTS; i++) { - if (client == connections[i].client) { - return i; - } - } - return -1; -} - -void destroy_connection(uint32_t client) -{ - int idx = find_connection(client); - if (idx >= 0) { - connections[idx].client = 0; - connections[idx].rhandle = 0; - INFO("Destroying connection"); - } else { - ERROR("Couldn't destroy connection for %u", client); - } -} - -int find_free_connection() -{ - INFO("Allocating connection"); - return find_connection(0); -} - -static void reply(psa_handle_t msg_handle, psa_status_t status) -{ - pending_message[msg_handle] = 1; - psa_reply(msg_handle, status); - pending_message[msg_handle] = 0; -} - -psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) -{ - psa_signal_t mask; - struct message msg; - vector_sizes_t sizes; - struct msqid_ds qinfo; - uint32_t requested_version; - ssize_t len; - int idx; - - if (timeout == PSA_POLL) { - INFO("psa_wait: Called in polling mode"); - } - - do { - mask = signal_mask; - - /* Check the status of each queue */ - for (int i = 0; i < 32; i++) { - if (mask & 0x1) { - if (i < 3) { - // do nothing (reserved) - } else if (i == 3) { - // this must be psa doorbell - } else { - /* Check if this signal corresponds to a queue */ - if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) { - - /* AFAIK there is no "peek" method in SysV, so try to get a message */ - len = msgrcv(rot_svc_incoming_queue[i], - &msg, - sizeof(struct message_text), - 0, - IPC_NOWAIT); - if (len > 0) { - - INFO("Storing that QID in message_client[%d]", i); - INFO("The message handle will be %d", i); - - msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo); - messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */ - message_client[i] = msg.message_text.qid; - idx = find_connection(msg.message_text.qid); - - if (msg.message_type & NON_SECURE) { - /* This is a non-secure message */ - - /* Check if NS client is allowed for this RoT service */ - if (nsacl[i] <= 0) { -#if 0 - INFO( - "Rejecting non-secure client due to manifest security policy"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ -#endif - } - - msg.message_type &= ~(NON_SECURE); /* clear */ - messages[i].client_id = messages[i].client_id * -1; - } - - INFO("Got a message from client ID %d", messages[i].client_id); - INFO("Message type is %lu", msg.message_type); - INFO("PSA message type is %d", msg.message_text.psa_type); - - messages[i].handle = i; - - switch (msg.message_text.psa_type) { - case PSA_IPC_CONNECT: - - if (len >= 16) { - memcpy(&requested_version, msg.message_text.buf, - sizeof(requested_version)); - INFO("Requesting version %u", requested_version); - INFO("Implemented version %u", rot_svc_versions[i]); - /* TODO: need to check whether the policy is strict, - * and if so, then reject the client if the number doesn't match */ - - if (requested_version > rot_svc_versions[i]) { - INFO( - "Rejecting client because requested version that was too high"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ - } - - if (strict_policy[i] == 1 && - (requested_version != rot_svc_versions[i])) { - INFO( - "Rejecting client because enforcing a STRICT version policy"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ - } else { - INFO("Not rejecting client"); - } - } - - messages[i].type = PSA_IPC_CONNECT; - - if (idx < 0) { - idx = find_free_connection(); - } - - if (idx >= 0) { - connections[idx].client = msg.message_text.qid; - } else { - /* We've run out of system wide connections */ - reply(i, PSA_ERROR_CONNECTION_BUSY); - ERROR("Ran out of free connections"); - continue; - } - - break; - case PSA_IPC_DISCONNECT: - messages[i].type = PSA_IPC_DISCONNECT; - break; - case VERSION_REQUEST: - INFO("Got a version request"); - reply(i, rot_svc_versions[i]); - continue; /* Skip to next signal */ - break; - - default: - - /* PSA CALL */ - if (msg.message_text.psa_type >= 0) { - messages[i].type = msg.message_text.psa_type; - memcpy(&sizes, msg.message_text.buf, sizeof(sizes)); - print_vectors(&sizes); - memcpy(&messages[i].in_size, &sizes.invec_sizes, - (sizeof(size_t) * PSA_MAX_IOVEC)); - memcpy(&messages[i].out_size, &sizes.outvec_sizes, - (sizeof(size_t) * PSA_MAX_IOVEC)); - } else { - FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li", - msg.message_type); - } - break; - } - messages[i].handle = i; - - /* Check if the client has a connection */ - if (idx >= 0) { - messages[i].rhandle = connections[idx].rhandle; - } else { - /* Client is begging for a programmer error */ - reply(i, PSA_ERROR_PROGRAMMER_ERROR); - continue; - } - - /* House keeping */ - pending_message[i] = 1; /* set message as pending */ - exposed_signals |= (0x1 << i); /* assert the signal */ - } - } - } - mask = mask >> 1; - } - } - - if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) { - break; - } else { - /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ - } - } while (timeout == PSA_BLOCK); - - /* Assert signals */ - return signal_mask & exposed_signals; -} - -static int signal_to_index(psa_signal_t signal) -{ - int i; - int count = 0; - int ret = -1; - - for (i = 0; i < 32; i++) { - if (signal & 0x1) { - ret = i; - count++; - } - signal = signal >> 1; - } - - if (count > 1) { - ERROR("ERROR: Too many signals"); - return -1; /* Too many signals */ - } - return ret; -} - -static void clear_signal(psa_signal_t signal) -{ - exposed_signals = exposed_signals & ~signal; -} - -void raise_signal(psa_signal_t signal) -{ - exposed_signals |= signal; -} - -psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg) -{ - int index = signal_to_index(signal); - if (index < 0) { - ERROR("Bad signal"); - } - - clear_signal(signal); - - assert(messages[index].handle != 0); - - if (pending_message[index] == 1) { - INFO("There is a pending message!"); - memcpy(msg, &messages[index], sizeof(struct psa_msg_t)); - assert(msg->handle != 0); - return PSA_SUCCESS; - } else { - INFO("no pending message"); - } - - return PSA_ERROR_DOES_NOT_EXIST; -} - -static inline int is_valid_msg_handle(psa_handle_t h) -{ - if (h > 0 && h < MAX_MESSAGES) { - return 1; - } - ERROR("Not a valid message handle"); - return 0; -} - -static inline int is_call_msg(psa_handle_t h) -{ - assert(messages[h].type >= PSA_IPC_CALL); - return 1; -} - -void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle) -{ - is_valid_msg_handle(msg_handle); - int idx = find_connection(message_client[msg_handle]); - INFO("Setting rhandle to %p", rhandle); - assert(idx >= 0); - connections[idx].rhandle = rhandle; -} - -/* Sends a message from the server to the client. Does not wait for a response */ -static void send_msg(psa_handle_t msg_handle, - int ctrl_msg, - psa_status_t status, - size_t amount, - const void *data, - size_t data_amount) -{ - struct message response; - int flags = 0; - - assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */ - - response.message_type = ctrl_msg; - if (ctrl_msg == PSA_REPLY) { - memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); - } else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) { - memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); - memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t)); - if (ctrl_msg == WRITE_REQUEST) { - /* TODO: Check if too big */ - memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount); - } - } - - /* TODO: sizeof doesn't need to be so big here for small responses */ - if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) { - ERROR("Failed to reply"); - } -} - -static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) -{ - if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) { - messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] - - num_bytes; - return num_bytes; - } else { - if (num_bytes >= messages[msg_handle].in_size[invec_idx]) { - size_t ret = messages[msg_handle].in_size[invec_idx]; - messages[msg_handle].in_size[invec_idx] = 0; - return ret; - } else { - return num_bytes; - } - } -} - -size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, - void *buffer, size_t num_bytes) -{ - size_t sofar = 0; - struct message msg = { 0 }; - int idx; - ssize_t len; - - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - if (invec_idx >= PSA_MAX_IOVEC) { - ERROR("Invalid iovec number"); - } - - /* If user wants more data than what's available, truncate their request */ - if (num_bytes > messages[msg_handle].in_size[invec_idx]) { - num_bytes = messages[msg_handle].in_size[invec_idx]; - } - - while (sofar < num_bytes) { - INFO("Server: requesting %lu bytes from client", (num_bytes - sofar)); - send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0); - - idx = find_connection(message_client[msg_handle]); - assert(idx >= 0); - - len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - len = (len - offsetof(struct message_text, buf)); - - if (len < 0) { - FATAL("Internal error: failed to dispatch read request to the client"); - } - - if (len > (num_bytes - sofar)) { - if ((num_bytes - sofar) > 0) { - memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar)); - } - } else { - memcpy(buffer + sofar, msg.message_text.buf, len); - } - - INFO("Printing what i got so far: %s", msg.message_text.buf); - - sofar = sofar + len; - } - - /* Update the seek count */ - skip(msg_handle, invec_idx, num_bytes); - INFO("Finished psa_read"); - return sofar; -} - -void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, - const void *buffer, size_t num_bytes) -{ - size_t sofar = 0; - struct message msg = { 0 }; - int idx; - ssize_t len; - - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - if (outvec_idx >= PSA_MAX_IOVEC) { - ERROR("Invalid iovec number"); - } - - if (num_bytes > messages[msg_handle].out_size[outvec_idx]) { - ERROR("Program tried to write too much data %lu/%lu", num_bytes, - messages[msg_handle].out_size[outvec_idx]); - } - - while (sofar < num_bytes) { - size_t sending = (num_bytes - sofar); - if (sending > (MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2))) { - sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); - } - - INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long) sofar); - - send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer + sofar, sending); - - idx = find_connection(message_client[msg_handle]); - assert(idx >= 0); - - len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - if (len < 1) { - FATAL("Client didn't give me a full response"); - } - sofar = sofar + sending; - } - - /* Update the seek count */ - messages[msg_handle].out_size[outvec_idx] -= num_bytes; -} - -size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) -{ - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - size_t ret = skip(msg_handle, invec_idx, num_bytes); - - /* notify client to skip */ - send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0); - return ret; -} - -static void destroy_temporary_queue(int myqid) -{ - if (msgctl(myqid, IPC_RMID, NULL) != 0) { - INFO("ERROR: Failed to delete msg queue %d", myqid); - } -} - -static int make_temporary_queue() -{ - int myqid; - if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) { - INFO("msgget: myqid"); - return -1; - } - return myqid; -} - -/** - * Assumes msg_handle is the index into the message array - */ -void psa_reply(psa_handle_t msg_handle, psa_status_t status) -{ - int idx, q; - is_valid_msg_handle(msg_handle); - - if (pending_message[msg_handle] != 1) { - ERROR("Not a valid message handle"); - } - - if (messages[msg_handle].type == PSA_IPC_CONNECT) { - switch (status) { - case PSA_SUCCESS: - idx = find_connection(message_client[msg_handle]); - q = make_temporary_queue(); - if (q > 0 && idx >= 0) { - connections[idx].client_to_server_q = q; - status = q; - } else { - FATAL("What happened?"); - } - break; - case PSA_ERROR_CONNECTION_REFUSED: - destroy_connection(message_client[msg_handle]); - break; - case PSA_ERROR_CONNECTION_BUSY: - destroy_connection(message_client[msg_handle]); - break; - case PSA_ERROR_PROGRAMMER_ERROR: - destroy_connection(message_client[msg_handle]); - break; - default: - ERROR("Not a valid reply %d", status); - } - } else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) { - idx = find_connection(message_client[msg_handle]); - if (idx >= 0) { - destroy_temporary_queue(connections[idx].client_to_server_q); - } - destroy_connection(message_client[msg_handle]); - } - - send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0); - - pending_message[msg_handle] = 0; - message_client[msg_handle] = 0; -} - -/* TODO: make sure you only clear interrupt signals, and not others */ -void psa_eoi(psa_signal_t signal) -{ - int index = signal_to_index(signal); - if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) { - clear_signal(signal); - } else { - ERROR("Tried to EOI a signal that isn't an interrupt"); - } -} - -void psa_notify(int32_t partition_id) -{ - char pathname[PATHNAMESIZE] = { 0 }; - - if (partition_id < 0) { - ERROR("Not a valid secure partition"); - } - - snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id); - INFO("psa_notify: notifying partition %u using %s", - partition_id, pathname); - INFO("psa_notify is unimplemented"); -} - -void psa_clear(void) -{ - clear_signal(PSA_DOORBELL); -} - -void __init_psasim(const char **array, - int size, - const int allow_ns_clients_array[32], - const uint32_t versions[32], - const int strict_policy_array[32]) -{ - static uint8_t library_initialised = 0; - key_t key; - int qid; - FILE *fp; - char doorbell_file[PATHNAMESIZE] = { 0 }; - char queue_path[PATHNAMESIZE]; - snprintf(doorbell_file, PATHNAMESIZE, "psa_notify_%u", getpid()); - - if (library_initialised > 0) { - return; - } else { - library_initialised = 1; - } - - if (size != 32) { - FATAL("Unsupported value. Aborting."); - } - - array[3] = doorbell_file; - - for (int i = 0; i < 32; i++) { - if (strncmp(array[i], "", 1) != 0) { - INFO("Setting up %s", array[i]); - memset(queue_path, 0, sizeof(queue_path)); - snprintf(queue_path, sizeof(queue_path), "%s%s", TMP_FILE_BASE_PATH, array[i]); - - /* Create file if doesn't exist */ - fp = fopen(queue_path, "ab+"); - if (fp) { - fclose(fp); - } - - if ((key = ftok(queue_path, PROJECT_ID)) == -1) { - FATAL("Error finding message queue during initialisation"); - } - - /* TODO: Investigate. Permissions are likely to be too relaxed */ - if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) { - FATAL("Error opening message queue during initialisation"); - } else { - rot_svc_incoming_queue[i] = qid; - } - } - } - - memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32); - memcpy(strict_policy, strict_policy_array, sizeof(int) * 32); - memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32); - memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS); - - __psa_ff_client_security_state = 0; /* Set the client status to SECURE */ -} diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h deleted file mode 100644 index 4be53c597..000000000 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ /dev/null @@ -1,102 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef _PSA_FUNCTIONS_CODES_H_ -#define _PSA_FUNCTIONS_CODES_H_ - -enum { - /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT - * and VERSION_REQUEST */ - PSA_CRYPTO_INIT = 100, - PSA_AEAD_ABORT, - PSA_AEAD_DECRYPT, - PSA_AEAD_DECRYPT_SETUP, - PSA_AEAD_ENCRYPT, - PSA_AEAD_ENCRYPT_SETUP, - PSA_AEAD_FINISH, - PSA_AEAD_GENERATE_NONCE, - PSA_AEAD_SET_LENGTHS, - PSA_AEAD_SET_NONCE, - PSA_AEAD_UPDATE, - PSA_AEAD_UPDATE_AD, - PSA_AEAD_VERIFY, - PSA_ASYMMETRIC_DECRYPT, - PSA_ASYMMETRIC_ENCRYPT, - PSA_CIPHER_ABORT, - PSA_CIPHER_DECRYPT, - PSA_CIPHER_DECRYPT_SETUP, - PSA_CIPHER_ENCRYPT, - PSA_CIPHER_ENCRYPT_SETUP, - PSA_CIPHER_FINISH, - PSA_CIPHER_GENERATE_IV, - PSA_CIPHER_SET_IV, - PSA_CIPHER_UPDATE, - PSA_COPY_KEY, - PSA_DESTROY_KEY, - PSA_EXPORT_KEY, - PSA_EXPORT_PUBLIC_KEY, - PSA_GENERATE_KEY, - PSA_GENERATE_KEY_CUSTOM, - PSA_GENERATE_KEY_IOP_ABORT, - PSA_GENERATE_KEY_IOP_COMPLETE, - PSA_GENERATE_KEY_IOP_GET_NUM_OPS, - PSA_GENERATE_KEY_IOP_SETUP, - PSA_GENERATE_RANDOM, - PSA_GET_KEY_ATTRIBUTES, - PSA_HASH_ABORT, - PSA_HASH_CLONE, - PSA_HASH_COMPARE, - PSA_HASH_COMPUTE, - PSA_HASH_FINISH, - PSA_HASH_SETUP, - PSA_HASH_UPDATE, - PSA_HASH_VERIFY, - PSA_IMPORT_KEY, - PSA_INTERRUPTIBLE_GET_MAX_OPS, - PSA_INTERRUPTIBLE_SET_MAX_OPS, - PSA_KEY_AGREEMENT, - PSA_KEY_AGREEMENT_IOP_ABORT, - PSA_KEY_AGREEMENT_IOP_COMPLETE, - PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS, - PSA_KEY_AGREEMENT_IOP_SETUP, - PSA_KEY_DERIVATION_ABORT, - PSA_KEY_DERIVATION_GET_CAPACITY, - PSA_KEY_DERIVATION_INPUT_BYTES, - PSA_KEY_DERIVATION_INPUT_INTEGER, - PSA_KEY_DERIVATION_INPUT_KEY, - PSA_KEY_DERIVATION_KEY_AGREEMENT, - PSA_KEY_DERIVATION_OUTPUT_BYTES, - PSA_KEY_DERIVATION_OUTPUT_KEY, - PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM, - PSA_KEY_DERIVATION_SET_CAPACITY, - PSA_KEY_DERIVATION_SETUP, - PSA_MAC_ABORT, - PSA_MAC_COMPUTE, - PSA_MAC_SIGN_FINISH, - PSA_MAC_SIGN_SETUP, - PSA_MAC_UPDATE, - PSA_MAC_VERIFY, - PSA_MAC_VERIFY_FINISH, - PSA_MAC_VERIFY_SETUP, - PSA_PURGE_KEY, - PSA_RAW_KEY_AGREEMENT, - PSA_RESET_KEY_ATTRIBUTES, - PSA_SIGN_HASH, - PSA_SIGN_HASH_ABORT, - PSA_SIGN_HASH_COMPLETE, - PSA_SIGN_HASH_GET_NUM_OPS, - PSA_SIGN_HASH_START, - PSA_SIGN_MESSAGE, - PSA_VERIFY_HASH, - PSA_VERIFY_HASH_ABORT, - PSA_VERIFY_HASH_COMPLETE, - PSA_VERIFY_HASH_GET_NUM_OPS, - PSA_VERIFY_HASH_START, - PSA_VERIFY_MESSAGE, -}; - -#endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c deleted file mode 100644 index f6efd620c..000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ /dev/null @@ -1,7526 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* client calls */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - INFO("Client: " fmt, ##__VA_ARGS__) - -static psa_handle_t handle = -1; - -#if defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" -#endif - -int psa_crypto_call(int function, - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - // psa_outvec outvecs[1]; - if (handle < 0) { - fprintf(stderr, "NOT CONNECTED\n"); - exit(1); - } - - psa_invec invec; - invec.base = in_params; - invec.len = in_params_len; - - size_t max_receive = 24576; - uint8_t *receive = malloc(max_receive); - if (receive == NULL) { - fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); - exit(1); - } - - size_t actual_received = 0; - - psa_outvec outvecs[2]; - outvecs[0].base = &actual_received; - outvecs[0].len = sizeof(actual_received); - outvecs[1].base = receive; - outvecs[1].len = max_receive; - - psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); - if (status != PSA_SUCCESS) { - free(receive); - return 0; - } - - *out_params = receive; - *out_params_len = actual_received; - - return 1; // success -} - -psa_status_t psa_crypto_init(void) -{ - char mbedtls_version[18]; - uint8_t *result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - mbedtls_version_get_string_full(mbedtls_version); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - handle = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (handle < 0) { - CLIENT_PRINT("Couldn't connect %d", handle); - return PSA_ERROR_COMMUNICATION_FAILURE; - } - - int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); - - if (!ok) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); - if (!ok) { - goto fail; - } - -fail: - free(result); - - return status; -} - -void mbedtls_psa_crypto_free(void) -{ - /* Do not try to close a connection that was never started.*/ - if (handle == -1) { - return; - } - - CLIENT_PRINT("Closing handle"); - psa_close(handle); - handle = -1; -} - - -psa_status_t psa_aead_abort( - psa_aead_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - additional_data, additional_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *plaintext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_decrypt_setup( - psa_aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_DECRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_DECRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, - size_t *ciphertext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - additional_data, additional_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_encrypt_setup( - psa_aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ENCRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ENCRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_finish( - psa_aead_operation_t *operation, - uint8_t *ciphertext, size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, size_t tag_size, - size_t *tag_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(*tag_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *ciphertext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - tag, tag_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *tag_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - tag, tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - tag_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_generate_nonce( - psa_aead_operation_t *operation, - uint8_t *nonce, size_t nonce_size, - size_t *nonce_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(*nonce_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *nonce_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_GENERATE_NONCE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_GENERATE_NONCE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - nonce, nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - nonce_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_set_lengths( - psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(ad_length) + - psasim_serialise_size_t_needs(plaintext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - ad_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - plaintext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_SET_LENGTHS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_SET_LENGTHS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_set_nonce( - psa_aead_operation_t *operation, - const uint8_t *nonce, size_t nonce_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_SET_NONCE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_SET_NONCE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_update( - psa_aead_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_update_ad( - psa_aead_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_UPDATE_AD, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_UPDATE_AD server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_verify( - psa_aead_operation_t *operation, - uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, size_t tag_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length) + - psasim_serialise_buffer_needs(tag, tag_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *plaintext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - tag, tag_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_asymmetric_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - salt, salt_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_ASYMMETRIC_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_ASYMMETRIC_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_asymmetric_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - salt, salt_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_ASYMMETRIC_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_ASYMMETRIC_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_abort( - psa_cipher_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_decrypt_setup( - psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_encrypt_setup( - psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_finish( - psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_generate_iv( - psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, - size_t *iv_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(*iv_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - iv, iv_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *iv_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_GENERATE_IV server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - iv, iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - iv_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_set_iv( - psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - iv, iv_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_SET_IV, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_SET_IV server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_update( - psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_copy_key( - mbedtls_svc_key_id_t source_key, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *target_key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - source_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *target_key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_COPY_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_COPY_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - target_key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_destroy_key( - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_DESTROY_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_DESTROY_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_key( - mbedtls_svc_key_id_t key, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key( - mbedtls_svc_key_id_t key, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key( - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_custom( - const psa_key_attributes_t *attributes, - const psa_custom_key_parameters_t *custom, - const uint8_t *custom_data, size_t custom_data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_custom_key_parameters_t_needs(*custom) + - psasim_serialise_buffer_needs(custom_data, custom_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_custom_key_parameters_t( - &pos, &remaining, - *custom); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - custom_data, custom_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_CUSTOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_CUSTOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_iop_abort( - psa_generate_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_iop_complete( - psa_generate_key_iop_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_generate_key_iop_get_num_ops( - psa_generate_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_generate_key_iop_setup( - psa_generate_key_iop_t *operation, - const psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_random( - uint8_t *output, size_t output_size - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_buffer_needs(output, output_size); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_RANDOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_RANDOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_get_key_attributes( - mbedtls_svc_key_id_t key, - psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GET_KEY_ATTRIBUTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GET_KEY_ATTRIBUTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_abort( - psa_hash_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_clone( - const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*source_operation) + - psasim_serialise_psa_hash_operation_t_needs(*target_operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *source_operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *target_operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_CLONE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_CLONE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - target_operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_compare( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_COMPARE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_COMPARE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, - size_t *hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_COMPUTE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_COMPUTE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_finish( - psa_hash_operation_t *operation, - uint8_t *hash, size_t hash_size, - size_t *hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_setup( - psa_hash_operation_t *operation, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_update( - psa_hash_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_verify( - psa_hash_operation_t *operation, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_buffer_needs(data, data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_IMPORT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_IMPORT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_interruptible_get_max_ops( - void - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - 0; - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_INTERRUPTIBLE_GET_MAX_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_INTERRUPTIBLE_GET_MAX_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -void psa_interruptible_set_max_ops( - uint32_t max_ops - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(max_ops); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_uint32_t( - &pos, &remaining, - max_ops); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_INTERRUPTIBLE_SET_MAX_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_INTERRUPTIBLE_SET_MAX_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); -} - - -psa_status_t psa_key_agreement( - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - psa_algorithm_t alg, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_agreement_iop_abort( - psa_key_agreement_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_agreement_iop_complete( - psa_key_agreement_iop_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_key_agreement_iop_get_num_ops( - psa_key_agreement_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_key_agreement_iop_setup( - psa_key_agreement_iop_t *operation, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - psa_algorithm_t alg, - const psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_abort( - psa_key_derivation_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *operation, - size_t *capacity - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(*capacity); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *capacity); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_GET_CAPACITY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_GET_CAPACITY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - capacity); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, size_t data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_buffer_needs(data, data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_BYTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_BYTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_integer( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - uint64_t value - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_uint64_t_needs(value); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_uint64_t( - &pos, &remaining, - value); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_INTEGER, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_INTEGER server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_key( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *operation, - uint8_t *output, size_t output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_BYTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_BYTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_key( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_key_custom( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - const psa_custom_key_parameters_t *custom, - const uint8_t *custom_data, size_t custom_data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_custom_key_parameters_t_needs(*custom) + - psasim_serialise_buffer_needs(custom_data, custom_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_custom_key_parameters_t( - &pos, &remaining, - *custom); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - custom_data, custom_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *operation, - size_t capacity - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(capacity); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - capacity); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_SET_CAPACITY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_SET_CAPACITY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_setup( - psa_key_derivation_operation_t *operation, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_abort( - psa_mac_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_compute( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *mac, size_t mac_size, - size_t *mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_COMPUTE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_COMPUTE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_sign_finish( - psa_mac_operation_t *operation, - uint8_t *mac, size_t mac_size, - size_t *mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_SIGN_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_SIGN_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_sign_setup( - psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_SIGN_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_SIGN_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_update( - psa_mac_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *mac, size_t mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify_finish( - psa_mac_operation_t *operation, - const uint8_t *mac, size_t mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify_setup( - psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_purge_key( - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_PURGE_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_PURGE_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_raw_key_agreement( - psa_algorithm_t alg, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_RAW_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_RAW_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -void psa_reset_key_attributes( - psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_RESET_KEY_ATTRIBUTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_RESET_KEY_ATTRIBUTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); -} - - -psa_status_t psa_sign_hash( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *operation, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_sign_hash_get_num_ops( - const psa_sign_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_START, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_START server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_message( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_MESSAGE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_MESSAGE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_verify_hash_get_num_ops( - const psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_START, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_START server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_message( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_MESSAGE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_MESSAGE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c deleted file mode 100644 index 599e55f3e..000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ /dev/null @@ -1,8791 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* server implementations */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#include - -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -#include "service.h" - -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)(int, int, const char *, int); -#endif - -// Returns 1 for success, 0 for failure -int psa_crypto_init_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - uint8_t *result = NULL; - int ok; - - // Now we call the actual target function - - status = psa_crypto_init( - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *nonce = NULL; - size_t nonce_length; - uint8_t *additional_data = NULL; - size_t additional_data_length; - uint8_t *ciphertext = NULL; - size_t ciphertext_length; - uint8_t *plaintext = NULL; - size_t plaintext_size; - size_t plaintext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &additional_data, &additional_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_decrypt( - key, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, - &plaintext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(plaintext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - free(additional_data); - free(ciphertext); - free(plaintext); - - return 1; // success - -fail: - free(result); - - free(nonce); - free(additional_data); - free(ciphertext); - free(plaintext); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_decrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_decrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *nonce = NULL; - size_t nonce_length; - uint8_t *additional_data = NULL; - size_t additional_data_length; - uint8_t *plaintext = NULL; - size_t plaintext_length; - uint8_t *ciphertext = NULL; - size_t ciphertext_size; - size_t ciphertext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &additional_data, &additional_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ciphertext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_encrypt( - key, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, - &ciphertext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(ciphertext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - free(additional_data); - free(plaintext); - free(ciphertext); - - return 1; // success - -fail: - free(result); - - free(nonce); - free(additional_data); - free(plaintext); - free(ciphertext); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_encrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_encrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *ciphertext = NULL; - size_t ciphertext_size; - size_t ciphertext_length; - uint8_t *tag = NULL; - size_t tag_size; - size_t tag_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &tag, &tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &tag_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_finish( - operation, - ciphertext, ciphertext_size, - &ciphertext_length, - tag, tag_size, - &tag_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(tag_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - tag, tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - tag_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(ciphertext); - free(tag); - - return 1; // success - -fail: - free(result); - - free(ciphertext); - free(tag); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_generate_nonce_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *nonce = NULL; - size_t nonce_size; - size_t nonce_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &nonce_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_generate_nonce( - operation, - nonce, nonce_size, - &nonce_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(nonce_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - nonce, nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - nonce_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - - return 1; // success - -fail: - free(result); - - free(nonce); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_set_lengths_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - size_t ad_length; - size_t plaintext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ad_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_set_lengths( - operation, - ad_length, - plaintext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_set_nonce_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *nonce = NULL; - size_t nonce_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_set_nonce( - operation, - nonce, nonce_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - - return 1; // success - -fail: - free(result); - - free(nonce); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_update( - operation, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_update_ad_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_update_ad( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *plaintext = NULL; - size_t plaintext_size; - size_t plaintext_length; - uint8_t *tag = NULL; - size_t tag_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &tag, &tag_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_verify( - operation, - plaintext, plaintext_size, - &plaintext_length, - tag, tag_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(plaintext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(plaintext); - free(tag); - - return 1; // success - -fail: - free(result); - - free(plaintext); - free(tag); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_asymmetric_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *salt = NULL; - size_t salt_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &salt, &salt_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_asymmetric_decrypt( - key, - alg, - input, input_length, - salt, salt_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(salt); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(salt); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_asymmetric_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *salt = NULL; - size_t salt_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &salt, &salt_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_asymmetric_encrypt( - key, - alg, - input, input_length, - salt, salt_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(salt); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(salt); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_decrypt( - key, - alg, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_decrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_decrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_encrypt( - key, - alg, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_encrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_encrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_finish( - operation, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_generate_iv_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *iv = NULL; - size_t iv_size; - size_t iv_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &iv, &iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &iv_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_generate_iv( - operation, - iv, iv_size, - &iv_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(iv_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - iv, iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - iv_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(iv); - - return 1; // success - -fail: - free(result); - - free(iv); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_set_iv_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *iv = NULL; - size_t iv_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &iv, &iv_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_set_iv( - operation, - iv, iv_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(iv); - - return 1; // success - -fail: - free(result); - - free(iv); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_update( - operation, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_copy_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t source_key; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t target_key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &source_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &target_key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_copy_key( - source_key, - &attributes, - &target_key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(target_key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - target_key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_destroy_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_destroy_key( - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_key( - key, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key( - key, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key( - &attributes, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_custom_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_custom_key_parameters_t custom; - uint8_t *custom_data = NULL; - size_t custom_data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_custom_key_parameters_t( - &pos, &remaining, - &custom); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &custom_data, &custom_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_custom( - &attributes, - &custom, - custom_data, custom_data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(custom_data); - - return 1; // success - -fail: - free(result); - - free(custom_data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_complete( - &operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_generate_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_generate_key_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_setup( - &operation, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_random_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t *output = NULL; - size_t output_size; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_random( - output, output_size - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_get_key_attributes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_get_key_attributes( - key, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_attributes_t_needs(attributes); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_clone_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *source_operation; - psa_hash_operation_t *target_operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &source_operation); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &target_operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_clone( - source_operation, - target_operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(target_operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - target_operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_compare_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_compare( - alg, - input, input_length, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(hash); - - return 1; // success - -fail: - free(result); - - free(input); - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_compute_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *hash = NULL; - size_t hash_size; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_compute( - alg, - input, input_length, - hash, hash_size, - &hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(hash_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(hash); - - return 1; // success - -fail: - free(result); - - free(input); - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *hash = NULL; - size_t hash_size; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_finish( - operation, - hash, hash_size, - &hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(hash_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_setup( - operation, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_update( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_verify( - operation, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_import_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - uint8_t *data = NULL; - size_t data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_import_key( - &attributes, - data, data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_interruptible_get_max_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - - uint8_t *result = NULL; - int ok; - - // Now we call the actual target function - - value = psa_interruptible_get_max_ops( - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_interruptible_set_max_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t max_ops; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &pos, &remaining, - &max_ops); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - psa_interruptible_set_max_ops( - max_ops - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs(); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - psa_algorithm_t alg; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement( - private_key, - peer_key, peer_key_length, - alg, - &attributes, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_complete( - &operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_key_agreement_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_key_agreement_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - psa_algorithm_t alg; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_setup( - &operation, - private_key, - peer_key, peer_key_length, - alg, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_get_capacity_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - size_t capacity; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &capacity); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_get_capacity( - operation, - &capacity - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_size_t_needs(capacity); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - capacity); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_bytes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - uint8_t *data = NULL; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_bytes( - operation, - step, - data, data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_integer_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - uint64_t value; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint64_t( - &pos, &remaining, - &value); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_integer( - operation, - step, - value - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_key( - operation, - step, - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_key_agreement( - operation, - step, - private_key, - peer_key, peer_key_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_bytes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - uint8_t *output = NULL; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_bytes( - operation, - output, output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_key_derivation_operation_t *operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_key( - &attributes, - operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_key_custom_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_key_derivation_operation_t *operation; - psa_custom_key_parameters_t custom; - uint8_t *custom_data = NULL; - size_t custom_data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_custom_key_parameters_t( - &pos, &remaining, - &custom); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &custom_data, &custom_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_key_custom( - &attributes, - operation, - &custom, - custom_data, custom_data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(custom_data); - - return 1; // success - -fail: - free(result); - - free(custom_data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_set_capacity_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - size_t capacity; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &capacity); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_set_capacity( - operation, - capacity - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_setup( - operation, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_compute_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *mac = NULL; - size_t mac_size; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_compute( - key, - alg, - input, input_length, - mac, mac_size, - &mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(mac_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(mac); - - return 1; // success - -fail: - free(result); - - free(input); - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_sign_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *mac = NULL; - size_t mac_size; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_sign_finish( - operation, - mac, mac_size, - &mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(mac_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(mac); - - return 1; // success - -fail: - free(result); - - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_sign_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_sign_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_update( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *mac = NULL; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify( - key, - alg, - input, input_length, - mac, mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(mac); - - return 1; // success - -fail: - free(result); - - free(input); - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *mac = NULL; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify_finish( - operation, - mac, mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(mac); - - return 1; // success - -fail: - free(result); - - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_purge_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_purge_key( - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_raw_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_raw_key_agreement( - alg, - private_key, - peer_key, peer_key_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - free(output); - - return 1; // success - -fail: - free(result); - - free(peer_key); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_reset_key_attributes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - psa_reset_key_attributes( - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(attributes); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash( - key, - alg, - hash, hash_length, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_complete( - operation, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(signature); - - return 1; // success - -fail: - free(result); - - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_sign_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_sign_hash_get_num_ops( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_start_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_start( - operation, - key, - alg, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_message_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_message( - key, - alg, - input, input_length, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(signature); - - return 1; // success - -fail: - free(result); - - free(input); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash( - key, - alg, - hash, hash_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_complete( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_verify_hash_get_num_ops( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_start_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_start( - operation, - key, - alg, - hash, hash_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_message_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_message( - key, - alg, - input, input_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(signature); - - return 1; // success - -fail: - free(result); - - free(input); - free(signature); - - return 0; // This shouldn't happen! -} - -psa_status_t psa_crypto_call(psa_msg_t msg) -{ - int ok = 0; - - int func = msg.type; - - /* We only expect a single input buffer, with everything serialised in it */ - if (msg.in_size[1] != 0 || msg.in_size[2] != 0 || msg.in_size[3] != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* We expect exactly 2 output buffers, one for size, the other for data */ - if (msg.out_size[0] != sizeof(size_t) || msg.out_size[1] == 0 || - msg.out_size[2] != 0 || msg.out_size[3] != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - uint8_t *in_params = NULL; - size_t in_params_len = 0; - uint8_t *out_params = NULL; - size_t out_params_len = 0; - - in_params_len = msg.in_size[0]; - in_params = malloc(in_params_len); - if (in_params == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - /* Read the bytes from the client */ - size_t actual = psa_read(msg.handle, 0, in_params, in_params_len); - if (actual != in_params_len) { - free(in_params); - return PSA_ERROR_CORRUPTION_DETECTED; - } - - switch (func) { - case PSA_CRYPTO_INIT: - ok = psa_crypto_init_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ABORT: - ok = psa_aead_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_DECRYPT: - ok = psa_aead_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_DECRYPT_SETUP: - ok = psa_aead_decrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ENCRYPT: - ok = psa_aead_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ENCRYPT_SETUP: - ok = psa_aead_encrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_FINISH: - ok = psa_aead_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_GENERATE_NONCE: - ok = psa_aead_generate_nonce_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_SET_LENGTHS: - ok = psa_aead_set_lengths_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_SET_NONCE: - ok = psa_aead_set_nonce_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_UPDATE: - ok = psa_aead_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_UPDATE_AD: - ok = psa_aead_update_ad_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_VERIFY: - ok = psa_aead_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_ASYMMETRIC_DECRYPT: - ok = psa_asymmetric_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_ASYMMETRIC_ENCRYPT: - ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ABORT: - ok = psa_cipher_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_DECRYPT: - ok = psa_cipher_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_DECRYPT_SETUP: - ok = psa_cipher_decrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ENCRYPT: - ok = psa_cipher_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ENCRYPT_SETUP: - ok = psa_cipher_encrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_FINISH: - ok = psa_cipher_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_GENERATE_IV: - ok = psa_cipher_generate_iv_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_SET_IV: - ok = psa_cipher_set_iv_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_UPDATE: - ok = psa_cipher_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_COPY_KEY: - ok = psa_copy_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_DESTROY_KEY: - ok = psa_destroy_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_KEY: - ok = psa_export_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY: - ok = psa_export_public_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY: - ok = psa_generate_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_CUSTOM: - ok = psa_generate_key_custom_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_ABORT: - ok = psa_generate_key_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_COMPLETE: - ok = psa_generate_key_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_GET_NUM_OPS: - ok = psa_generate_key_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_SETUP: - ok = psa_generate_key_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_RANDOM: - ok = psa_generate_random_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GET_KEY_ATTRIBUTES: - ok = psa_get_key_attributes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_ABORT: - ok = psa_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_CLONE: - ok = psa_hash_clone_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_COMPARE: - ok = psa_hash_compare_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_COMPUTE: - ok = psa_hash_compute_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_FINISH: - ok = psa_hash_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_SETUP: - ok = psa_hash_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_UPDATE: - ok = psa_hash_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_VERIFY: - ok = psa_hash_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_IMPORT_KEY: - ok = psa_import_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_INTERRUPTIBLE_GET_MAX_OPS: - ok = psa_interruptible_get_max_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_INTERRUPTIBLE_SET_MAX_OPS: - ok = psa_interruptible_set_max_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT: - ok = psa_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_ABORT: - ok = psa_key_agreement_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_COMPLETE: - ok = psa_key_agreement_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS: - ok = psa_key_agreement_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_SETUP: - ok = psa_key_agreement_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_ABORT: - ok = psa_key_derivation_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_GET_CAPACITY: - ok = psa_key_derivation_get_capacity_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_BYTES: - ok = psa_key_derivation_input_bytes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_INTEGER: - ok = psa_key_derivation_input_integer_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_KEY: - ok = psa_key_derivation_input_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_KEY_AGREEMENT: - ok = psa_key_derivation_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_BYTES: - ok = psa_key_derivation_output_bytes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_KEY: - ok = psa_key_derivation_output_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM: - ok = psa_key_derivation_output_key_custom_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_SET_CAPACITY: - ok = psa_key_derivation_set_capacity_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_SETUP: - ok = psa_key_derivation_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_ABORT: - ok = psa_mac_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_COMPUTE: - ok = psa_mac_compute_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_SIGN_FINISH: - ok = psa_mac_sign_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_SIGN_SETUP: - ok = psa_mac_sign_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_UPDATE: - ok = psa_mac_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY: - ok = psa_mac_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY_FINISH: - ok = psa_mac_verify_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY_SETUP: - ok = psa_mac_verify_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_PURGE_KEY: - ok = psa_purge_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_RAW_KEY_AGREEMENT: - ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_RESET_KEY_ATTRIBUTES: - ok = psa_reset_key_attributes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH: - ok = psa_sign_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_ABORT: - ok = psa_sign_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_COMPLETE: - ok = psa_sign_hash_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_GET_NUM_OPS: - ok = psa_sign_hash_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_START: - ok = psa_sign_hash_start_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_MESSAGE: - ok = psa_sign_message_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH: - ok = psa_verify_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_ABORT: - ok = psa_verify_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_COMPLETE: - ok = psa_verify_hash_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_GET_NUM_OPS: - ok = psa_verify_hash_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_START: - ok = psa_verify_hash_start_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_MESSAGE: - ok = psa_verify_message_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - } - - free(in_params); - - if (out_params_len > msg.out_size[1]) { - fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\n", - out_params_len, msg.out_size[1]); - exit(1); - } - - /* Write the exact amount of data we're returning */ - psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); - - /* And write the data itself */ - if (out_params_len) { - psa_write(msg.handle, 1, out_params, out_params_len); - } - - free(out_params); - - return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; -} - -void psa_crypto_close(void) -{ - psa_sim_serialize_reset(); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl deleted file mode 100755 index fbceddf8d..000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ /dev/null @@ -1,1208 +0,0 @@ -#!/usr/bin/env perl -# -# This is a proof-of-concept script to show that the client and server wrappers -# can be created by a script. It is not hooked into the build, so is run -# manually and the output files are what are to be reviewed. In due course -# this will be replaced by a Python script based on the -# code_wrapper.psa_wrapper module. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -use strict; -use Data::Dumper; -use File::Basename; -use JSON qw(encode_json); - -my $debug = 0; - -# Globals (sorry!) -my $output_dir = dirname($0); - -my %functions = get_functions(); -my @functions = sort keys %functions; - -# We don't want these functions (e.g. because they are not implemented, etc) -my @skip_functions = ( - 'mbedtls_psa_crypto_free', # redefined rather than wrapped - 'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type - 'mbedtls_psa_get_stats', # uses unsupported type - 'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway - 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type - 'mbedtls_psa_register_se_key', # not in the default config, generally not for client use anyway - 'psa_get_key_slot_number', # not in the default config, uses unsupported type - 'psa_key_derivation_verify_bytes', # not implemented yet - 'psa_key_derivation_verify_key', # not implemented yet -); - -my $skip_functions_re = '\A(' . join('|', @skip_functions). ')\Z'; -@functions = grep(!/$skip_functions_re - |_pake_ # Skip everything PAKE - |_init\Z # constructors - /x, @functions); -# Restore psa_crypto_init() and put it first. -unshift @functions, 'psa_crypto_init'; - -# get_functions(), called above, returns a data structure for each function -# that we need to create client and server stubs for. The functions are -# listed from PSA header files. -# -# In this script, the data for psa_crypto_init() looks like: -# -# "psa_crypto_init": { -# "return": { # Info on return type -# "type": "psa_status_t", # Return type -# "name": "status", # Name to be used for this in C code -# "default": "PSA_ERROR_CORRUPTION_DETECTED" # Default value -# }, -# "args": [], # void function, so args empty -# } -# -# The data for psa_hash_compute() looks like: -# -# "psa_hash_compute": { -# "return": { # Information on return type -# "type": "psa_status_t", -# "name": "status", -# "default": "PSA_ERROR_CORRUPTION_DETECTED" -# }, -# "args": [{ -# "type": "psa_algorithm_t", # Type of first argument -# "ctypename": "psa_algorithm_t ", # C type with trailing spaces -# # (so that e.g. `char *` looks ok) -# "name": "alg", -# "is_output": 0 -# }, { -# "type": "const buffer", # Specially created -# "ctypename": "", # (so no C type) -# "name": "input, input_length", # A pair of arguments -# "is_output": 0 # const, so not an output argument -# }, { -# "type": "buffer", # Specially created -# "ctypename": "", -# "name": "hash, hash_size", -# "is_output": 1 # Not const, so output argument -# }, { -# "type": "size_t", # size_t *hash_length -# "ctypename": "size_t ", -# "name": "*hash_length", # * comes into the name -# "is_output": 1 -# } -# ], -# }, -# -# It's possible that a production version might not need both type and ctypename; -# that was done for convenience and future-proofing during development. - -write_function_codes("$output_dir/psa_functions_codes.h"); - -write_client_calls("$output_dir/psa_sim_crypto_client.c"); - -write_server_implementations("$output_dir/psa_sim_crypto_server.c"); - -sub write_function_codes -{ - my ($file) = @_; - - open(my $fh, ">", $file) || die("$0: $file: $!\n"); - - # NOTE: psa_crypto_init() is written manually - - print $fh <", $file) || die("$0: $file: $!\n"); - - print $fh client_calls_header(); - - for my $function (@functions) { - # psa_crypto_init() is hand written to establish connection to server - if ($function ne "psa_crypto_init") { - my $f = $functions{$function}; - output_client($fh, $f, $function); - } - } - - close($fh); -} - -sub write_server_implementations -{ - my ($file) = @_; - - open(my $fh, ">", $file) || die("$0: $file: $!\n"); - - print $fh server_implementations_header(); - - print $fh debug_functions() if $debug; - - for my $function (@functions) { - my $f = $functions{$function}; - output_server_wrapper($fh, $f, $function); - } - - # Now output a switch statement that calls each of the wrappers - - print $fh < msg.out_size[1]) { - fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\\n", - out_params_len, msg.out_size[1]); - exit(1); - } - - /* Write the exact amount of data we're returning */ - psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); - - /* And write the data itself */ - if (out_params_len) { - psa_write(msg.handle, 1, out_params, out_params_len); - } - - free(out_params); - - return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; -} -EOF - - # Finally, add psa_crypto_close() - - print $fh < -#include - -#include - -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -#include "service.h" - -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)(int, int, const char *, int); -#endif -EOF -} - -sub client_calls_header -{ - my $code = <<'EOF'; -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* client calls */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - INFO("Client: " fmt, ##__VA_ARGS__) - -static psa_handle_t handle = -1; - -#if defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" -#endif -EOF - - $code .= debug_functions() if $debug; - - $code .= <<'EOF'; - -int psa_crypto_call(int function, - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - // psa_outvec outvecs[1]; - if (handle < 0) { - fprintf(stderr, "NOT CONNECTED\n"); - exit(1); - } - - psa_invec invec; - invec.base = in_params; - invec.len = in_params_len; - - size_t max_receive = 24576; - uint8_t *receive = malloc(max_receive); - if (receive == NULL) { - fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); - exit(1); - } - - size_t actual_received = 0; - - psa_outvec outvecs[2]; - outvecs[0].base = &actual_received; - outvecs[0].len = sizeof(actual_received); - outvecs[1].base = receive; - outvecs[1].len = max_receive; - - psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); - if (status != PSA_SUCCESS) { - free(receive); - return 0; - } - - *out_params = receive; - *out_params_len = actual_received; - - return 1; // success -} - -psa_status_t psa_crypto_init(void) -{ - char mbedtls_version[18]; - uint8_t *result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - mbedtls_version_get_string_full(mbedtls_version); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - handle = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (handle < 0) { - CLIENT_PRINT("Couldn't connect %d", handle); - return PSA_ERROR_COMMUNICATION_FAILURE; - } - - int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); - - if (!ok) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); - if (!ok) { - goto fail; - } - -fail: - free(result); - - return status; -} - -void mbedtls_psa_crypto_free(void) -{ - /* Do not try to close a connection that was never started.*/ - if (handle == -1) { - return; - } - - CLIENT_PRINT("Closing handle"); - psa_close(handle); - handle = -1; -} -EOF -} - -sub debug_functions -{ - return <> 4); - p[1] = hex_digit(b & 0x0F); - - return 2; -} - -int hex_uint16(char *p, uint16_t b) -{ - hex_byte(p, b >> 8); - hex_byte(p + 2, b & 0xFF); - - return 4; -} - -char human_char(uint8_t c) -{ - return (c >= ' ' && c <= '~') ? (char)c : '.'; -} - -void dump_buffer(const uint8_t *buffer, size_t len) -{ - char line[80]; - - const uint8_t *p = buffer; - - size_t max = (len > 0xFFFF) ? 0xFFFF : len; - - for (size_t i = 0; i < max; i += 16) { - - char *q = line; - - q += hex_uint16(q, (uint16_t)i); - *q++ = ' '; - *q++ = ' '; - - size_t ll = (i + 16 > max) ? (max % 16) : 16; - - size_t j; - for (j = 0; j < ll; j++) { - q += hex_byte(q, p[i + j]); - *q++ = ' '; - } - - while (j++ < 16) { - *q++ = ' '; - *q++ = ' '; - *q++ = ' '; - } - - *q++ = ' '; - - for (j = 0; j < ll; j++) { - *q++ = human_char(p[i + j]); - } - - *q = '\\0'; - - printf("%s\\n", line); - } -} - -void hex_dump(uint8_t *p, size_t n) -{ - for (size_t i = 0; i < n; i++) { - printf("0x%02X ", p[i]); - } - printf("\\n"); -} -EOF -} - -sub output_server_wrapper -{ - my ($fh, $f, $name) = @_; - - my $ret_type = $f->{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $ret_default = $f->{return}->{default}; - - my @buffers = (); # We need to free() these on exit - - print $fh <{args}; - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - $argtype =~ s/^const //; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh <= 0) { # If we have any args (>= 0) - print $fh <= 0) { # If we have any args (>= 0) - print $fh <[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh <{is_output}, @$args); - - my $sep1 = (($ret_type eq "void") and ($#outputs < 0)) ? ";" : " +"; - - print $fh <{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - $argname =~ s/^\*//; # Remove any leading * - my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : ""; - - print $fh <{is_output}, @$args); - - for my $i (0 .. $#outputs) { - my $arg = $outputs[$i]; - die("$i: this should have been filtered out by grep") unless $arg->{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype eq "buffer") { - print $fh <{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $ret_default = $f->{return}->{default}; - - print $fh <{args}; - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - print $fh <[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - print $fh <{is_output}, @$args); - - for my $i (0 .. $#outputs) { - my $arg = $outputs[$i]; - die("$i: this should have been filtered out by grep") unless $arg->{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype eq "buffer") { - print $fh <{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $args = $f->{args}; - - if ($ret_type eq "void") { - print $fh "\n $name(\n"; - } else { - print $fh "\n $ret_name = $name(\n"; - } - - print $fh " );\n" if $#$args < 0; # If no arguments, empty arg list - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh " $n1, $n2"; - } else { - $argname =~ s/^\*/\&/; # Replace leading * with & - if ($is_server && $argtype =~ /^psa_\w+_operation_t/) { - $argname =~ s/^\&//; # Actually, for psa_XXX_operation_t, don't do this on the server side - } - print $fh " $argname"; - } - my $sep = ($i == $#$args) ? "\n );" : ","; - print $fh "$sep\n"; - } -} - -sub output_signature -{ - my ($fh, $f, $name, $what) = @_; - - my $ret_type = $f->{return}->{type}; - my $args = $f->{args}; - - my $final_sep = ($what eq "declaration") ? "\n);" : "\n )"; - - print $fh "\n$ret_type $name(\n"; - - print $fh " void\n )\n" if $#$args < 0; # No arguments - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $ctypename = $arg->{ctypename}; # e.g. "int ", "char *"; empty for buffer - my $argname = $arg->{name}; - - if ($argtype =~ /^(const )?buffer$/) { - my $const = length($1) ? "const " : ""; - my ($n1, $n2) = split(/,/, $argname); - print $fh " ${const}uint8_t *$n1, size_t $n2"; - } else { - print $fh " $ctypename$argname"; - } - my $sep = ($i == $#$args) ? $final_sep : ","; - print $fh "$sep\n"; - } -} - -sub get_functions -{ - my $header_dir = 'tf-psa-crypto/include'; - my $src = ""; - for my $header_file ('psa/crypto.h', 'psa/crypto_extra.h') { - local *HEADER; - open HEADER, '<', "$header_dir/$header_file" - or die "$header_dir/$header_file: $!"; - while (
) { - chomp; - s/\/\/.*//; - s/\s+^//; - s/\s+/ /g; - $_ .= "\n"; - $src .= $_; - } - close HEADER; - } - - $src =~ s/\/\*.*?\*\///gs; - - my @src = split(/\n+/, $src); - - my @rebuild = (); - my %funcs = (); - for (my $i = 0; $i <= $#src; $i++) { - my $line = $src[$i]; - if ($line =~ /^(static(?:\s+inline)?\s+)? - ((?:(?:enum|struct|union)\s+)?\w+\s*\**\s*)\s+ - ((?:mbedtls|psa)_\w*)\(/x) { - # begin function declaration - #print "have one $line\n"; - while ($line !~ /;/) { - $line .= $src[$i + 1]; - $i++; - } - if ($line =~ /^static/) { - # IGNORE static inline functions: they're local. - next; - } - $line =~ s/\s+/ /g; - if ($line =~ /(\w+)\s+\b(\w+)\s*\(\s*(.*\S)\s*\)\s*[;{]/s) { - my ($ret_type, $func, $args) = ($1, $2, $3); - - my $copy = $line; - $copy =~ s/{$//; - my $f = { - "orig" => $copy, - }; - - my @args = split(/\s*,\s*/, $args); - - my $ret_name = ""; - $ret_name = "status" if $ret_type eq "psa_status_t"; - $ret_name = "value" if $ret_type eq "uint32_t"; - $ret_name = "(void)" if $ret_type eq "void"; - die("ret_name for $ret_type?") unless length($ret_name); - my $ret_default = ""; - $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; - $ret_default = "0" if $ret_type eq "uint32_t"; - $ret_default = "(void)" if $ret_type eq "void"; - die("ret_default for $ret_type?") unless length($ret_default); - - #print "FUNC $func RET_NAME $ret_name RET_TYPE $ret_type ARGS (", join("; ", @args), ")\n"; - - $f->{return} = { - "type" => $ret_type, - "default" => $ret_default, - "name" => $ret_name, - }; - $f->{args} = []; - # psa_algorithm_t alg; const uint8_t *input; size_t input_length; uint8_t *hash; size_t hash_size; size_t *hash_length - for (my $i = 0; $i <= $#args; $i++) { - my $arg = $args[$i]; - # "type" => "psa_algorithm_t", - # "ctypename" => "psa_algorithm_t ", - # "name" => "alg", - # "is_output" => 0, - my ($type, $ctype, $name, $is_output); - if ($arg =~ /^(\w+)\s+(\w+)$/) { # e.g. psa_algorithm_t alg - ($type, $name) = ($1, $2); - $ctype = $type . " "; - $is_output = 0; - } elsif ($arg =~ /^((const)\s+)?uint8_t\s*\*\s*(\w+)$/) { - $type = "buffer"; - $is_output = (length($1) == 0) ? 1 : 0; - $type = "const buffer" if !$is_output; - $ctype = ""; - $name = $3; - #print("$arg: $name: might be a buffer?\n"); - die("$arg: not a buffer 1!\n") if $i == $#args; - my $next = $args[$i + 1]; - if ($func eq "psa_key_derivation_verify_bytes" && - $arg eq "const uint8_t *expected_output" && - $next eq "size_t output_length") { - $next = "size_t expected_output_length"; # doesn't follow naming convention, so override - } - die("$arg: not a buffer 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/; - $i++; # We're using the next param here - my $nname = $1; - $name .= ", " . $nname; - } elsif ($arg =~ /^((const)\s+)?(\w+)\s*\*(\w+)$/) { - ($type, $name) = ($3, "*" . $4); - $ctype = $1 . $type . " "; - $is_output = (length($1) == 0) ? 1 : 0; - } elsif ($arg eq "void") { - # we'll just ignore this one - } else { - die("ARG HELP $arg\n"); - } - #print "$arg => <$type><$ctype><$name><$is_output>\n"; - if ($arg ne "void") { - push(@{$f->{args}}, { - "type" => $type, - "ctypename" => $ctype, - "name" => $name, - "is_output" => $is_output, - }); - } - } - $funcs{$func} = $f; - } else { - die("FAILED"); - } - push(@rebuild, $line); - } elsif ($line =~ /^#/i) { - # IGNORE directive - while ($line =~ /\\$/) { - $i++; - $line = $src[$i]; - } - } elsif ($line =~ /^(?:typedef +)?(enum|struct|union)[^;]*$/) { - # IGNORE compound type definition - while ($line !~ /^\}/) { - $i++; - $line = $src[$i]; - } - } elsif ($line =~ /^typedef /i) { - # IGNORE type definition - } elsif ($line =~ / = .*;$/) { - # IGNORE assignment in inline function definition - } else { - if ($line =~ /psa_/) { - print "NOT PARSED: $line\n"; - } - push(@rebuild, $line); - } - } - - #print ::Dumper(\%funcs); - #exit; - - return %funcs; -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c deleted file mode 100644 index cd081e479..000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ /dev/null @@ -1,1729 +0,0 @@ -/** - * \file psa_sim_serialise.c - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa_sim_serialise.h" -#include "util.h" -#include -#include - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; - * but we don't get it on server builds, so redefine it here with a unique type name - */ -typedef uint32_t psasim_client_handle_t; - -typedef struct psasim_operation_s { - psasim_client_handle_t handle; -} psasim_operation_t; - -#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ - -static psa_hash_operation_t hash_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t hash_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_hash_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_hash_operation_slot(void) -{ - psasim_client_handle_t handle = next_hash_operation_handle++; - if (next_hash_operation_handle == 0) { /* wrapped around */ - FATAL("Hash operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (hash_operation_handles[i] == 0) { - hash_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (hash_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_aead_operation_t aead_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t aead_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_aead_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_aead_operation_slot(void) -{ - psasim_client_handle_t handle = next_aead_operation_handle++; - if (next_aead_operation_handle == 0) { /* wrapped around */ - FATAL("Aead operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (aead_operation_handles[i] == 0) { - aead_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (aead_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_mac_operation_t mac_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t mac_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_mac_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_mac_operation_slot(void) -{ - psasim_client_handle_t handle = next_mac_operation_handle++; - if (next_mac_operation_handle == 0) { /* wrapped around */ - FATAL("Mac operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (mac_operation_handles[i] == 0) { - mac_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (mac_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_cipher_operation_t cipher_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t cipher_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_cipher_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_cipher_operation_slot(void) -{ - psasim_client_handle_t handle = next_cipher_operation_handle++; - if (next_cipher_operation_handle == 0) { /* wrapped around */ - FATAL("Cipher operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (cipher_operation_handles[i] == 0) { - cipher_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (cipher_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_key_derivation_operation_t key_derivation_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t key_derivation_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_key_derivation_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_key_derivation_operation_slot(void) -{ - psasim_client_handle_t handle = next_key_derivation_operation_handle++; - if (next_key_derivation_operation_handle == 0) { /* wrapped around */ - FATAL("Key_derivation operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (key_derivation_operation_handles[i] == 0) { - key_derivation_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (key_derivation_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t sign_hash_interruptible_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_sign_hash_interruptible_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_sign_hash_interruptible_operation_slot(void) -{ - psasim_client_handle_t handle = next_sign_hash_interruptible_operation_handle++; - if (next_sign_hash_interruptible_operation_handle == 0) { /* wrapped around */ - FATAL("Sign_hash_interruptible operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (sign_hash_interruptible_operation_handles[i] == 0) { - sign_hash_interruptible_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_sign_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (sign_hash_interruptible_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t verify_hash_interruptible_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_verify_hash_interruptible_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_verify_hash_interruptible_operation_slot(void) -{ - psasim_client_handle_t handle = next_verify_hash_interruptible_operation_handle++; - if (next_verify_hash_interruptible_operation_handle == 0) { /* wrapped around */ - FATAL("Verify_hash_interruptible operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (verify_hash_interruptible_operation_handles[i] == 0) { - verify_hash_interruptible_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_verify_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (verify_hash_interruptible_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -size_t psasim_serialise_begin_needs(void) -{ - /* The serialisation buffer will - * start with a byte of 0 to indicate version 0, - * then have 1 byte each for length of int, long, void *, - * then have 4 bytes to indicate endianness. */ - return 4 + sizeof(uint32_t); -} - -int psasim_serialise_begin(uint8_t **pos, size_t *remaining) -{ - uint32_t endian = 0x1234; - - if (*remaining < 4 + sizeof(endian)) { - return 0; - } - - *(*pos)++ = 0; /* version */ - *(*pos)++ = (uint8_t) sizeof(int); - *(*pos)++ = (uint8_t) sizeof(long); - *(*pos)++ = (uint8_t) sizeof(void *); - - memcpy(*pos, &endian, sizeof(endian)); - - *pos += sizeof(endian); - - return 1; -} - -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) -{ - uint8_t version = 255; - uint8_t int_size = 0; - uint8_t long_size = 0; - uint8_t ptr_size = 0; - uint32_t endian; - - if (*remaining < 4 + sizeof(endian)) { - return 0; - } - - memcpy(&version, (*pos)++, sizeof(version)); - if (version != 0) { - return 0; - } - - memcpy(&int_size, (*pos)++, sizeof(int_size)); - if (int_size != sizeof(int)) { - return 0; - } - - memcpy(&long_size, (*pos)++, sizeof(long_size)); - if (long_size != sizeof(long)) { - return 0; - } - - memcpy(&ptr_size, (*pos)++, sizeof(ptr_size)); - if (ptr_size != sizeof(void *)) { - return 0; - } - - *remaining -= 4; - - memcpy(&endian, *pos, sizeof(endian)); - if (endian != 0x1234) { - return 0; - } - - *pos += sizeof(endian); - *remaining -= sizeof(endian); - - return 1; -} - -size_t psasim_serialise_unsigned_int_needs( - unsigned int value) -{ - return sizeof(value); -} - -int psasim_serialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_int_needs( - int value) -{ - return sizeof(value); -} - -int psasim_serialise_int(uint8_t **pos, - size_t *remaining, - int value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_int(uint8_t **pos, - size_t *remaining, - int *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_size_t_needs( - size_t value) -{ - return sizeof(value); -} - -int psasim_serialise_size_t(uint8_t **pos, - size_t *remaining, - size_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_size_t(uint8_t **pos, - size_t *remaining, - size_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint16_t_needs( - uint16_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint32_t_needs( - uint32_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint64_t_needs( - uint64_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size) -{ - (void) buffer; - return sizeof(buffer_size) + buffer_size; -} - -int psasim_serialise_buffer(uint8_t **pos, - size_t *remaining, - const uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length) + buffer_length) { - return 0; - } - - memcpy(*pos, &buffer_length, sizeof(buffer_length)); - *pos += sizeof(buffer_length); - - if (buffer_length > 0) { // To be able to serialise (NULL, 0) - memcpy(*pos, buffer, buffer_length); - *pos += buffer_length; - } - - return 1; -} - -int psasim_deserialise_buffer(uint8_t **pos, - size_t *remaining, - uint8_t **buffer, - size_t *buffer_length) -{ - if (*remaining < sizeof(*buffer_length)) { - return 0; - } - - memcpy(buffer_length, *pos, sizeof(*buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (*buffer_length == 0) { // Deserialise (NULL, 0) - *buffer = NULL; - return 1; - } - - if (*remaining < *buffer_length) { - return 0; - } - - uint8_t *data = malloc(*buffer_length); - if (data == NULL) { - return 0; - } - - memcpy(data, *pos, *buffer_length); - *pos += *buffer_length; - *remaining -= *buffer_length; - - *buffer = data; - - return 1; -} - -/* When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. */ -int psasim_deserialise_return_buffer(uint8_t **pos, - size_t *remaining, - uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length)) { - return 0; - } - - size_t length_check; - - memcpy(&length_check, *pos, sizeof(buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server - return 0; - } - - if (length_check == 0) { // Deserialise (NULL, 0) - return 1; - } - - if (*remaining < buffer_length) { - return 0; - } - - memcpy(buffer, *pos, buffer_length); - *pos += buffer_length; - *remaining -= buffer_length; - - return 1; -} - -size_t psasim_serialise_psa_custom_key_parameters_t_needs( - psa_custom_key_parameters_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_status_t_needs( - psa_status_t value) -{ - return psasim_serialise_int_needs(value); -} - -int psasim_serialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t value) -{ - return psasim_serialise_int(pos, remaining, value); -} - -int psasim_deserialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t *value) -{ - return psasim_deserialise_int(pos, remaining, value); -} - -size_t psasim_serialise_psa_algorithm_t_needs( - psa_algorithm_t value) -{ - return psasim_serialise_unsigned_int_needs(value); -} - -int psasim_serialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t value) -{ - return psasim_serialise_unsigned_int(pos, remaining, value); -} - -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t *value) -{ - return psasim_deserialise_unsigned_int(pos, remaining, value); -} - -size_t psasim_serialise_psa_key_derivation_step_t_needs( - psa_key_derivation_step_t value) -{ - return psasim_serialise_uint16_t_needs(value); -} - -int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t value) -{ - return psasim_serialise_uint16_t(pos, remaining, value); -} - -int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t *value) -{ - return psasim_deserialise_uint16_t(pos, remaining, value); -} - -size_t psasim_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - hash_operations; - - if (completed) { - memset(&hash_operations[slot], - 0, - sizeof(psa_hash_operation_t)); - hash_operation_handles[slot] = 0; - } - - client_operation.handle = hash_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_hash_operation_slot(); - } else { - slot = find_hash_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &hash_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - aead_operations; - - if (completed) { - memset(&aead_operations[slot], - 0, - sizeof(psa_aead_operation_t)); - aead_operation_handles[slot] = 0; - } - - client_operation.handle = aead_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_aead_operation_slot(); - } else { - slot = find_aead_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &aead_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_key_attributes_t_needs( - psa_key_attributes_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - mac_operations; - - if (completed) { - memset(&mac_operations[slot], - 0, - sizeof(psa_mac_operation_t)); - mac_operation_handles[slot] = 0; - } - - client_operation.handle = mac_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_mac_operation_slot(); - } else { - slot = find_mac_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &mac_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - cipher_operations; - - if (completed) { - memset(&cipher_operations[slot], - 0, - sizeof(psa_cipher_operation_t)); - cipher_operation_handles[slot] = 0; - } - - client_operation.handle = cipher_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_cipher_operation_slot(); - } else { - slot = find_cipher_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &cipher_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - key_derivation_operations; - - if (completed) { - memset(&key_derivation_operations[slot], - 0, - sizeof(psa_key_derivation_operation_t)); - key_derivation_operation_handles[slot] = 0; - } - - client_operation.handle = key_derivation_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_key_derivation_operation_slot(); - } else { - slot = find_key_derivation_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &key_derivation_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - sign_hash_interruptible_operations; - - if (completed) { - memset(&sign_hash_interruptible_operations[slot], - 0, - sizeof(psa_sign_hash_interruptible_operation_t)); - sign_hash_interruptible_operation_handles[slot] = 0; - } - - client_operation.handle = sign_hash_interruptible_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_sign_hash_interruptible_operation_slot(); - } else { - slot = find_sign_hash_interruptible_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &sign_hash_interruptible_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - verify_hash_interruptible_operations; - - if (completed) { - memset(&verify_hash_interruptible_operations[slot], - 0, - sizeof(psa_verify_hash_interruptible_operation_t)); - verify_hash_interruptible_operation_handles[slot] = 0; - } - - client_operation.handle = verify_hash_interruptible_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_verify_hash_interruptible_operation_slot(); - } else { - slot = find_verify_hash_interruptible_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &verify_hash_interruptible_operations[slot]; - - return 1; -} - -size_t psasim_serialise_mbedtls_svc_key_id_t_needs( - mbedtls_svc_key_id_t value) -{ - return sizeof(value); -} - -int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_key_agreement_iop_t_needs( - psa_key_agreement_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_generate_key_iop_t_needs( - psa_generate_key_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -void psa_sim_serialize_reset(void) -{ - memset(hash_operation_handles, 0, - sizeof(hash_operation_handles)); - memset(hash_operations, 0, - sizeof(hash_operations)); - memset(aead_operation_handles, 0, - sizeof(aead_operation_handles)); - memset(aead_operations, 0, - sizeof(aead_operations)); - memset(mac_operation_handles, 0, - sizeof(mac_operation_handles)); - memset(mac_operations, 0, - sizeof(mac_operations)); - memset(cipher_operation_handles, 0, - sizeof(cipher_operation_handles)); - memset(cipher_operations, 0, - sizeof(cipher_operations)); - memset(key_derivation_operation_handles, 0, - sizeof(key_derivation_operation_handles)); - memset(key_derivation_operations, 0, - sizeof(key_derivation_operations)); - memset(sign_hash_interruptible_operation_handles, 0, - sizeof(sign_hash_interruptible_operation_handles)); - memset(sign_hash_interruptible_operations, 0, - sizeof(sign_hash_interruptible_operations)); - memset(verify_hash_interruptible_operation_handles, 0, - sizeof(verify_hash_interruptible_operation_handles)); - memset(verify_hash_interruptible_operations, 0, - sizeof(verify_hash_interruptible_operations)); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h deleted file mode 100644 index a224d8258..000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ /dev/null @@ -1,1389 +0,0 @@ -/** - * \file psa_sim_serialise.h - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#include "psa/crypto.h" -#include "psa/crypto_types.h" -#include "psa/crypto_values.h" - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/** Reset all operation slots. - * - * Should be called when all clients have disconnected. - */ -void psa_sim_serialize_reset(void); - -/** Return how much buffer space is needed by \c psasim_serialise_begin(). - * - * \return The number of bytes needed in the buffer for - * \c psasim_serialise_begin()'s output. - */ -size_t psasim_serialise_begin_needs(void); - -/** Begin serialisation into a buffer. - * - * This must be the first serialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error (likely - * no space). - */ -int psasim_serialise_begin(uint8_t **pos, size_t *remaining); - -/** Begin deserialisation of a buffer. - * - * This must be the first deserialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); - -/** Return how much buffer space is needed by \c psasim_serialise_unsigned_int() - * to serialise an `unsigned int`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_unsigned_int() to serialise - * the given value. - */ -size_t psasim_serialise_unsigned_int_needs( - unsigned int value); - -/** Serialise an `unsigned int` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int value); - -/** Deserialise an `unsigned int` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `unsigned int` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int *value); - -/** Return how much buffer space is needed by \c psasim_serialise_int() - * to serialise an `int`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_int() to serialise - * the given value. - */ -size_t psasim_serialise_int_needs( - int value); - -/** Serialise an `int` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_int(uint8_t **pos, - size_t *remaining, - int value); - -/** Deserialise an `int` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `int` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_int(uint8_t **pos, - size_t *remaining, - int *value); - -/** Return how much buffer space is needed by \c psasim_serialise_size_t() - * to serialise a `size_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_size_t() to serialise - * the given value. - */ -size_t psasim_serialise_size_t_needs( - size_t value); - -/** Serialise a `size_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_size_t(uint8_t **pos, - size_t *remaining, - size_t value); - -/** Deserialise a `size_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `size_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_size_t(uint8_t **pos, - size_t *remaining, - size_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint16_t() - * to serialise an `uint16_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint16_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint16_t_needs( - uint16_t value); - -/** Serialise an `uint16_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t value); - -/** Deserialise an `uint16_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint16_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint32_t() - * to serialise an `uint32_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint32_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint32_t_needs( - uint32_t value); - -/** Serialise an `uint32_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t value); - -/** Deserialise an `uint32_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint32_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint64_t() - * to serialise an `uint64_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint64_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint64_t_needs( - uint64_t value); - -/** Serialise an `uint64_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t value); - -/** Deserialise an `uint64_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint64_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t *value); - -/** Return how much space is needed by \c psasim_serialise_buffer() - * to serialise a buffer: a (`uint8_t *`, `size_t`) pair. - * - * \param buffer Pointer to the buffer to be serialised - * (needed in case some serialisations are value- - * dependent). - * \param buffer_size Number of bytes in the buffer to be serialised. - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_buffer() to serialise - * the specified buffer. - */ -size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size); - -/** Serialise a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param buffer Pointer to the buffer to be serialised. - * \param buffer_length Number of bytes in the buffer to be serialised. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_buffer(uint8_t **pos, size_t *remaining, - const uint8_t *buffer, size_t buffer_length); - -/** Deserialise a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the serialisation buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the serialisation buffer. - * \param buffer Pointer to a `uint8_t *` to receive the address - * of a newly-allocated buffer, which the caller - * must `free()`. - * \param buffer_length Pointer to a `size_t` to receive the number of - * bytes in the deserialised buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining, - uint8_t **buffer, size_t *buffer_length); - -/** Deserialise a buffer returned from the server. - * - * When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the serialisation buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the serialisation buffer. - * \param buffer Pointer to a `uint8_t *` to receive the address - * of a newly-allocated buffer, which the caller - * must `free()`. - * \param buffer_length Pointer to a `size_t` to receive the number of - * bytes in the deserialised buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining, - uint8_t *buffer, size_t buffer_length); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_custom_key_parameters_t() - * to serialise a `psa_custom_key_parameters_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_custom_key_parameters_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_custom_key_parameters_t_needs( - psa_custom_key_parameters_t value); - -/** Serialise a `psa_custom_key_parameters_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t value); - -/** Deserialise a `psa_custom_key_parameters_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_custom_key_parameters_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t() - * to serialise a `psa_status_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_status_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_status_t_needs( - psa_status_t value); - -/** Serialise a `psa_status_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t value); - -/** Deserialise a `psa_status_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_status_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_algorithm_t() - * to serialise a `psa_algorithm_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_algorithm_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_algorithm_t_needs( - psa_algorithm_t value); - -/** Serialise a `psa_algorithm_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t value); - -/** Deserialise a `psa_algorithm_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_algorithm_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_step_t() - * to serialise a `psa_key_derivation_step_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_step_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_derivation_step_t_needs( - psa_key_derivation_step_t value); - -/** Serialise a `psa_key_derivation_step_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t value); - -/** Deserialise a `psa_key_derivation_step_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_step_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t() - * to serialise a `psa_hash_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_hash_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t value); - -/** Serialise a `psa_hash_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t value); - -/** Deserialise a `psa_hash_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_hash_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_hash_operation_t() - * to serialise a `psa_hash_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_hash_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t *value); - -/** Serialise a `psa_hash_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value, - int completed); - -/** Deserialise a `psa_hash_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_hash_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_aead_operation_t() - * to serialise a `psa_aead_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_aead_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t value); - -/** Serialise a `psa_aead_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t value); - -/** Deserialise a `psa_aead_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_aead_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_aead_operation_t() - * to serialise a `psa_aead_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_aead_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t *value); - -/** Serialise a `psa_aead_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value, - int completed); - -/** Deserialise a `psa_aead_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_aead_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_attributes_t() - * to serialise a `psa_key_attributes_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_attributes_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_attributes_t_needs( - psa_key_attributes_t value); - -/** Serialise a `psa_key_attributes_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t value); - -/** Deserialise a `psa_key_attributes_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_attributes_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_mac_operation_t() - * to serialise a `psa_mac_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_mac_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t value); - -/** Serialise a `psa_mac_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t value); - -/** Deserialise a `psa_mac_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_mac_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_mac_operation_t() - * to serialise a `psa_mac_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_mac_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t *value); - -/** Serialise a `psa_mac_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value, - int completed); - -/** Deserialise a `psa_mac_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_mac_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t() - * to serialise a `psa_cipher_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_cipher_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t value); - -/** Serialise a `psa_cipher_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t value); - -/** Deserialise a `psa_cipher_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_cipher_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t() - * to serialise a `psa_cipher_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_cipher_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t *value); - -/** Serialise a `psa_cipher_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value, - int completed); - -/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_cipher_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_operation_t() - * to serialise a `psa_key_derivation_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t value); - -/** Serialise a `psa_key_derivation_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t value); - -/** Deserialise a `psa_key_derivation_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_key_derivation_operation_t() - * to serialise a `psa_key_derivation_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t *value); - -/** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value, - int completed); - -/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_sign_hash_interruptible_operation_t() - * to serialise a `psa_sign_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t value); - -/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t value); - -/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_sign_hash_interruptible_operation_t() - * to serialise a `psa_sign_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t *value); - -/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value, - int completed); - -/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_verify_hash_interruptible_operation_t() - * to serialise a `psa_verify_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t value); - -/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t value); - -/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_verify_hash_interruptible_operation_t() - * to serialise a `psa_verify_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t *value); - -/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value, - int completed); - -/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() - * to serialise a `mbedtls_svc_key_id_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_mbedtls_svc_key_id_t() to serialise - * the given value. - */ -size_t psasim_serialise_mbedtls_svc_key_id_t_needs( - mbedtls_svc_key_id_t value); - -/** Serialise a `mbedtls_svc_key_id_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t value); - -/** Deserialise a `mbedtls_svc_key_id_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `mbedtls_svc_key_id_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_agreement_iop_t() - * to serialise a `psa_key_agreement_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_agreement_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_agreement_iop_t_needs( - psa_key_agreement_iop_t value); - -/** Serialise a `psa_key_agreement_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t value); - -/** Deserialise a `psa_key_agreement_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_agreement_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_generate_key_iop_t() - * to serialise a `psa_generate_key_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_generate_key_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_generate_key_iop_t_needs( - psa_generate_key_iop_t value); - -/** Serialise a `psa_generate_key_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t value); - -/** Deserialise a `psa_generate_key_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_generate_key_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl deleted file mode 100755 index 0dba81e1e..000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ /dev/null @@ -1,1047 +0,0 @@ -#!/usr/bin/env perl -# -# psa_sim_serialise.pl - Sample Perl script to show how many serialisation -# functions can be created by templated scripting. -# -# This is an example only, and is expected to be replaced by a Python script -# for production use. It is not hooked into the build: it needs to be run -# manually: -# -# perl psa_sim_serialise.pl h > psa_sim_serialise.h -# perl psa_sim_serialise.pl c > psa_sim_serialise.c -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -use strict; - -my $usage = "$0: usage: $0 c|h\n"; -my $which = lc(shift) || die($usage); -die($usage) unless $which eq "c" || $which eq "h"; - -# Most types are serialised as a fixed-size (per type) octet string, with -# no type indication. This is acceptable as (a) this is for the test PSA crypto -# simulator only, not production, and (b) these functions are called by -# code that itself is written by script. -# -# We also want to keep serialised data reasonably compact as communication -# between client and server goes in messages of less than 200 bytes each. -# -# This script is able to create serialisation functions for plain old C data -# types (e.g. unsigned int), types typedef'd to those, and even structures -# that don't contain pointers. -# -# Structures that contain pointers will need to have their serialisation and -# deserialisation functions written manually (like those for the "buffer" type -# are). -# -my @types = qw(unsigned-int int size_t - uint16_t uint32_t uint64_t - buffer - psa_custom_key_parameters_t - psa_status_t psa_algorithm_t psa_key_derivation_step_t - psa_hash_operation_t - psa_aead_operation_t - psa_key_attributes_t - psa_mac_operation_t - psa_cipher_operation_t - psa_key_derivation_operation_t - psa_sign_hash_interruptible_operation_t - psa_verify_hash_interruptible_operation_t - mbedtls_svc_key_id_t - psa_key_agreement_iop_t - sa_generate_key_iop_t); - -grep(s/-/ /g, @types); - -# IS-A: Some data types are typedef'd; we serialise them as the other type -my %isa = ( - "psa_status_t" => "int", - "psa_algorithm_t" => "unsigned int", - "psa_key_derivation_step_t" => "uint16_t", -); - -if ($which eq "h") { - - print h_header(); - - for my $type (@types) { - if ($type eq "buffer") { - print declare_buffer_functions(); - } else { - print declare_needs($type, ""); - print declare_serialise($type, ""); - print declare_deserialise($type, ""); - - if ($type =~ /^psa_\w+_operation_t$/) { - print declare_needs($type, "server_"); - print declare_serialise($type, "server_"); - print declare_deserialise($type, "server_"); - } - } - } - -} elsif ($which eq "c") { - - my $have_operation_types = (grep(/psa_\w+_operation_t/, @types)) ? 1 : 0; - - print c_header(); - print c_define_types_for_operation_types() if $have_operation_types; - - for my $type (@types) { - next unless $type =~ /^psa_(\w+)_operation_t$/; - print define_operation_type_data_and_functions($1); - } - - print c_define_begins(); - - for my $type (@types) { - if ($type eq "buffer") { - print define_buffer_functions(); - } elsif (exists($isa{$type})) { - print define_needs_isa($type, $isa{$type}); - print define_serialise_isa($type, $isa{$type}); - print define_deserialise_isa($type, $isa{$type}); - } else { - print define_needs($type); - print define_serialise($type); - print define_deserialise($type); - - if ($type =~ /^psa_\w+_operation_t$/) { - print define_server_needs($type); - print define_server_serialise($type); - print define_server_deserialise($type); - } - } - } - - print define_server_serialize_reset(@types); -} else { - die("internal error - shouldn't happen"); -} - -sub declare_needs -{ - my ($type, $server) = @_; - - my $an = ($type =~ /^[ui]/) ? "an" : "a"; - my $type_d = $type; - $type_d =~ s/ /_/g; - - my $ptr = (length($server)) ? "*" : ""; - - return < -#include - -#include "psa/crypto.h" -#include "psa/crypto_types.h" -#include "psa/crypto_values.h" - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/** Reset all operation slots. - * - * Should be called when all clients have disconnected. - */ -void psa_sim_serialize_reset(void); - -/** Return how much buffer space is needed by \c psasim_serialise_begin(). - * - * \return The number of bytes needed in the buffer for - * \c psasim_serialise_begin()'s output. - */ -size_t psasim_serialise_begin_needs(void); - -/** Begin serialisation into a buffer. - * - * This must be the first serialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error (likely - * no space). - */ -int psasim_serialise_begin(uint8_t **pos, size_t *remaining); - -/** Begin deserialisation of a buffer. - * - * This must be the first deserialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); -EOF -} - -sub define_needs -{ - my ($type) = @_; - - my $type_d = $type; - $type_d =~ s/ /_/g; - - return < 0) { // To be able to serialise (NULL, 0) - memcpy(*pos, buffer, buffer_length); - *pos += buffer_length; - } - - return 1; -} - -int psasim_deserialise_buffer(uint8_t **pos, - size_t *remaining, - uint8_t **buffer, - size_t *buffer_length) -{ - if (*remaining < sizeof(*buffer_length)) { - return 0; - } - - memcpy(buffer_length, *pos, sizeof(*buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (*buffer_length == 0) { // Deserialise (NULL, 0) - *buffer = NULL; - return 1; - } - - if (*remaining < *buffer_length) { - return 0; - } - - uint8_t *data = malloc(*buffer_length); - if (data == NULL) { - return 0; - } - - memcpy(data, *pos, *buffer_length); - *pos += *buffer_length; - *remaining -= *buffer_length; - - *buffer = data; - - return 1; -} - -/* When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. */ -int psasim_deserialise_return_buffer(uint8_t **pos, - size_t *remaining, - uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length)) { - return 0; - } - - size_t length_check; - - memcpy(&length_check, *pos, sizeof(buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server - return 0; - } - - if (length_check == 0) { // Deserialise (NULL, 0) - return 1; - } - - if (*remaining < buffer_length) { - return 0; - } - - memcpy(buffer, *pos, buffer_length); - *pos += buffer_length; - *remaining -= buffer_length; - - return 1; -} -EOF -} - - -sub c_header -{ - return <<'EOF'; -/** - * \file psa_sim_serialise.c - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa_sim_serialise.h" -#include "util.h" -#include -#include - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ -EOF -} - -sub c_define_types_for_operation_types -{ - return <<'EOF'; - -/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; - * but we don't get it on server builds, so redefine it here with a unique type name - */ -typedef uint32_t psasim_client_handle_t; - -typedef struct psasim_operation_s { - psasim_client_handle_t handle; -} psasim_operation_t; - -#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ -EOF -} - -sub define_operation_type_data_and_functions -{ - my ($type) = @_; # e.g. 'hash' rather than 'psa_hash_operation_t' - - my $utype = ucfirst($type); - - return < $#code; - - # Find where the ( is - my $idx = index($code[$i], "("); - die("can't find (") if $idx < 0; - - my $indent = " " x ($idx + 1); - do { - # Indent each line up until the one with the ; on it - $code[++$i] =~ s/^\s+/$indent/; - } while ($code[$i] !~ /;/); - - return join("\n", @code) . "\n"; -} diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c deleted file mode 100644 index 44939f1c2..000000000 --- a/tests/psa-client-server/psasim/src/server.c +++ /dev/null @@ -1,118 +0,0 @@ -/* psasim test server */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include "service.h" -#include "error_ext.h" -#include "util.h" -#include "psa_manifest/manifest.h" -#include "psa_functions_codes.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#ifdef DEBUG -#define SERVER_PRINT(fmt, ...) \ - PRINT("Server: " fmt, ##__VA_ARGS__) -#else -#define SERVER_PRINT(...) -#endif - -#define BUF_SIZE 25 - -static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */ - -void parse_input_args(int argc, char *argv[]) -{ - int opt; - - while ((opt = getopt(argc, argv, "k")) != -1) { - switch (opt) { - case 'k': - kill_on_disconnect = 1; - break; - default: - fprintf(stderr, "Usage: %s [-k]\n", argv[0]); - exit(EXIT_FAILURE); - } - } -} - -int psa_server_main(int argc, char *argv[]) -{ - psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR; - psa_msg_t msg = { -1 }; - const int magic_num = 66; - int client_disconnected = 0; - extern psa_status_t psa_crypto_call(psa_msg_t msg); - extern psa_status_t psa_crypto_close(void); - -#if defined(MBEDTLS_VERSION_C) - char mbedtls_version[18]; - mbedtls_version_get_string_full(mbedtls_version); - SERVER_PRINT("%s", mbedtls_version); -#endif - - parse_input_args(argc, argv); - SERVER_PRINT("Starting"); - - while (!(kill_on_disconnect && client_disconnected)) { - psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); - - if (signals > 0) { - SERVER_PRINT("Signals: 0x%08x", signals); - } - - if (signals & PSA_CRYPTO_SIGNAL) { - if (PSA_SUCCESS == psa_get(PSA_CRYPTO_SIGNAL, &msg)) { - SERVER_PRINT("handle: %d - rhandle: %p", msg.handle, (int *) msg.rhandle); - switch (msg.type) { - case PSA_IPC_CONNECT: - SERVER_PRINT("Got a connection message"); - psa_set_rhandle(msg.handle, (void *) &magic_num); - ret = PSA_SUCCESS; - break; - case PSA_IPC_DISCONNECT: - SERVER_PRINT("Got a disconnection message"); - ret = PSA_SUCCESS; - client_disconnected = 1; - psa_crypto_close(); - break; - default: - SERVER_PRINT("Got an IPC call of type %d", msg.type); - ret = psa_crypto_call(msg); - SERVER_PRINT("Internal function call returned %d", ret); - - if (msg.client_id > 0) { - psa_notify(msg.client_id); - } else { - SERVER_PRINT("Client is non-secure, so won't notify"); - } - } - - psa_reply(msg.handle, ret); - } else { - SERVER_PRINT("Failed to retrieve message"); - } - } else if (SIGSTP_SIG & signals) { - SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it."); - psa_eoi(SIGSTP_SIG); - } else if (SIGINT_SIG & signals) { - SERVER_PRINT("Handling interrupt!"); - SERVER_PRINT("Gracefully quitting"); - psa_panic(); - } else { - SERVER_PRINT("No signal asserted"); - } - } - - return 0; -} diff --git a/tests/psa-client-server/psasim/test/kill_servers.sh b/tests/psa-client-server/psasim/test/kill_servers.sh deleted file mode 100755 index d72263791..000000000 --- a/tests/psa-client-server/psasim/test/kill_servers.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -e - -pkill psa_server || true - -# Remove temporary files -rm -f psa_notify_* - -# Remove all IPCs -# Not just ipcrm -all=msg as it is not supported on macOS. -# Filter out header and empty lines, choosing to select based on keys being -# output in hex. -ipcs -q | fgrep 0x | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh deleted file mode 100755 index f54e35253..000000000 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This is a simple bash script that tests psa_client/psa_server interaction. -# This script is automatically executed when "make run" is launched by the -# "psasim" root folder. The script can also be launched manually once -# binary files are built (i.e. after "make test" is executed from the "psasim" -# root folder). - -set -e - -cd "$(dirname "$0")" - -CLIENT_BIN=$1 -shift - -./kill_servers.sh - -./start_server.sh -./$CLIENT_BIN "$@" - -./kill_servers.sh diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh deleted file mode 100755 index ef1143977..000000000 --- a/tests/psa-client-server/psasim/test/start_server.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -e - -# The server creates some local files when it starts up so we can wait for this -# event as signal that the server is ready so that we can start client(s). -function wait_for_server_startup() { - while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do - sleep 0.1 - done -} - -$(dirname "$0")/psa_server & -wait_for_server_startup diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py deleted file mode 100755 index fbc98060f..000000000 --- a/tests/psa-client-server/psasim/tools/psa_autogen.py +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/env python3 -"""This hacky script generates a partition from a manifest file""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import json -import os -import sys -from os import listdir - -if len(sys.argv) != 2: - print("Usage: psa_autogen ") - sys.exit(1) - -FILENAME = str(sys.argv[1]) - -SCRIPT_PATH = os.path.dirname(__file__) -GENERATED_H_PATH = os.path.join(SCRIPT_PATH, "..", "include", "psa_manifest") -GENERATED_C_PATH = os.path.join(SCRIPT_PATH, "..", "src") - -MANIFEST_FILE = os.path.join(GENERATED_H_PATH, "manifest.h") -PID_FILE = os.path.join(GENERATED_H_PATH, "pid.h") -SID_FILE = os.path.join(GENERATED_H_PATH, "sid.h") - -with open(str(FILENAME), "r") as read_file: - data = json.load(read_file) - FILENAME = os.path.basename(FILENAME) - FILENAME = FILENAME.split('.')[0] - print("Base filename is " + str(FILENAME)) - - if str(data['psa_framework_version'] == "1.0"): - entry_point = str(data['entry_point']) - partition_name = str(data['name']) - services = data['services'] - try: - irqs = data['irqs'] - except KeyError: - irqs = [] - - try: - os.mkdir(GENERATED_H_PATH) - print("Generating psa_manifest directory") - except OSError: - print("PSA manifest directory already exists") - - manifest_content = [] - pids_content = [] - sids_content = [] - - if len(services) > 28: - print ("Unsupported number of services") - - count = 4 # For creating SID array - nsacl = "const int ns_allowed[32] = { " - policy = "const int strict_policy[32] = { " - qcode = "const char *psa_queues[] = { " - versions = "const uint32_t versions[32] = { " - queue_path = "psa_service_" - start = False - - for x in range(0, count): - qcode = qcode + "\"\", " - nsacl = nsacl + "0, " - policy = policy + "0, " - versions = versions + "0, " - - # Go through all the services to make sid.h and pid.h - for svc in services: - manifest_content.append("#define {}_SIGNAL 0x{:08x}".format(svc['signal'], 2**count)) - sids_content.append("#define {}_SID {}".format(svc['name'], svc['sid'])) - qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\"," - ns_clients = svc['non_secure_clients'] - print(str(svc)) - if ns_clients == "true": - nsacl = nsacl + "1, " - else: - nsacl = nsacl + "0, " - try: - versions = versions + str(svc['minor_version']) + ", " - except KeyError: - versions = versions + "1, " - - strict = 0 - try: - if str(svc['minor_policy']).lower() == "strict": - strict = 1 - policy = policy + "1, " - else: - policy = policy + "0, " - except KeyError: - strict = 0 - policy = policy + "0, " - - count = count+1 - - sigcode = "" - handlercode = "void __sig_handler(int signo) {\n" - irqcount = count - for irq in irqs: - manifest_content.append("#define {} 0x{:08x}".format(irq['signal'], 2**irqcount)) - sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source']) - handlercode = handlercode + \ - " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount) - irqcount = irqcount+1 - - handlercode = handlercode + "}\n" - - while (count < 32): - qcode = qcode + "\"\", " - nsacl = nsacl + "0, " - versions = versions + "0, " - policy = policy + "0, " - count = count + 1 - - qcode = qcode + "};\n" - nsacl = nsacl + "};\n" - versions = versions + "};\n" - policy = policy + "};\n" - - with open(MANIFEST_FILE, "wt") as output: - output.write("\n".join(manifest_content)) - with open(SID_FILE, "wt") as output: - output.write("\n".join(sids_content)) - with open(PID_FILE, "wt") as output: - output.write("\n".join(pids_content)) - - symbols = [] - - # Go through source files and look for the entrypoint - for root, directories, filenames in os.walk(GENERATED_C_PATH): - for filename in filenames: - if "psa_ff_bootstrap" in filename or filename == "psa_manifest": - continue - try: - fullpath = os.path.join(root,filename) - with open(fullpath, encoding='utf-8') as currentFile: - text = currentFile.read() - if str(entry_point + "(") in text: - symbols.append(filename) - except IOError: - print("Couldn't open " + filename) - except UnicodeDecodeError: - pass - - print(str("Number of entrypoints detected: " + str(len(symbols)))) - if len(symbols) < 1: - print("Couldn't find function " + entry_point) - sys.exit(1) - elif len(symbols) > 1: - print("Duplicate entrypoint symbol detected: " + str(symbols)) - sys.exit(2) - else: - C_FILENAME = os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c") - c_content = [] - c_content.append("#include ") - c_content.append("#include \"" + symbols[0] + "\"") - c_content.append("#include ") - c_content.append(qcode) - c_content.append(nsacl) - c_content.append(policy) - c_content.append(versions) - c_content.append(handlercode) - c_content.append("int main(int argc, char *argv[]) {") - c_content.append(" (void) argc;") - c_content.append(sigcode) - c_content.append(" __init_psasim(psa_queues, 32, ns_allowed, versions," - "strict_policy);") - c_content.append(" " + entry_point + "(argc, argv);") - c_content.append("}") - with open(C_FILENAME, "wt") as output: - output.write("\n".join(c_content)) - - print("Success") diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh deleted file mode 100755 index b1261bfc1..000000000 --- a/tests/scripts/all.sh +++ /dev/null @@ -1,112 +0,0 @@ -#! /usr/bin/env bash - -# all.sh (transitional wrapper) -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This is a transitional wrapper that's only meant for the CI. -# Developers should directly invoke on or two of: -# - tests/scripts/mbedtls-all.sh ... -# - (cd tf-psa-crypto && tests/scripts/all.sh ...) -# -# During the transition, it's illegal for a tf-psa-crypto component to have -# the same name as an mbedtls components; since this wrapper handles both -# sides at once, component names need to be globally unique. Once the -# transition period is over, unicity on each side will be enough. -# -# For context, here are the steps of the transition: -# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly -# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto -# doesn't have its own CI initially and runs Mbed TLS's instead.) -# 2. We move all relevant components to tf-psa-crypto so that it gets the level of -# coverage we want. We need to make sure the new names are unique. -# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running -# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and -# running its all.sh. (In two steps: (a) add the new job, (b) remove the old -# one.) -# 4. We remove the transitional wrapper in mbedtls and we're now free to rename -# tf-psa-crypto components as we want. If we followed a consistent naming -# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh. - -# This script must be invoked from the project's root. - -# There are exactly 4 ways this is invoked in the CI: -# 1. tests/scripts/all.sh --help -# 2. tests/scripts/all.sh --list-all-components -# 3. tests/scripts/all.sh --list-components -# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name -# This wrapper does not support other invocations. - -set -eu - -# Cases 1-3 -if [ "$#" -eq 1 ]; then - if [ "$1" = '--help' ]; then - # It doesn't matter which one we use, they're the same - tests/scripts/mbedtls-all.sh "$1" - exit 0 - fi - if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then - # Invoke both - tests/scripts/mbedtls-all.sh "$1" - (cd tf-psa-crypto && tests/scripts/all.sh "$1") - exit 0 - fi -fi - -if [ "$#" -ne 4 -o "${1:-unset}" != '--seed' -o "${3:-unset}" != '--keep-going' ]; then - echo "This invocation is not supported by the transitional wrapper." >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi - -# Case 4: invoke the right all.sh for this component -comp_name=$4 - -# Get the list of components available on each side. -COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ') -COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ') - -# tell if $1 is in space-separated list $2 -is_in() { - needle=$1 - haystack=$2 - case " $haystack " in - *" $needle "*) echo 1;; - *) echo 0;; - esac -} - -is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO") -is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS") - -# Component should be on exactly one side (see comment near the top). -if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then - echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi -if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then - echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi - - -# Invoke the real thing -if [ "$is_crypto" -eq 1 ]; then - # Make sure the path to the outcomes file is absolute. This is done by - # pre_prepare_outcome_file() however by the time it runs we've already - # changed the working directory, so do it now. - if [ -n "${MBEDTLS_TEST_OUTCOME_FILE+set}" ]; then - case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; - esac - export MBEDTLS_TEST_OUTCOME_FILE - fi - cd tf-psa-crypto - exec tests/scripts/all.sh "$@" -else - exec tests/scripts/mbedtls-all.sh "$@" -fi diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py deleted file mode 100755 index ad1cf3730..000000000 --- a/tests/scripts/analyze_outcomes.py +++ /dev/null @@ -1,775 +0,0 @@ -#!/usr/bin/env python3 - -"""Analyze the test outcomes from a full CI run. - -This script can also run on outcomes from a partial run, but the results are -less likely to be useful. -""" - -import re -import typing - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import outcome_analysis - - -class CoverageTask(outcome_analysis.CoverageTask): - """Justify test cases that are never executed.""" - - @staticmethod - def _has_word_re(words: typing.Iterable[str], - exclude: typing.Optional[str] = None) -> typing.Pattern: - """Construct a regex that matches if any of the words appears. - - The occurrence must start and end at a word boundary. - - If exclude is specified, strings containing a match for that - regular expression will not match the returned pattern. - """ - exclude_clause = r'' - if exclude: - exclude_clause = r'(?!.*' + exclude + ')' - return re.compile(exclude_clause + - r'.*\b(?:' + r'|'.join(words) + r')\b.*', - re.DOTALL) - - # generate_psa_tests.py generates test cases involving cryptographic - # mechanisms (key types, families, algorithms) that are declared but - # not implemented. Until we improve the Python scripts, ignore those - # test cases in the analysis. - # https://github.com/Mbed-TLS/mbedtls/issues/9572 - _PSA_MECHANISMS_NOT_IMPLEMENTED = [ - r'CBC_MAC', - r'DETERMINISTIC_DSA', - r'DET_DSA', - r'DSA', - r'ECC_KEY_PAIR\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit', - r'ECC_KEY_PAIR\(SECP_K1\) 225-bit', - r'ECC_PAIR\(BP_R1\) (?:160|192|224|320)-bit', - r'ECC_PAIR\(SECP_K1\) 225-bit', - r'ECC_PUBLIC_KEY\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit', - r'ECC_PUBLIC_KEY\(SECP_K1\) 225-bit', - r'ECC_PUB\(BP_R1\) (?:160|192|224|320)-bit', - r'ECC_PUB\(SECP_K1\) 225-bit', - r'ED25519PH', - r'ED448PH', - r'PEPPER', - r'PURE_EDDSA', - r'SECP_R2', - r'SECT_K1', - r'SECT_R1', - r'SECT_R2', - r'SHAKE256_512', - r'SHA_512_224', - r'SHA_512_256', - r'TWISTED_EDWARDS', - r'XTS', - ] - PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE = \ - _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED) - - IGNORED_TESTS = { - 'ssl-opt': [ - # We don't run ssl-opt.sh with Valgrind on the CI because - # it's extremely slow. We don't intend to change this. - 'DTLS client reconnect from same port: reconnect, nbio, valgrind', - # We don't have IPv6 in our CI environment. - # https://github.com/Mbed-TLS/mbedtls-test/issues/176 - 'DTLS cookie: enabled, IPv6', - # Disabled due to OpenSSL bug. - # https://github.com/openssl/openssl/issues/18887 - 'DTLS fragmenting: 3d, openssl client, DTLS 1.2', - # We don't run ssl-opt.sh with Valgrind on the CI because - # it's extremely slow. We don't intend to change this. - 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)', - # TLS doesn't use restartable ECDH yet. - # https://github.com/Mbed-TLS/mbedtls/issues/7294 - re.compile(r'EC restart:.*no USE_PSA.*'), - ], - 'test_suite_config.mbedtls_boolean': [ - # Missing coverage of test configurations. - # https://github.com/Mbed-TLS/mbedtls/issues/9585 - 'Config: !MBEDTLS_SSL_DTLS_ANTI_REPLAY', - # Missing coverage of test configurations. - # https://github.com/Mbed-TLS/mbedtls/issues/9585 - 'Config: !MBEDTLS_SSL_DTLS_HELLO_VERIFY', - # We don't run test_suite_config when we test this. - # https://github.com/Mbed-TLS/mbedtls/issues/9586 - 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED', - ], - 'test_suite_config.psa_boolean': [ - # We don't test with HMAC disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9591 - 'Config: !PSA_WANT_ALG_HMAC', - # The DERIVE key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_DERIVE', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT', - 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE', - 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', - 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', - # We don't test with HMAC disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9591 - 'Config: !PSA_WANT_KEY_TYPE_HMAC', - # The PASSWORD key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_PASSWORD', - # The PASSWORD_HASH key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_PASSWORD_HASH', - # The RAW_DATA key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_RAW_DATA', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', - # Algorithm declared but not supported. - 'Config: PSA_WANT_ALG_CBC_MAC', - # Algorithm declared but not supported. - 'Config: PSA_WANT_ALG_XTS', - # Family declared but not supported. - 'Config: PSA_WANT_ECC_SECP_K1_224', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE', - 'Config: PSA_WANT_KEY_TYPE_ECC_KEY_PAIR', - 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR', - 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE', - # https://github.com/Mbed-TLS/mbedtls/issues/9583 - 'Config: !MBEDTLS_ECP_NIST_OPTIM', - # We never test without the PSA client code. Should we? - # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/112 - 'Config: !MBEDTLS_PSA_CRYPTO_CLIENT', - # We only test multithreading with pthreads. - # https://github.com/Mbed-TLS/mbedtls/issues/9584 - 'Config: !MBEDTLS_THREADING_PTHREAD', - # Built but not tested. - # https://github.com/Mbed-TLS/mbedtls/issues/9587 - 'Config: MBEDTLS_AES_USE_HARDWARE_ONLY', - # Untested platform-specific optimizations. - # https://github.com/Mbed-TLS/mbedtls/issues/9588 - 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete configuration option, to be replaced by - # PSA entropy drivers. - # https://github.com/Mbed-TLS/mbedtls/issues/8150 - 'Config: MBEDTLS_NO_PLATFORM_ENTROPY', - # Untested aspect of the platform interface. - # https://github.com/Mbed-TLS/mbedtls/issues/9589 - 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', - # In a client-server build, test_suite_config runs in the - # client configuration, so it will never report - # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. - 'Config: MBEDTLS_PSA_CRYPTO_SPM', - # We don't test on armv8 yet. - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', - 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - # We don't run test_suite_config when we test this. - # https://github.com/Mbed-TLS/mbedtls/issues/9586 - 'Config: MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', - ], - 'test_suite_config.psa_combinations': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - 'Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA', - ], - 'test_suite_pkcs12': [ - # We never test with CBC/PKCS5/PKCS12 enabled but - # PKCS7 padding disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9580 - 'PBE Decrypt, (Invalid padding & PKCS7 padding disabled)', - 'PBE Encrypt, pad = 8 (PKCS7 padding disabled)', - ], - 'test_suite_pkcs5': [ - # We never test with CBC/PKCS5/PKCS12 enabled but - # PKCS7 padding disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9580 - 'PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)', - 'PBES2 Encrypt, pad=6 (PKCS7 padding disabled)', - 'PBES2 Encrypt, pad=8 (PKCS7 padding disabled)', - ], - 'test_suite_psa_crypto': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - re.compile(r'.*ECDSA.*only deterministic supported'), - ], - 'test_suite_psa_crypto_generate_key.generated': [ - # Ignore mechanisms that are not implemented, except - # for public keys for which we always test that - # psa_generate_key() returns PSA_ERROR_INVALID_ARGUMENT - # regardless of whether the specific key type is supported. - _has_word_re((mech - for mech in _PSA_MECHANISMS_NOT_IMPLEMENTED - if not mech.startswith('ECC_PUB')), - exclude=r'ECC_PUB'), - ], - 'test_suite_psa_crypto_metadata': [ - # Algorithms declared but not supported. - # https://github.com/Mbed-TLS/mbedtls/issues/9579 - 'Asymmetric signature: Ed25519ph', - 'Asymmetric signature: Ed448ph', - 'Asymmetric signature: pure EdDSA', - 'Cipher: XTS', - 'MAC: CBC_MAC-3DES', - 'MAC: CBC_MAC-AES-128', - 'MAC: CBC_MAC-AES-192', - 'MAC: CBC_MAC-AES-256', - ], - 'test_suite_psa_crypto_not_supported.generated': [ - # It is a bug that not-supported test cases aren't getting - # run for never-implemented key types. - # https://github.com/Mbed-TLS/mbedtls/issues/7915 - PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE, - # We never test with DH key support disabled but support - # for a DH group enabled. The dependencies of these test - # cases don't really make sense. - # https://github.com/Mbed-TLS/mbedtls/issues/9574 - re.compile(r'PSA \w+ DH_.*type not supported'), - # We only test partial support for DH with the 2048-bit group - # enabled and the other groups disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9575 - 'PSA generate DH_KEY_PAIR(RFC7919) 2048-bit group not supported', - 'PSA import DH_KEY_PAIR(RFC7919) 2048-bit group not supported', - 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported', - ], - 'test_suite_psa_crypto_op_fail.generated': [ - # Ignore mechanisms that are not implemented, except - # for test cases that assume the mechanism is not supported. - _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED, - exclude=(r'.*: !(?:' + - r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) + - r')\b')), - # Incorrect dependency generation. To be fixed as part of the - # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167 - # by forward-porting the commit - # "PSA test case generation: dependency inference class: operation fail" - # from https://github.com/Mbed-TLS/mbedtls/pull/9025 . - re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'), - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - re.compile(r'.*: !ECDSA but DETERMINISTIC_ECDSA with ECC_.*'), - # We never test with the HMAC algorithm enabled but the HMAC - # key type disabled. Those dependencies don't really make sense. - # https://github.com/Mbed-TLS/mbedtls/issues/9573 - re.compile(r'.* !HMAC with HMAC'), - ], - 'test_suite_psa_crypto_op_fail.misc': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - 'PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)', #pylint: disable=line-too-long - ], - 'test_suite_psa_crypto_storage_format.current': [ - PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE, - ], - 'test_suite_psa_crypto_storage_format.v0': [ - PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE, - ], - 'tls13-misc': [ - # Disabled due to OpenSSL bug. - # https://github.com/openssl/openssl/issues/10714 - 'TLS 1.3 O->m: resumption', - # Disabled due to OpenSSL command line limitation. - # https://github.com/Mbed-TLS/mbedtls/issues/9582 - 'TLS 1.3 m->O: resumption with early data', - ], - } - - -# The names that we give to classes derived from DriverVSReference do not -# follow the usual naming convention, because it's more readable to use -# underscores and parts of the configuration names. Also, these classes -# are just there to specify some data, so they don't need repetitive -# documentation. -#pylint: disable=invalid-name,missing-class-docstring - -class DriverVSReference_hash(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa' - DRIVER = 'test_psa_crypto_config_accel_hash_use_psa' - IGNORED_SUITES = [ - 'shax', 'mdx', # the software implementations that are being excluded - 'md.psa', # purposefully depends on whether drivers are present - 'psa_crypto_low_hash.generated', # testing the builtins - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_hmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hmac' - DRIVER = 'test_psa_crypto_config_accel_hmac' - IGNORED_SUITES = [ - # These suites require legacy hash support, which is disabled - # in the accelerated component. - 'shax', 'mdx', - # This suite tests builtins directly, but these are missing - # in the accelerated case. - 'psa_crypto_low_hash.generated', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - re.compile(r'.*\bMBEDTLS_MD_C\b') - ], - 'test_suite_md': [ - # Builtin HMAC is not supported in the accelerate component. - re.compile('.*HMAC.*'), - # Following tests make use of functions which are not available - # when MD_C is disabled, as it happens in the accelerated - # test component. - re.compile('generic .* Hash file .*'), - 'MD list', - ], - 'test_suite_md.psa': [ - # "legacy only" tests require hash algorithms to be NOT - # accelerated, but this of course false for the accelerated - # test component. - re.compile('PSA dispatch .* legacy only'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac' - DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac' - # Modules replaced by drivers. - IGNORED_SUITES = [ - # low-level (block/stream) cipher modules - 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes and CMAC - 'ccm', 'chachapoly', 'cmac', 'gcm', - # The Cipher abstraction layer - 'cipher', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), - re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_CIPHER_.*'), - ], - # PEM decryption is not supported so far. - # The rest of PEM (write, unencrypted read) works though. - 'test_suite_pem': [ - re.compile(r'PEM read .*(AES|DES|\bencrypt).*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on AES_C/DES_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single low error' - ], - # Similar to test_suite_error above. - 'test_suite_version': [ - 'Check for MBEDTLS_AES_C when already present', - ], - # The en/decryption part of PKCS#12 is not supported so far. - # The rest of PKCS#12 (key derivation) works though. - 'test_suite_pkcs12': [ - re.compile(r'PBE Encrypt, .*'), - re.compile(r'PBE Decrypt, .*'), - ], - # The en/decryption part of PKCS#5 is not supported so far. - # The rest of PKCS#5 (PBKDF2) works though. - 'test_suite_pkcs5': [ - re.compile(r'PBES2 Encrypt, .*'), - re.compile(r'PBES2 Decrypt .*'), - ], - # Encrypted keys are not supported so far. - # pylint: disable=line-too-long - 'test_suite_pkparse': [ - 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)', - 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)', - re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'), - ], - # Encrypted keys are not supported so far. - 'ssl-opt': [ - 'TLS: password protected server key', - 'TLS: password protected client key', - 'TLS: password protected server key, two certificates', - ], - } - -class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only' - DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # This test wants a legacy function that takes f_rng, p_rng - # arguments, and uses legacy ECDSA for that. The test is - # really about the wrapper around the PSA RNG, not ECDSA. - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # In the accelerated test ECP_C is not set (only ECP_LIGHT is) - # so we must ignore disparities in the tests for which ECP_C - # is required. - 'test_suite_ecp': [ - re.compile(r'ECP check public-private .*'), - re.compile(r'ECP calculate public: .*'), - re.compile(r'ECP gen keypair .*'), - re.compile(r'ECP point muladd .*'), - re.compile(r'ECP point multiplication .*'), - re.compile(r'ECP test vectors .*'), - ], - 'test_suite_ssl': [ - # This deprecated function is only present when ECP_C is On. - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], - } - -class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - 'test_suite_pkparse': [ - # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED - # is automatically enabled in build_info.h (backward compatibility) - # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a - # consequence compressed points are supported in the reference - # component but not in the accelerated one, so they should be skipped - # while checking driver's coverage. - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - # See ecp_light_only - 'test_suite_ssl': [ - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], - } - -class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - # See ecp_light_only - 'test_suite_ssl': [ - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], - } - -class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'ssl-opt': [ - # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C - # (because it needs custom groups, which PSA does not - # provide), even with MBEDTLS_USE_PSA_CRYPTO. - re.compile(r'PSK callback:.*\bdhe-psk\b.*'), - ], - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - # See ecp_light_only - 'test_suite_ssl': [ - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], - } - -class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ffdh' - DRIVER = 'test_psa_crypto_config_accel_ffdh' - IGNORED_SUITES = ['dhm'] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference): - REFERENCE = 'test_tfm_config_no_p256m' - DRIVER = 'test_tfm_config_p256m_driver_accel_ec' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'asn1parse', 'asn1write', - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*') - ], - 'test_suite_config.crypto_combinations': [ - 'Config: ECC: Weierstrass curves only', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - } - -class DriverVSReference_rsa(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto' - DRIVER = 'test_psa_crypto_config_accel_rsa_crypto' - IGNORED_SUITES = [ - # Modules replaced by drivers. - 'rsa', 'pkcs1_v15', 'pkcs1_v21', - # We temporarily don't care about PK stuff. - 'pk', 'pkwrite', 'pkparse' - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), - re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on RSA_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single high error' - ], - # Constant time operations only used for PKCS1_V15 - 'test_suite_constant_time': [ - re.compile(r'mbedtls_ct_zeroize_if .*'), - re.compile(r'mbedtls_ct_memmove_left .*') - ], - 'test_suite_psa_crypto': [ - # We don't support generate_key_custom entry points - # in drivers yet. - re.compile(r'PSA generate key custom: RSA, e=.*'), - re.compile(r'PSA generate key ext: RSA, e=.*'), - ], - } - -class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference): - REFERENCE = 'test_full_block_cipher_legacy_dispatch' - DRIVER = 'test_full_block_cipher_psa_dispatch' - IGNORED_SUITES = [ - # Skipped in the accelerated component - 'aes', 'aria', 'camellia', - # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in - # order for the cipher module (actually cipher_wrapper) to work - # properly. However these symbols are disabled in the accelerated - # component so we ignore them. - 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria', - 'cipher.camellia', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - ], - 'test_suite_cmac': [ - # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - 'CMAC null arguments', - re.compile('CMAC.* (AES|ARIA|Camellia).*'), - ], - 'test_suite_cipher.padding': [ - # Following tests require AES_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), - ], - 'test_suite_pkcs5': [ - # The AES part of PKCS#5 PBES2 is not yet supported. - # The rest of PKCS#5 (PBKDF2) works, though. - re.compile(r'PBES2 .* AES-.*') - ], - 'test_suite_pkparse': [ - # PEM (called by pkparse) requires AES_C in order to decrypt - # the key, but this is not available in the accelerated - # component. - re.compile('Parse RSA Key.*(password|AES-).*'), - ], - 'test_suite_pem': [ - # Following tests require AES_C, but this is diabled in the - # accelerated component. - re.compile('PEM read .*AES.*'), - 'PEM read (unknown encryption algorithm)', - ], - 'test_suite_error': [ - # Following tests depend on AES_C but are not about them - # really, just need to know some error code is there. - 'Single low error', - 'Low and high error', - ], - 'test_suite_version': [ - # Similar to test_suite_error above. - 'Check for MBEDTLS_AES_C when already present', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -#pylint: enable=invalid-name,missing-class-docstring - - -# List of tasks with a function that can handle this task and additional arguments if required -KNOWN_TASKS = { - 'analyze_coverage': CoverageTask, - 'analyze_driver_vs_reference_hash': DriverVSReference_hash, - 'analyze_driver_vs_reference_hmac': DriverVSReference_hmac, - 'analyze_driver_vs_reference_cipher_aead_cmac': DriverVSReference_cipher_aead_cmac, - 'analyze_driver_vs_reference_ecp_light_only': DriverVSReference_ecp_light_only, - 'analyze_driver_vs_reference_no_ecp_at_all': DriverVSReference_no_ecp_at_all, - 'analyze_driver_vs_reference_ecc_no_bignum': DriverVSReference_ecc_no_bignum, - 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': DriverVSReference_ecc_ffdh_no_bignum, - 'analyze_driver_vs_reference_ffdh_alg': DriverVSReference_ffdh_alg, - 'analyze_driver_vs_reference_tfm_config': DriverVSReference_tfm_config, - 'analyze_driver_vs_reference_rsa': DriverVSReference_rsa, - 'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch, -} - -if __name__ == '__main__': - outcome_analysis.main(KNOWN_TASKS) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py deleted file mode 100755 index 3d0924602..000000000 --- a/tests/scripts/audit-validity-dates.py +++ /dev/null @@ -1,469 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -"""Audit validity date of X509 crt/crl/csr. - -This script is used to audit the validity date of crt/crl/csr used for testing. -It prints the information about X.509 objects excluding the objects that -are valid throughout the desired validity period. The data are collected -from framework/data_files/ and tests/suites/*.data files by default. -""" - -import os -import re -import typing -import argparse -import datetime -import glob -import logging -import hashlib -from enum import Enum - -# The script requires cryptography >= 35.0.0 which is only available -# for Python >= 3.6. -import cryptography -from cryptography import x509 - -from generate_test_code import FileWrapper - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree -from mbedtls_framework import logging_util - -def check_cryptography_version(): - match = re.match(r'^[0-9]+', cryptography.__version__) - if match is None or int(match.group(0)) < 35: - raise Exception("audit-validity-dates requires cryptography >= 35.0.0" - + "({} is too old)".format(cryptography.__version__)) - -class DataType(Enum): - CRT = 1 # Certificate - CRL = 2 # Certificate Revocation List - CSR = 3 # Certificate Signing Request - - -class DataFormat(Enum): - PEM = 1 # Privacy-Enhanced Mail - DER = 2 # Distinguished Encoding Rules - - -class AuditData: - """Store data location, type and validity period of X.509 objects.""" - #pylint: disable=too-few-public-methods - def __init__(self, data_type: DataType, x509_obj): - self.data_type = data_type - # the locations that the x509 object could be found - self.locations = [] # type: typing.List[str] - self.fill_validity_duration(x509_obj) - self._obj = x509_obj - encoding = cryptography.hazmat.primitives.serialization.Encoding.DER - self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest() - - @property - def identifier(self): - """ - Identifier of the underlying X.509 object, which is consistent across - different runs. - """ - return self._identifier - - def fill_validity_duration(self, x509_obj): - """Read validity period from an X.509 object.""" - # Certificate expires after "not_valid_after" - # Certificate is invalid before "not_valid_before" - if self.data_type == DataType.CRT: - self.not_valid_after = x509_obj.not_valid_after - self.not_valid_before = x509_obj.not_valid_before - # CertificateRevocationList expires after "next_update" - # CertificateRevocationList is invalid before "last_update" - elif self.data_type == DataType.CRL: - self.not_valid_after = x509_obj.next_update - self.not_valid_before = x509_obj.last_update - # CertificateSigningRequest is always valid. - elif self.data_type == DataType.CSR: - self.not_valid_after = datetime.datetime.max - self.not_valid_before = datetime.datetime.min - else: - raise ValueError("Unsupported file_type: {}".format(self.data_type)) - - -class X509Parser: - """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" - PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}(?P.*?)-{5}END (?P=type)-{5}' - PEM_TAG_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n' - PEM_TAGS = { - DataType.CRT: 'CERTIFICATE', - DataType.CRL: 'X509 CRL', - DataType.CSR: 'CERTIFICATE REQUEST' - } - - def __init__(self, - backends: - typing.Dict[DataType, - typing.Dict[DataFormat, - typing.Callable[[bytes], object]]]) \ - -> None: - self.backends = backends - self.__generate_parsers() - - def __generate_parser(self, data_type: DataType): - """Parser generator for a specific DataType""" - tag = self.PEM_TAGS[data_type] - pem_loader = self.backends[data_type][DataFormat.PEM] - der_loader = self.backends[data_type][DataFormat.DER] - def wrapper(data: bytes): - pem_type = X509Parser.pem_data_type(data) - # It is in PEM format with target tag - if pem_type == tag: - return pem_loader(data) - # It is in PEM format without target tag - if pem_type: - return None - # It might be in DER format - try: - result = der_loader(data) - except ValueError: - result = None - return result - wrapper.__name__ = "{}.parser[{}]".format(type(self).__name__, tag) - return wrapper - - def __generate_parsers(self): - """Generate parsers for all support DataType""" - self.parsers = {} - for data_type, _ in self.PEM_TAGS.items(): - self.parsers[data_type] = self.__generate_parser(data_type) - - def __getitem__(self, item): - return self.parsers[item] - - @staticmethod - def pem_data_type(data: bytes) -> typing.Optional[str]: - """Get the tag from the data in PEM format - - :param data: data to be checked in binary mode. - :return: PEM tag or "" when no tag detected. - """ - m = re.search(X509Parser.PEM_TAG_REGEX, data) - if m is not None: - return m.group('type').decode('UTF-8') - else: - return None - - @staticmethod - def check_hex_string(hex_str: str) -> bool: - """Check if the hex string is possibly DER data.""" - hex_len = len(hex_str) - # At least 6 hex char for 3 bytes: Type + Length + Content - if hex_len < 6: - return False - # Check if Type (1 byte) is SEQUENCE. - if hex_str[0:2] != '30': - return False - # Check LENGTH (1 byte) value - content_len = int(hex_str[2:4], base=16) - consumed = 4 - if content_len in (128, 255): - # Indefinite or Reserved - return False - elif content_len > 127: - # Definite, Long - length_len = (content_len - 128) * 2 - content_len = int(hex_str[consumed:consumed+length_len], base=16) - consumed += length_len - # Check LENGTH - if hex_len != content_len * 2 + consumed: - return False - return True - - -class Auditor: - """ - A base class that uses X509Parser to parse files to a list of AuditData. - - A subclass must implement the following methods: - - collect_default_files: Return a list of file names that are defaultly - used for parsing (auditing). The list will be stored in - Auditor.default_files. - - parse_file: Method that parses a single file to a list of AuditData. - - A subclass may override the following methods: - - parse_bytes: Defaultly, it parses `bytes` that contains only one valid - X.509 data(DER/PEM format) to an X.509 object. - - walk_all: Defaultly, it iterates over all the files in the provided - file name list, calls `parse_file` for each file and stores the results - by extending the `results` passed to the function. - """ - def __init__(self, logger): - self.logger = logger - self.default_files = self.collect_default_files() - self.parser = X509Parser({ - DataType.CRT: { - DataFormat.PEM: x509.load_pem_x509_certificate, - DataFormat.DER: x509.load_der_x509_certificate - }, - DataType.CRL: { - DataFormat.PEM: x509.load_pem_x509_crl, - DataFormat.DER: x509.load_der_x509_crl - }, - DataType.CSR: { - DataFormat.PEM: x509.load_pem_x509_csr, - DataFormat.DER: x509.load_der_x509_csr - }, - }) - - def collect_default_files(self) -> typing.List[str]: - """Collect the default files for parsing.""" - raise NotImplementedError - - def parse_file(self, filename: str) -> typing.List[AuditData]: - """ - Parse a list of AuditData from file. - - :param filename: name of the file to parse. - :return list of AuditData parsed from the file. - """ - raise NotImplementedError - - def parse_bytes(self, data: bytes): - """Parse AuditData from bytes.""" - for data_type in list(DataType): - try: - result = self.parser[data_type](data) - except ValueError as val_error: - result = None - self.logger.warning(val_error) - if result is not None: - audit_data = AuditData(data_type, result) - return audit_data - return None - - def walk_all(self, - results: typing.Dict[str, AuditData], - file_list: typing.Optional[typing.List[str]] = None) \ - -> None: - """ - Iterate over all the files in the list and get audit data. The - results will be written to `results` passed to this function. - - :param results: The dictionary used to store the parsed - AuditData. The keys of this dictionary should - be the identifier of the AuditData. - """ - if file_list is None: - file_list = self.default_files - for filename in file_list: - data_list = self.parse_file(filename) - for d in data_list: - if d.identifier in results: - results[d.identifier].locations.extend(d.locations) - else: - results[d.identifier] = d - - @staticmethod - def find_test_dir(): - """Get the relative path for the Mbed TLS test directory.""" - return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') - - -class TestDataAuditor(Auditor): - """Class for auditing files in `framework/data_files/`""" - - def collect_default_files(self): - """Collect all files in `framework/data_files/`""" - test_data_glob = os.path.join(build_tree.guess_mbedtls_root(), - 'framework', 'data_files/**') - data_files = [f for f in glob.glob(test_data_glob, recursive=True) - if os.path.isfile(f)] - return data_files - - def parse_file(self, filename: str) -> typing.List[AuditData]: - """ - Parse a list of AuditData from data file. - - :param filename: name of the file to parse. - :return list of AuditData parsed from the file. - """ - with open(filename, 'rb') as f: - data = f.read() - - results = [] - # Try to parse all PEM blocks. - is_pem = False - for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1): - is_pem = True - result = self.parse_bytes(data[m.start():m.end()]) - if result is not None: - result.locations.append("{}#{}".format(filename, idx)) - results.append(result) - - # Might be DER format. - if not is_pem: - result = self.parse_bytes(data) - if result is not None: - result.locations.append("{}".format(filename)) - results.append(result) - - return results - - -def parse_suite_data(data_f): - """ - Parses .data file for test arguments that possiblly have a - valid X.509 data. If you need a more precise parser, please - use generate_test_code.parse_test_data instead. - - :param data_f: file object of the data file. - :return: Generator that yields test function argument list. - """ - for line in data_f: - line = line.strip() - # Skip comments - if line.startswith('#'): - continue - - # Check parameters line - match = re.search(r'\A\w+(.*:)?\"', line) - if match: - # Read test vectors - parts = re.split(r'(?[0-9a-fA-F]+)"', test_arg) - if not match: - continue - if not X509Parser.check_hex_string(match.group('data')): - continue - audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) - if audit_data is None: - continue - audit_data.locations.append("{}:{}:#{}".format(filename, - data_f.line_no, - idx + 1)) - audit_data_list.append(audit_data) - - return audit_data_list - - -def list_all(audit_data: AuditData): - for loc in audit_data.locations: - print("{}\t{:20}\t{:20}\t{:3}\t{}".format( - audit_data.identifier, - audit_data.not_valid_before.isoformat(timespec='seconds'), - audit_data.not_valid_after.isoformat(timespec='seconds'), - audit_data.data_type.name, - loc)) - - -def main(): - """ - Perform argument parsing. - """ - parser = argparse.ArgumentParser(description=__doc__) - - parser.add_argument('-a', '--all', - action='store_true', - help='list the information of all the files') - parser.add_argument('-v', '--verbose', - action='store_true', dest='verbose', - help='show logs') - parser.add_argument('--from', dest='start_date', - help=('Start of desired validity period (UTC, YYYY-MM-DD). ' - 'Default: today'), - metavar='DATE') - parser.add_argument('--to', dest='end_date', - help=('End of desired validity period (UTC, YYYY-MM-DD). ' - 'Default: --from'), - metavar='DATE') - parser.add_argument('--data-files', action='append', nargs='*', - help='data files to audit', - metavar='FILE') - parser.add_argument('--suite-data-files', action='append', nargs='*', - help='suite data files to audit', - metavar='FILE') - - args = parser.parse_args() - - # start main routine - # setup logger - logger = logging.getLogger() - logging_util.configure_logger(logger) - logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR) - - td_auditor = TestDataAuditor(logger) - sd_auditor = SuiteDataAuditor(logger) - - data_files = [] - suite_data_files = [] - if args.data_files is None and args.suite_data_files is None: - data_files = td_auditor.default_files - suite_data_files = sd_auditor.default_files - else: - if args.data_files is not None: - data_files = [x for l in args.data_files for x in l] - if args.suite_data_files is not None: - suite_data_files = [x for l in args.suite_data_files for x in l] - - # validity period start date - if args.start_date: - start_date = datetime.datetime.fromisoformat(args.start_date) - else: - start_date = datetime.datetime.today() - # validity period end date - if args.end_date: - end_date = datetime.datetime.fromisoformat(args.end_date) - else: - end_date = start_date - - # go through all the files - audit_results = {} - td_auditor.walk_all(audit_results, data_files) - sd_auditor.walk_all(audit_results, suite_data_files) - - logger.info("Total: {} objects found!".format(len(audit_results))) - - # we filter out the files whose validity duration covers the provided - # duration. - filter_func = lambda d: (start_date < d.not_valid_before) or \ - (d.not_valid_after < end_date) - - sortby_end = lambda d: d.not_valid_after - - if args.all: - filter_func = None - - # filter and output the results - for d in sorted(filter(filter_func, audit_results.values()), key=sortby_end): - list_all(d) - - logger.debug("Done!") - -check_cryptography_version() -if __name__ == "__main__": - main() diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh deleted file mode 100755 index 80012b94d..000000000 --- a/tests/scripts/basic-build-test.sh +++ /dev/null @@ -1,249 +0,0 @@ -#!/bin/sh - -# basic-build-test.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Executes the basic test suites, captures the results, and generates a simple -# test report and code coverage report. -# -# The tests include: -# * Unit tests - executed using tests/scripts/run-test-suite.pl -# * Self-tests - executed using the test suites above -# * System tests - executed using tests/ssl-opt.sh -# * Interoperability tests - executed using tests/compat.sh -# -# The tests focus on functionality and do not consider performance. -# -# Note the tests self-adapt due to configurations in include/mbedtls/mbedtls_config.h -# which can lead to some tests being skipped, and can cause the number of -# available tests to fluctuate. -# -# This script has been written to be generic and should work on any shell. -# -# Usage: basic-build-test.sh -# - -# Abort on errors (and uninitiliased variables) -set -eu - -if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from Mbed TLS root" >&2 - exit 1 -fi - -: ${OPENSSL:="openssl"} -: ${GNUTLS_CLI:="gnutls-cli"} -: ${GNUTLS_SERV:="gnutls-serv"} - -# Used to make ssl-opt.sh deterministic. -# -# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept -# in sync. If you change the value here because it breaks some tests, you'll -# definitely want to change it in all.sh as well. -: ${SEED:=1} -export SEED - -# if MAKEFLAGS is not set add the -j option to speed up invocations of make -if [ -z "${MAKEFLAGS+set}" ]; then - export MAKEFLAGS="-j" -fi - -# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh -# we just export the variables they require -export OPENSSL="$OPENSSL" -export GNUTLS_CLI="$GNUTLS_CLI" -export GNUTLS_SERV="$GNUTLS_SERV" - -CONFIG_H='include/mbedtls/mbedtls_config.h' -CONFIG_BAK="$CONFIG_H.bak" - -# Step 0 - print build environment info -OPENSSL="$OPENSSL" \ - GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" \ - framework/scripts/output_env.sh -echo - -# Step 1 - Make and instrumented build for code coverage -export CFLAGS=' --coverage -g3 -O0 ' -export LDFLAGS=' --coverage' -make clean -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.py full -make - - -# Step 2 - Execute the tests -TEST_OUTPUT=out_${PPID} -cd tests -if [ ! -f "seedfile" ]; then - dd if=/dev/urandom of="seedfile" bs=64 count=1 -fi -if [ ! -f "../tf-psa-crypto/tests/seedfile" ]; then - cp "seedfile" "../tf-psa-crypto/tests/seedfile" -fi -echo - -# Step 2a - Unit Tests (keep going even if some tests fail) -echo '################ Unit tests ################' -perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT -echo '^^^^^^^^^^^^^^^^ Unit tests ^^^^^^^^^^^^^^^^' -echo - -# Step 2b - System Tests (keep going even if some tests fail) -echo -echo '################ ssl-opt.sh ################' -echo "ssl-opt.sh will use SEED=$SEED for udp_proxy" -sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT -echo '^^^^^^^^^^^^^^^^ ssl-opt.sh ^^^^^^^^^^^^^^^^' -echo - -# Step 2c - Compatibility tests (keep going even if some tests fail) -echo '################ compat.sh ################' -{ - echo '#### compat.sh: Default versions' - sh compat.sh -e 'ARIA\|CHACHA' - echo - - echo '#### compat.sh: next (ARIA, ChaCha)' - OPENSSL="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' - echo -} | tee compat-test-$TEST_OUTPUT -echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^' -echo - -# Step 3 - Process the coverage report -cd .. -{ - make lcov - echo SUCCESS -} | tee tests/cov-$TEST_OUTPUT - -if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then - echo >&2 "Fatal: 'make lcov' failed" - exit 2 -fi - - -# Step 4 - Summarise the test report -echo -echo "=========================================================================" -echo "Test Report Summary" -echo - -# A failure of the left-hand side of a pipe is ignored (this is a limitation -# of sh). We'll use the presence of this file as a marker that the generation -# of the report succeeded. -rm -f "tests/basic-build-test-$$.ok" - -{ - - cd tests - - # Step 4a - Unit tests - echo "Unit tests - tests/scripts/run-test-suites.pl" - - PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ') - SKIPPED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ') - TOTAL_SUITES=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ') - FAILED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ') - - echo "No test suites : $TOTAL_SUITES" - echo "Passed : $PASSED_TESTS" - echo "Failed : $FAILED_TESTS" - echo "Skipped : $SKIPPED_TESTS" - echo "Total exec'd tests : $(($PASSED_TESTS + $FAILED_TESTS))" - echo "Total avail tests : $(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))" - echo - - TOTAL_PASS=$PASSED_TESTS - TOTAL_FAIL=$FAILED_TESTS - TOTAL_SKIP=$SKIPPED_TESTS - TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) - TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS)) - - # Step 4b - TLS Options tests - echo "TLS Options tests - tests/ssl-opt.sh" - - PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') - SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') - TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p') - FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS)) - - echo "Passed : $PASSED_TESTS" - echo "Failed : $FAILED_TESTS" - echo "Skipped : $SKIPPED_TESTS" - echo "Total exec'd tests : $TOTAL_TESTS" - echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))" - echo - - TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) - TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) - TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) - TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS)) - TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) - - - # Step 4c - System Compatibility tests - echo "System/Compatibility tests - tests/compat.sh" - - PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') - SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') - EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') - FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS)) - - echo "Passed : $PASSED_TESTS" - echo "Failed : $FAILED_TESTS" - echo "Skipped : $SKIPPED_TESTS" - echo "Total exec'd tests : $EXED_TESTS" - echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))" - echo - - TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) - TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) - TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) - TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS)) - TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS)) - - - # Step 4d - Grand totals - echo "-------------------------------------------------------------------------" - echo "Total tests" - - echo "Total Passed : $TOTAL_PASS" - echo "Total Failed : $TOTAL_FAIL" - echo "Total Skipped : $TOTAL_SKIP" - echo "Total exec'd tests : $TOTAL_EXED" - echo "Total avail tests : $TOTAL_AVAIL" - echo - - - # Step 4e - Coverage report - echo "Coverage statistics:" - sed -n '1,/^Overall coverage/d; /%/p' cov-$TEST_OUTPUT - echo - - rm unit-test-$TEST_OUTPUT - rm sys-test-$TEST_OUTPUT - rm compat-test-$TEST_OUTPUT - rm cov-$TEST_OUTPUT - - # Mark the report generation as having succeeded. This must be the - # last thing in the report generation. - touch "basic-build-test-$$.ok" -} | tee coverage-summary.txt - -make clean - -if [ -f "$CONFIG_BAK" ]; then - mv "$CONFIG_BAK" "$CONFIG_H" -fi - -# The file must exist, otherwise it means something went wrong while generating -# the coverage report. If something did go wrong, rm will complain so this -# script will exit with a failure status. -rm "tests/basic-build-test-$$.ok" diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh deleted file mode 100755 index 8cc341d17..000000000 --- a/tests/scripts/check-generated-files.sh +++ /dev/null @@ -1,188 +0,0 @@ -#! /usr/bin/env sh - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Check if generated files are up-to-date. - -set -eu - -if [ $# -ne 0 ] && [ "$1" = "--help" ]; then - cat <&2 - exit 1 -fi - -UPDATE= -LIST= -while getopts lu OPTLET; do - case $OPTLET in - l) LIST=1;; - u) UPDATE=1;; - esac -done - -# check SCRIPT FILENAME[...] -# check SCRIPT DIRECTORY -# Run SCRIPT and check that it does not modify any of the specified files. -# In the first form, there can be any number of FILENAMEs, which must be -# regular files. -# In the second form, there must be a single DIRECTORY, standing for the -# list of files in the directory. Running SCRIPT must not modify any file -# in the directory and must not add or remove files either. -# If $UPDATE is empty, abort with an error status if a file is modified. -check() -{ - SCRIPT=$1 - shift - - if [ -n "$LIST" ]; then - printf '%s\n' "$@" - return - fi - - directory= - if [ -d "$1" ]; then - directory="$1" - rm -f "$directory"/*.bak - set -- "$1"/* - fi - - for FILE in "$@"; do - if [ -e "$FILE" ]; then - cp -p "$FILE" "$FILE.bak" - else - rm -f "$FILE.bak" - fi - done - - # In the case of the config tests, generate only the files to be checked - # by the caller as they are divided into Mbed TLS and TF-PSA-Crypto - # specific ones. - if [ "${SCRIPT##*/}" = "generate_config_tests.py" ]; then - "$SCRIPT" "$@" - else - "$SCRIPT" - fi - - # Compare the script output to the old files and remove backups - for FILE in "$@"; do - if diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then - # Move the original file back so that $FILE's timestamp doesn't - # change (avoids spurious rebuilds with make). - mv "$FILE.bak" "$FILE" - else - echo "'$FILE' was either modified or deleted by '$SCRIPT'" - if [ -z "$UPDATE" ]; then - exit 1 - else - rm -f "$FILE.bak" - fi - fi - done - - if [ -n "$directory" ]; then - old_list="$*" - set -- "$directory"/* - new_list="$*" - # Check if there are any new files - if [ "$old_list" != "$new_list" ]; then - echo "Files were deleted or created by '$SCRIPT'" - echo "Before: $old_list" - echo "After: $new_list" - if [ -z "$UPDATE" ]; then - exit 1 - fi - fi - fi -} - -# Note: if the format of calls to the "check" function changes, update -# framework/scripts/code_style.py accordingly. For generated C source files (*.h or *.c), -# the format must be "check SCRIPT FILENAME...". For other source files, -# any shell syntax is permitted (including e.g. command substitution). - -# Note: Instructions to generate those files are replicated in: -# - **/Makefile (to (re)build them with make) -# - **/CMakeLists.txt (to (re)build them with cmake) -# - scripts/make_generated_files.bat (to generate them under Windows) - -# These checks are common to Mbed TLS and TF-PSA-Crypto - -# The first case is temporary for the hybrid situation with a tf-psa-crypto -# directory in Mbed TLS that is not just a TF-PSA-Crypto submodule. -if [ -d tf-psa-crypto ]; then - cd tf-psa-crypto - check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check ../framework/scripts/generate_bignum_tests.py $(../framework/scripts/generate_bignum_tests.py --list) - check ../framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data - check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list) - check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list) - cd .. - # Generated files that are present in the repository even in the development - # branch. (This is intended to be temporary, until the generator scripts are - # fully reviewed and the build scripts support a generated header file.) - check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c - check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ - ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data -else - check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) - if in_tf_psa_crypto_repo; then - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data - else - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data - fi - check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) - check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) - check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ - ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c - # Generated files that are present in the repository even in the development - # branch. (This is intended to be temporary, until the generator scripts are - # fully reviewed and the build scripts support a generated header file.) - check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c -fi - -check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h - -# Additional checks for Mbed TLS only -if in_mbedtls_repo; then - check scripts/generate_errors.pl library/error.c - check scripts/generate_query_config.pl programs/test/query_config.c - check scripts/generate_features.pl library/version_features.c - check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c - check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh - check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h - # generate_visualc_files enumerates source files (library/*.c). It doesn't - # care about their content, but the files must exist. So it must run after - # the step that creates or updates these files. - check scripts/generate_visualc_files.pl visualc/VS2017 -fi diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py deleted file mode 100755 index 8f344448e..000000000 --- a/tests/scripts/check_names.py +++ /dev/null @@ -1,991 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -""" -This script confirms that the naming of all symbols and identifiers in Mbed TLS -are consistent with the house style and are also self-consistent. It only runs -on Linux and macOS since it depends on nm. - -It contains two major Python classes, CodeParser and NameChecker. They both have -a comprehensive "run-all" function (comprehensive_parse() and perform_checks()) -but the individual functions can also be used for specific needs. - -CodeParser makes heavy use of regular expressions to parse the code, and is -dependent on the current code formatting. Many Python C parser libraries require -preprocessed C code, which means no macro parsing. Compiler tools are also not -very helpful when we want the exact location in the original source (which -becomes impossible when e.g. comments are stripped). - -NameChecker performs the following checks: - -- All exported and available symbols in the library object files, are explicitly - declared in the header files. This uses the nm command. -- All macros, constants, and identifiers (function names, struct names, etc) - follow the required regex pattern. -- Typo checking: All words that begin with MBED|PSA exist as macros or constants. - -The script returns 0 on success, 1 on test failure, and 2 if there is a script -error. It must be run from Mbed TLS root. -""" - -import abc -import argparse -import fnmatch -import glob -import textwrap -import os -import sys -import traceback -import re -import enum -import shutil -import subprocess -import logging - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree - - -# Naming patterns to check against. These are defined outside the NameCheck -# class for ease of modification. -PUBLIC_MACRO_PATTERN = r"^(MBEDTLS|PSA|TF_PSA)_[0-9A-Z_]*[0-9A-Z]$" -INTERNAL_MACRO_PATTERN = r"^[0-9A-Za-z_]*[0-9A-Z]$" -CONSTANTS_PATTERN = PUBLIC_MACRO_PATTERN -IDENTIFIER_PATTERN = r"^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$" - -class Match(): # pylint: disable=too-few-public-methods - """ - A class representing a match, together with its found position. - - Fields: - * filename: the file that the match was in. - * line: the full line containing the match. - * line_no: the line number. - * pos: a tuple of (start, end) positions on the line where the match is. - * name: the match itself. - """ - def __init__(self, filename, line, line_no, pos, name): - # pylint: disable=too-many-arguments - self.filename = filename - self.line = line - self.line_no = line_no - self.pos = pos - self.name = name - - def __str__(self): - """ - Return a formatted code listing representation of the erroneous line. - """ - gutter = format(self.line_no, "4d") - underline = self.pos[0] * " " + (self.pos[1] - self.pos[0]) * "^" - - return ( - " {0} |\n".format(" " * len(gutter)) + - " {0} | {1}".format(gutter, self.line) + - " {0} | {1}\n".format(" " * len(gutter), underline) - ) - -class Problem(abc.ABC): # pylint: disable=too-few-public-methods - """ - An abstract parent class representing a form of static analysis error. - It extends an Abstract Base Class, which means it is not instantiable, and - it also mandates certain abstract methods to be implemented in subclasses. - """ - # Class variable to control the quietness of all problems - quiet = False - def __init__(self): - self.textwrapper = textwrap.TextWrapper() - self.textwrapper.width = 80 - self.textwrapper.initial_indent = " > " - self.textwrapper.subsequent_indent = " " - - def __str__(self): - """ - Unified string representation method for all Problems. - """ - if self.__class__.quiet: - return self.quiet_output() - return self.verbose_output() - - @abc.abstractmethod - def quiet_output(self): - """ - The output when --quiet is enabled. - """ - pass - - @abc.abstractmethod - def verbose_output(self): - """ - The default output with explanation and code snippet if appropriate. - """ - pass - -class SymbolNotInHeader(Problem): # pylint: disable=too-few-public-methods - """ - A problem that occurs when an exported/available symbol in the object file - is not explicitly declared in header files. Created with - NameCheck.check_symbols_declared_in_header() - - Fields: - * symbol_name: the name of the symbol. - """ - def __init__(self, symbol_name): - self.symbol_name = symbol_name - Problem.__init__(self) - - def quiet_output(self): - return "{0}".format(self.symbol_name) - - def verbose_output(self): - return self.textwrapper.fill( - "'{0}' was found as an available symbol in the output of nm, " - "however it was not declared in any header files." - .format(self.symbol_name)) - -class PatternMismatch(Problem): # pylint: disable=too-few-public-methods - """ - A problem that occurs when something doesn't match the expected pattern. - Created with NameCheck.check_match_pattern() - - Fields: - * pattern: the expected regex pattern - * match: the Match object in question - """ - def __init__(self, pattern, match): - self.pattern = pattern - self.match = match - Problem.__init__(self) - - - def quiet_output(self): - return ( - "{0}:{1}:{2}" - .format(self.match.filename, self.match.line_no, self.match.name) - ) - - def verbose_output(self): - return self.textwrapper.fill( - "{0}:{1}: '{2}' does not match the required pattern '{3}'." - .format( - self.match.filename, - self.match.line_no, - self.match.name, - self.pattern - ) - ) + "\n" + str(self.match) - -class Typo(Problem): # pylint: disable=too-few-public-methods - """ - A problem that occurs when a word using MBED or PSA doesn't - appear to be defined as constants nor enum values. Created with - NameCheck.check_for_typos() - - Fields: - * match: the Match object of the MBED|PSA name in question. - """ - def __init__(self, match): - self.match = match - Problem.__init__(self) - - def quiet_output(self): - return ( - "{0}:{1}:{2}" - .format(self.match.filename, self.match.line_no, self.match.name) - ) - - def verbose_output(self): - return self.textwrapper.fill( - "{0}:{1}: '{2}' looks like a typo. It was not found in any " - "macros or any enums. If this is not a typo, put " - "//no-check-names after it." - .format(self.match.filename, self.match.line_no, self.match.name) - ) + "\n" + str(self.match) - -class CodeParser(): - """ - Class for retrieving files and parsing the code. This can be used - independently of the checks that NameChecker performs, for example for - list_internal_identifiers.py. - """ - def __init__(self, log): - self.log = log - build_tree.check_repo_path() - - # Memo for storing "glob expression": set(filepaths) - self.files = {} - - # Globally excluded filenames. - # Note that "*" can match directory separators in exclude lists. - self.excluded_files = ["*/bn_mul", "*/compat-2.x.h"] - - def comprehensive_parse(self): - """ - Comprehensive ("default") function to call each parsing function and - retrieve various elements of the code, together with the source location. - - Returns a dict of parsed item key to the corresponding List of Matches. - """ - self.log.info("Parsing source code...") - self.log.debug( - "The following files are excluded from the search: {}" - .format(str(self.excluded_files)) - ) - - all_macros = {"public": [], "internal": [], "private":[]} - all_macros["public"] = self.parse_macros([ - "include/mbedtls/*.h", - "include/psa/*.h", - "tf-psa-crypto/include/psa/*.h", - "tf-psa-crypto/include/tf-psa-crypto/*.h", - "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", - "tf-psa-crypto/drivers/everest/include/everest/everest.h", - "tf-psa-crypto/drivers/everest/include/everest/x25519.h" - ]) - all_macros["internal"] = self.parse_macros([ - "library/*.h", - "tf-psa-crypto/core/*.h", - "tf-psa-crypto/drivers/builtin/src/*.h", - "framework/tests/include/test/drivers/*.h", - ]) - all_macros["private"] = self.parse_macros([ - "library/*.c", - "tf-psa-crypto/core/*.c", - "tf-psa-crypto/drivers/builtin/src/*.c", - ]) - enum_consts = self.parse_enum_consts([ - "include/mbedtls/*.h", - "include/psa/*.h", - "tf-psa-crypto/include/psa/*.h", - "tf-psa-crypto/include/tf-psa-crypto/*.h", - "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", - "library/*.h", - "tf-psa-crypto/core/*.h", - "tf-psa-crypto/drivers/builtin/src/*.h", - "library/*.c", - "tf-psa-crypto/core/*.c", - "tf-psa-crypto/drivers/builtin/src/*.c", - "tf-psa-crypto/drivers/everest/include/everest/everest.h", - "tf-psa-crypto/drivers/everest/include/everest/x25519.h" - ]) - identifiers, excluded_identifiers = self.parse_identifiers([ - "include/mbedtls/*.h", - "include/psa/*.h", - "tf-psa-crypto/include/psa/*.h", - "tf-psa-crypto/include/tf-psa-crypto/*.h", - "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", - "library/*.h", - "tf-psa-crypto/core/*.h", - "tf-psa-crypto/drivers/builtin/src/*.h", - "tf-psa-crypto/drivers/everest/include/everest/everest.h", - "tf-psa-crypto/drivers/everest/include/everest/x25519.h" - ], ["tf-psa-crypto/drivers/p256-m/p256-m/p256-m.h"]) - mbed_psa_words = self.parse_mbed_psa_words([ - "include/mbedtls/*.h", - "include/psa/*.h", - "tf-psa-crypto/include/psa/*.h", - "tf-psa-crypto/include/tf-psa-crypto/*.h", - "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", - "library/*.h", - "tf-psa-crypto/core/*.h", - "tf-psa-crypto/drivers/builtin/src/*.h", - "tf-psa-crypto/drivers/everest/include/everest/everest.h", - "tf-psa-crypto/drivers/everest/include/everest/x25519.h", - "library/*.c", - "tf-psa-crypto/core/*.c", - "tf-psa-crypto/drivers/builtin/src/*.c", - "tf-psa-crypto/drivers/everest/library/everest.c", - "tf-psa-crypto/drivers/everest/library/x25519.c" - ], ["tf-psa-crypto/core/psa_crypto_driver_wrappers.h"]) - symbols = self.parse_symbols() - - # Remove identifier macros like mbedtls_printf or mbedtls_calloc - identifiers_justname = [x.name for x in identifiers] - actual_macros = {"public": [], "internal": []} - for scope in actual_macros: - for macro in all_macros[scope]: - if macro.name not in identifiers_justname: - actual_macros[scope].append(macro) - - self.log.debug("Found:") - # Aligns the counts on the assumption that none exceeds 4 digits - for scope in actual_macros: - self.log.debug(" {:4} Total {} Macros" - .format(len(all_macros[scope]), scope)) - self.log.debug(" {:4} {} Non-identifier Macros" - .format(len(actual_macros[scope]), scope)) - self.log.debug(" {:4} Enum Constants".format(len(enum_consts))) - self.log.debug(" {:4} Identifiers".format(len(identifiers))) - self.log.debug(" {:4} Exported Symbols".format(len(symbols))) - return { - "public_macros": actual_macros["public"], - "internal_macros": actual_macros["internal"], - "private_macros": all_macros["private"], - "enum_consts": enum_consts, - "identifiers": identifiers, - "excluded_identifiers": excluded_identifiers, - "symbols": symbols, - "mbed_psa_words": mbed_psa_words - } - - def is_file_excluded(self, path, exclude_wildcards): - """Whether the given file path is excluded.""" - # exclude_wildcards may be None. Also, consider the global exclusions. - exclude_wildcards = (exclude_wildcards or []) + self.excluded_files - for pattern in exclude_wildcards: - if fnmatch.fnmatch(path, pattern): - return True - return False - - def get_all_files(self, include_wildcards, exclude_wildcards): - """ - Get all files that match any of the included UNIX-style wildcards - and filter them into included and excluded lists. - While the check_names script is designed only for use on UNIX/macOS - (due to nm), this function alone will work fine on Windows even with - forward slashes in the wildcard. - - Args: - * include_wildcards: a List of shell-style wildcards to match filepaths. - * exclude_wildcards: a List of shell-style wildcards to exclude. - - Returns: - * inc_files: A List of relative filepaths for included files. - * exc_files: A List of relative filepaths for excluded files. - """ - accumulator = set() - all_wildcards = include_wildcards + (exclude_wildcards or []) - for wildcard in all_wildcards: - accumulator = accumulator.union(glob.iglob(wildcard)) - - inc_files = [] - exc_files = [] - for path in accumulator: - if self.is_file_excluded(path, exclude_wildcards): - exc_files.append(path) - else: - inc_files.append(path) - return (inc_files, exc_files) - - def get_included_files(self, include_wildcards, exclude_wildcards): - """ - Get all files that match any of the included UNIX-style wildcards. - While the check_names script is designed only for use on UNIX/macOS - (due to nm), this function alone will work fine on Windows even with - forward slashes in the wildcard. - - Args: - * include_wildcards: a List of shell-style wildcards to match filepaths. - * exclude_wildcards: a List of shell-style wildcards to exclude. - - Returns a List of relative filepaths. - """ - accumulator = set() - - for include_wildcard in include_wildcards: - accumulator = accumulator.union(glob.iglob(include_wildcard)) - - return list(path for path in accumulator - if not self.is_file_excluded(path, exclude_wildcards)) - - def parse_macros(self, include, exclude=None): - """ - Parse all macros defined by #define preprocessor directives. - - Args: - * include: A List of glob expressions to look for files through. - * exclude: A List of glob expressions for excluding files. - - Returns a List of Match objects for the found macros. - """ - macro_regex = re.compile(r"# *define +(?P\w+)") - exclusions = ( - "asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_" - ) - - files = self.get_included_files(include, exclude) - self.log.debug("Looking for macros in {} files".format(len(files))) - - macros = [] - for header_file in files: - with open(header_file, "r", encoding="utf-8") as header: - for line_no, line in enumerate(header): - for macro in macro_regex.finditer(line): - if macro.group("macro").startswith(exclusions): - continue - - macros.append(Match( - header_file, - line, - line_no, - macro.span("macro"), - macro.group("macro"))) - - return macros - - def parse_mbed_psa_words(self, include, exclude=None): - """ - Parse all words in the file that begin with MBED|PSA, in and out of - macros, comments, anything. - - Args: - * include: A List of glob expressions to look for files through. - * exclude: A List of glob expressions for excluding files. - - Returns a List of Match objects for words beginning with MBED|PSA. - """ - # Typos of TLS are common, hence the broader check below than MBEDTLS. - mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*") - exclusions = re.compile(r"// *no-check-names|#error") - - files = self.get_included_files(include, exclude) - self.log.debug( - "Looking for MBED|PSA words in {} files" - .format(len(files)) - ) - - mbed_psa_words = [] - for filename in files: - with open(filename, "r", encoding="utf-8") as fp: - for line_no, line in enumerate(fp): - if exclusions.search(line): - continue - - for name in mbed_regex.finditer(line): - mbed_psa_words.append(Match( - filename, - line, - line_no, - name.span(0), - name.group(0))) - - return mbed_psa_words - - def parse_enum_consts(self, include, exclude=None): - """ - Parse all enum value constants that are declared. - - Args: - * include: A List of glob expressions to look for files through. - * exclude: A List of glob expressions for excluding files. - - Returns a List of Match objects for the findings. - """ - files = self.get_included_files(include, exclude) - self.log.debug("Looking for enum consts in {} files".format(len(files))) - - # Emulate a finite state machine to parse enum declarations. - # OUTSIDE_KEYWORD = outside the enum keyword - # IN_BRACES = inside enum opening braces - # IN_BETWEEN = between enum keyword and opening braces - states = enum.Enum("FSM", ["OUTSIDE_KEYWORD", "IN_BRACES", "IN_BETWEEN"]) - enum_consts = [] - for header_file in files: - state = states.OUTSIDE_KEYWORD - with open(header_file, "r", encoding="utf-8") as header: - for line_no, line in enumerate(header): - # Match typedefs and brackets only when they are at the - # beginning of the line -- if they are indented, they might - # be sub-structures within structs, etc. - optional_c_identifier = r"([_a-zA-Z][_a-zA-Z0-9]*)?" - if (state == states.OUTSIDE_KEYWORD and - re.search(r"^(typedef +)?enum " + \ - optional_c_identifier + \ - r" *{", line)): - state = states.IN_BRACES - elif (state == states.OUTSIDE_KEYWORD and - re.search(r"^(typedef +)?enum", line)): - state = states.IN_BETWEEN - elif (state == states.IN_BETWEEN and - re.search(r"^{", line)): - state = states.IN_BRACES - elif (state == states.IN_BRACES and - re.search(r"^}", line)): - state = states.OUTSIDE_KEYWORD - elif (state == states.IN_BRACES and - not re.search(r"^ *#", line)): - enum_const = re.search(r"^ *(?P\w+)", line) - if not enum_const: - continue - - enum_consts.append(Match( - header_file, - line, - line_no, - enum_const.span("enum_const"), - enum_const.group("enum_const"))) - - return enum_consts - - IGNORED_CHUNK_REGEX = re.compile('|'.join([ - r'/\*.*?\*/', # block comment entirely on one line - r'//.*', # line comment - r'(?P")(?:[^\\\"]|\\.)*"', # string literal - ])) - - def strip_comments_and_literals(self, line, in_block_comment): - """Strip comments and string literals from line. - - Continuation lines are not supported. - - If in_block_comment is true, assume that the line starts inside a - block comment. - - Return updated values of (line, in_block_comment) where: - * Comments in line have been replaced by a space (or nothing at the - start or end of the line). - * String contents have been removed. - * in_block_comment indicates whether the line ends inside a block - comment that continues on the next line. - """ - - # Terminate current multiline comment? - if in_block_comment: - m = re.search(r"\*/", line) - if m: - in_block_comment = False - line = line[m.end(0):] - else: - return '', True - - # Remove full comments and string literals. - # Do it all together to handle cases like "/*" correctly. - # Note that continuation lines are not supported. - line = re.sub(self.IGNORED_CHUNK_REGEX, - lambda s: '""' if s.group('string') else ' ', - line) - - # Start an unfinished comment? - # (If `/*` was part of a complete comment, it's already been removed.) - m = re.search(r"/\*", line) - if m: - in_block_comment = True - line = line[:m.start(0)] - - return line, in_block_comment - - IDENTIFIER_REGEX = re.compile('|'.join([ - # Match " something(a" or " *something(a". Functions. - # Assumptions: - # - function definition from return type to one of its arguments is - # all on one line - # - function definition line only contains alphanumeric, asterisk, - # underscore, and open bracket - r".* \**(\w+) *\( *\w", - # Match "(*something)(". - r".*\( *\* *(\w+) *\) *\(", - # Match names of named data structures. - r"(?:typedef +)?(?:struct|union|enum) +(\w+)(?: *{)?$", - # Match names of typedef instances, after closing bracket. - r"}? *(\w+)[;[].*", - ])) - # The regex below is indented for clarity. - EXCLUSION_LINES = re.compile("|".join([ - r"extern +\"C\"", - r"(typedef +)?(struct|union|enum)( *{)?$", - r"} *;?$", - r"$", - r"//", - r"#", - ])) - - def parse_identifiers_in_file(self, header_file, identifiers): - """ - Parse all lines of a header where a function/enum/struct/union/typedef - identifier is declared, based on some regex and heuristics. Highly - dependent on formatting style. - - Append found matches to the list ``identifiers``. - """ - - with open(header_file, "r", encoding="utf-8") as header: - in_block_comment = False - # The previous line variable is used for concatenating lines - # when identifiers are formatted and spread across multiple - # lines. - previous_line = "" - - for line_no, line in enumerate(header): - line, in_block_comment = \ - self.strip_comments_and_literals(line, in_block_comment) - - if self.EXCLUSION_LINES.match(line): - previous_line = "" - continue - - # If the line contains only space-separated alphanumeric - # characters (or underscore, asterisk, or open parenthesis), - # and nothing else, high chance it's a declaration that - # continues on the next line - if re.search(r"^([\w\*\(]+\s+)+$", line): - previous_line += line - continue - - # If previous line seemed to start an unfinished declaration - # (as above), concat and treat them as one. - if previous_line: - line = previous_line.strip() + " " + line.strip() + "\n" - previous_line = "" - - # Skip parsing if line has a space in front = heuristic to - # skip function argument lines (highly subject to formatting - # changes) - if line[0] == " ": - continue - - identifier = self.IDENTIFIER_REGEX.search(line) - - if not identifier: - continue - - # Find the group that matched, and append it - for group in identifier.groups(): - if not group: - continue - - identifiers.append(Match( - header_file, - line, - line_no, - identifier.span(), - group)) - - def parse_identifiers(self, include, exclude=None): - """ - Parse all lines of a header where a function/enum/struct/union/typedef - identifier is declared, based on some regex and heuristics. Highly - dependent on formatting style. Identifiers in excluded files are still - parsed - - Args: - * include: A List of glob expressions to look for files through. - * exclude: A List of glob expressions for excluding files. - - Returns: a Tuple of two Lists of Match objects with identifiers. - * included_identifiers: A List of Match objects with identifiers from - included files. - * excluded_identifiers: A List of Match objects with identifiers from - excluded files. - """ - - included_files, excluded_files = \ - self.get_all_files(include, exclude) - - self.log.debug("Looking for included identifiers in {} files".format \ - (len(included_files))) - - included_identifiers = [] - excluded_identifiers = [] - for header_file in included_files: - self.parse_identifiers_in_file(header_file, included_identifiers) - for header_file in excluded_files: - self.parse_identifiers_in_file(header_file, excluded_identifiers) - - return (included_identifiers, excluded_identifiers) - - def parse_symbols(self): - """ - Compile the Mbed TLS libraries, and parse the TLS, Crypto, and x509 - object files using nm to retrieve the list of referenced symbols. - Exceptions thrown here are rethrown because they would be critical - errors that void several tests, and thus needs to halt the program. This - is explicitly done for clarity. - - Returns a List of unique symbols defined and used in the libraries. - """ - self.log.info("Compiling...") - symbols = [] - - # Back up the config and atomically compile with the full configuration. - shutil.copy( - "include/mbedtls/mbedtls_config.h", - "include/mbedtls/mbedtls_config.h.bak" - ) - try: - # Use check=True in all subprocess calls so that failures are raised - # as exceptions and logged. - subprocess.run( - ["python3", "scripts/config.py", "full"], - universal_newlines=True, - check=True - ) - my_environment = os.environ.copy() - my_environment["CFLAGS"] = "-fno-asynchronous-unwind-tables" - # Run make clean separately to lib to prevent unwanted behavior when - # make is invoked with parallelism. - subprocess.run( - ["make", "clean"], - universal_newlines=True, - check=True - ) - subprocess.run( - ["make", "lib"], - env=my_environment, - universal_newlines=True, - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - check=True - ) - - # Perform object file analysis using nm - symbols = self.parse_symbols_from_nm([ - "library/libmbedcrypto.a", - "library/libmbedtls.a", - "library/libmbedx509.a" - ]) - - subprocess.run( - ["make", "clean"], - universal_newlines=True, - check=True - ) - except subprocess.CalledProcessError as error: - self.log.debug(error.output) - raise error - finally: - # Put back the original config regardless of there being errors. - # Works also for keyboard interrupts. - shutil.move( - "include/mbedtls/mbedtls_config.h.bak", - "include/mbedtls/mbedtls_config.h" - ) - - return symbols - - def parse_symbols_from_nm(self, object_files): - """ - Run nm to retrieve the list of referenced symbols in each object file. - Does not return the position data since it is of no use. - - Args: - * object_files: a List of compiled object filepaths to search through. - - Returns a List of unique symbols defined and used in any of the object - files. - """ - nm_undefined_regex = re.compile(r"^\S+: +U |^$|^\S+:$") - nm_valid_regex = re.compile(r"^\S+( [0-9A-Fa-f]+)* . _*(?P\w+)") - exclusions = ("FStar", "Hacl") - - symbols = [] - - # Gather all outputs of nm - nm_output = "" - for lib in object_files: - nm_output += subprocess.run( - ["nm", "-og", lib], - universal_newlines=True, - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - check=True - ).stdout - - for line in nm_output.splitlines(): - if not nm_undefined_regex.search(line): - symbol = nm_valid_regex.search(line) - if (symbol and not symbol.group("symbol").startswith(exclusions)): - symbols.append(symbol.group("symbol")) - else: - self.log.error(line) - - return symbols - -class NameChecker(): - """ - Representation of the core name checking operation performed by this script. - """ - def __init__(self, parse_result, log): - self.parse_result = parse_result - self.log = log - - def perform_checks(self, quiet=False): - """ - A comprehensive checker that performs each check in order, and outputs - a final verdict. - - Args: - * quiet: whether to hide detailed problem explanation. - """ - self.log.info("=============") - Problem.quiet = quiet - problems = 0 - problems += self.check_symbols_declared_in_header() - - pattern_checks = [ - ("public_macros", PUBLIC_MACRO_PATTERN), - ("internal_macros", INTERNAL_MACRO_PATTERN), - ("enum_consts", CONSTANTS_PATTERN), - ("identifiers", IDENTIFIER_PATTERN) - ] - for group, check_pattern in pattern_checks: - problems += self.check_match_pattern(group, check_pattern) - - problems += self.check_for_typos() - - self.log.info("=============") - if problems > 0: - self.log.info("FAIL: {0} problem(s) to fix".format(str(problems))) - if quiet: - self.log.info("Remove --quiet to see explanations.") - else: - self.log.info("Use --quiet for minimal output.") - return 1 - else: - self.log.info("PASS") - return 0 - - def check_symbols_declared_in_header(self): - """ - Perform a check that all detected symbols in the library object files - are properly declared in headers. - Assumes parse_names_in_source() was called before this. - - Returns the number of problems that need fixing. - """ - problems = [] - all_identifiers = self.parse_result["identifiers"] + \ - self.parse_result["excluded_identifiers"] - - for symbol in self.parse_result["symbols"]: - found_symbol_declared = False - for identifier_match in all_identifiers: - if symbol == identifier_match.name: - found_symbol_declared = True - break - - if not found_symbol_declared: - problems.append(SymbolNotInHeader(symbol)) - - self.output_check_result("All symbols in header", problems) - return len(problems) - - def check_match_pattern(self, group_to_check, check_pattern): - """ - Perform a check that all items of a group conform to a regex pattern. - Assumes parse_names_in_source() was called before this. - - Args: - * group_to_check: string key to index into self.parse_result. - * check_pattern: the regex to check against. - - Returns the number of problems that need fixing. - """ - problems = [] - - for item_match in self.parse_result[group_to_check]: - if not re.search(check_pattern, item_match.name): - problems.append(PatternMismatch(check_pattern, item_match)) - # Double underscore should not be used for names - if re.search(r".*__.*", item_match.name): - problems.append( - PatternMismatch("no double underscore allowed", item_match)) - - self.output_check_result( - "Naming patterns of {}".format(group_to_check), - problems) - return len(problems) - - def check_for_typos(self): - """ - Perform a check that all words in the source code beginning with MBED are - either defined as macros, or as enum constants. - Assumes parse_names_in_source() was called before this. - - Returns the number of problems that need fixing. - """ - problems = [] - - # Set comprehension, equivalent to a list comprehension wrapped by set() - all_caps_names = { - match.name - for match - in self.parse_result["public_macros"] + - self.parse_result["internal_macros"] + - self.parse_result["private_macros"] + - self.parse_result["enum_consts"] - } - typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|" - r"MBEDTLS_TEST_LIBTESTDRIVER*|" - r"PSA_CRYPTO_DRIVER_TEST") - - for name_match in self.parse_result["mbed_psa_words"]: - found = name_match.name in all_caps_names - - # Since MBEDTLS_PSA_ACCEL_XXX defines are defined by the - # PSA driver, they will not exist as macros. However, they - # should still be checked for typos using the equivalent - # BUILTINs that exist. - if "MBEDTLS_PSA_ACCEL_" in name_match.name: - found = name_match.name.replace( - "MBEDTLS_PSA_ACCEL_", - "MBEDTLS_PSA_BUILTIN_") in all_caps_names - - if not found and not typo_exclusion.search(name_match.name): - problems.append(Typo(name_match)) - - self.output_check_result("Likely typos", problems) - return len(problems) - - def output_check_result(self, name, problems): - """ - Write out the PASS/FAIL status of a performed check depending on whether - there were problems. - - Args: - * name: the name of the test - * problems: a List of encountered Problems - """ - if problems: - self.log.info("{}: FAIL\n".format(name)) - for problem in problems: - self.log.warning(str(problem)) - else: - self.log.info("{}: PASS".format(name)) - -def main(): - """ - Perform argument parsing, and create an instance of CodeParser and - NameChecker to begin the core operation. - """ - parser = argparse.ArgumentParser( - formatter_class=argparse.RawDescriptionHelpFormatter, - description=( - "This script confirms that the naming of all symbols and identifiers " - "in Mbed TLS are consistent with the house style and are also " - "self-consistent.\n\n" - "Expected to be run from the Mbed TLS root directory.") - ) - parser.add_argument( - "-v", "--verbose", - action="store_true", - help="show parse results" - ) - parser.add_argument( - "-q", "--quiet", - action="store_true", - help="hide unnecessary text, explanations, and highlights" - ) - - args = parser.parse_args() - - # Configure the global logger, which is then passed to the classes below - log = logging.getLogger() - log.setLevel(logging.DEBUG if args.verbose else logging.INFO) - log.addHandler(logging.StreamHandler()) - - try: - code_parser = CodeParser(log) - parse_result = code_parser.comprehensive_parse() - except Exception: # pylint: disable=broad-except - traceback.print_exc() - sys.exit(2) - - name_checker = NameChecker(parse_result, log) - return_code = name_checker.perform_checks(quiet=args.quiet) - - sys.exit(return_code) - -if __name__ == "__main__": - main() diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh deleted file mode 100644 index 99fd0d76c..000000000 --- a/tests/scripts/components-basic-checks.sh +++ /dev/null @@ -1,167 +0,0 @@ -# components-basic-checks.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Basic checks -################################################################ - -component_check_recursion () { - msg "Check: recursion.pl" # < 1s - tests/scripts/recursion.pl library/*.c - tests/scripts/recursion.pl ${PSA_CORE_PATH}/*.c - tests/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c -} - -component_check_generated_files () { - msg "Check: check-generated-files, files generated with make" # 2s - make generated_files - tests/scripts/check-generated-files.sh - - msg "Check: check-generated-files -u, files present" # 2s - tests/scripts/check-generated-files.sh -u - # Check that the generated files are considered up to date. - tests/scripts/check-generated-files.sh - - msg "Check: check-generated-files -u, files absent" # 2s - command make neat - tests/scripts/check-generated-files.sh -u - # Check that the generated files are considered up to date. - tests/scripts/check-generated-files.sh - - # This component ends with the generated files present in the source tree. - # This is necessary for subsequent components! -} - -component_check_doxy_blocks () { - msg "Check: doxygen markup outside doxygen blocks" # < 1s - tests/scripts/check-doxy-blocks.pl -} - -component_check_files () { - msg "Check: file sanity checks (permissions, encodings)" # < 1s - framework/scripts/check_files.py -} - -component_check_changelog () { - msg "Check: changelog entries" # < 1s - rm -f ChangeLog.new - scripts/assemble_changelog.py -o ChangeLog.new - if [ -e ChangeLog.new ]; then - # Show the diff for information. It isn't an error if the diff is - # non-empty. - diff -u ChangeLog ChangeLog.new || true - rm ChangeLog.new - fi -} - -component_check_names () { - msg "Check: declared and exported names (builds the library)" # < 3s - tests/scripts/check_names.py -v -} - -component_check_test_cases () { - msg "Check: test case descriptions" # < 1s - if [ $QUIET -eq 1 ]; then - opt='--quiet' - else - opt='' - fi - framework/scripts/check_test_cases.py -q $opt - unset opt -} - -component_check_test_dependencies () { - msg "Check: test case dependencies: legacy vs PSA" # < 1s - # The purpose of this component is to catch unjustified dependencies on - # legacy feature macros (MBEDTLS_xxx) in PSA tests. Generally speaking, - # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely - # MBEDTLS_PSA_xxx). - # - # Most of the time, use of legacy MBEDTLS_xxx macros are mistakes, which - # this component is meant to catch. However a few of them are justified, - # mostly by the absence of a PSA equivalent, so this component includes a - # list of expected exceptions. - - found="check-test-deps-found-$$" - expected="check-test-deps-expected-$$" - - # Find legacy dependencies in PSA tests - grep 'depends_on' \ - tf-psa-crypto/tests/suites/test_suite_psa*.data \ - tf-psa-crypto/tests/suites/test_suite_psa*.function | - grep -Eo '!?MBEDTLS_[^: ]*' | - grep -v -e MBEDTLS_PSA_ -e MBEDTLS_TEST_ | - sort -u > $found - - # Expected ones with justification - keep in sorted order by ASCII table! - rm -f $expected - # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes - echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected - # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES - echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected - # MBEDTLS_ASN1_WRITE_C is used by import_rsa_made_up() in test_suite_psa_crypto - # in order to build a fake RSA key of the wanted size based on - # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by - # the test code and that's probably the most convenient way of achieving - # the test's goal. - echo "MBEDTLS_ASN1_WRITE_C" >> $expected - # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size - # for raw key generation. - echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected - # No PSA equivalent - we should probably have one in the future. - echo "MBEDTLS_ECP_RESTARTABLE" >> $expected - # No PSA equivalent - needed by some init tests - echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected - # No PSA equivalent - required to run threaded tests. - echo "MBEDTLS_THREADING_PTHREAD" >> $expected - - # Compare reality with expectation. - # We want an exact match, to ensure the above list remains up-to-date. - # - # The output should be empty. When it's not: - # - Each '+' line is a macro that was found but not expected. You want to - # find where that macro occurs, and either replace it with PSA macros, or - # add it to the exceptions list above with a justification. - # - Each '-' line is a macro that was expected but not found; it means the - # exceptions list above should be updated by removing that macro. - diff -U0 $expected $found - - rm $found $expected -} - -component_check_doxygen_warnings () { - msg "Check: doxygen warnings (builds the documentation)" # ~ 3s - tests/scripts/doxygen.sh -} - -component_check_code_style () { - msg "Check C code style" - ./framework/scripts/code_style.py -} - -support_check_code_style () { - case $(uncrustify --version) in - *0.75.1*) true;; - *) false;; - esac -} - -component_check_python_files () { - msg "Lint: Python scripts" - tests/scripts/check-python-files.sh -} - -component_check_test_helpers () { - msg "unit test: generate_test_code.py" - # unittest writes out mundane stuff like number or tests run on stderr. - # Our convention is to reserve stderr for actual errors, and write - # harmless info on stdout so it can be suppress with --quiet. - ./framework/scripts/test_generate_test_code.py 2>&1 - - msg "unit test: translate_ciphers.py" - python3 -m unittest framework/scripts/translate_ciphers.py 2>&1 -} diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh deleted file mode 100644 index f3a8d1975..000000000 --- a/tests/scripts/components-build-system.sh +++ /dev/null @@ -1,250 +0,0 @@ -# components-build-system.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Build System Testing -################################################################ - -component_test_make_shared () { - msg "build/test: make shared" # ~ 40s - make SHARED=1 TEST_CPP=1 all check - ldd programs/util/strerror | grep libmbedcrypto - programs/test/dlopen_demo.sh -} - -component_test_cmake_shared () { - msg "build/test: cmake shared" # ~ 2min - cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . - make - ldd programs/util/strerror | grep libtfpsacrypto - make test - programs/test/dlopen_demo.sh -} - -support_test_cmake_out_of_source () { - distrib_id="" - distrib_ver="" - distrib_ver_minor="" - distrib_ver_major="" - - # Attempt to parse lsb-release to find out distribution and version. If not - # found this should fail safe (test is supported). - if [[ -f /etc/lsb-release ]]; then - - while read -r lsb_line; do - case "$lsb_line" in - "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; - "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; - esac - done < /etc/lsb-release - - distrib_ver_major="${distrib_ver%%.*}" - distrib_ver="${distrib_ver#*.}" - distrib_ver_minor="${distrib_ver%%.*}" - fi - - # Running the out of source CMake test on Ubuntu 16.04 using more than one - # processor (as the CI does) can create a race condition whereby the build - # fails to see a generated file, despite that file actually having been - # generated. This problem appears to go away with 18.04 or newer, so make - # the out of source tests unsupported on Ubuntu 16.04. - [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] -} - -component_test_cmake_out_of_source () { - # Remove existing generated files so that we use the ones cmake - # generates - make neat - - msg "build: cmake 'out-of-source' build" - MBEDTLS_ROOT_DIR="$PWD" - mkdir "$OUT_OF_SOURCE_DIR" - cd "$OUT_OF_SOURCE_DIR" - # Note: Explicitly generate files as these are turned off in releases - cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR" - make - - msg "test: cmake 'out-of-source' build" - make test - # Check that ssl-opt.sh can find the test programs. - # Also ensure that there are no error messages such as - # "No such file or directory", which would indicate that some required - # file is missing (ssl-opt.sh tolerates the absence of some files so - # may exit with status 0 but emit errors). - ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err - grep PASS ssl-opt.out - cat ssl-opt.err >&2 - # If ssl-opt.err is non-empty, record an error and keep going. - [ ! -s ssl-opt.err ] - rm ssl-opt.out ssl-opt.err - cd "$MBEDTLS_ROOT_DIR" - rm -rf "$OUT_OF_SOURCE_DIR" -} - -component_test_cmake_as_subdirectory () { - # Remove existing generated files so that we use the ones CMake - # generates - make neat - - msg "build: cmake 'as-subdirectory' build" - cd programs/test/cmake_subproject - # Note: Explicitly generate files as these are turned off in releases - cmake -D GEN_FILES=ON . - make - ./cmake_subproject -} - -support_test_cmake_as_subdirectory () { - support_test_cmake_out_of_source -} - -component_test_cmake_as_package () { - # Remove existing generated files so that we use the ones CMake - # generates - make neat - - msg "build: cmake 'as-package' build" - root_dir="$(pwd)" - cd programs/test/cmake_package - build_variant_dir="$(pwd)" - cmake . - make - ./cmake_package - if [[ "$OSTYPE" == linux* ]]; then - PKG_CONFIG_PATH="${build_variant_dir}/mbedtls/pkgconfig" \ - ${root_dir}/tests/scripts/pkgconfig.sh \ - mbedtls mbedx509 mbedcrypto - # These are the EXPECTED package names. Renaming these could break - # consumers of pkg-config, consider carefully. - fi -} - -component_test_tf_psa_crypto_cmake_as_package () { - # Remove existing generated files so that we use the ones CMake - # generates - make neat - - msg "build: cmake 'as-package' build" - root_dir="$(pwd)" - cd tf-psa-crypto/programs/test/cmake_package - build_variant_dir="$(pwd)" - cmake . - make - ./cmake_package - if [[ "$OSTYPE" == linux* ]]; then - PKG_CONFIG_PATH="${build_variant_dir}/tf-psa-crypto/pkgconfig" \ - ${root_dir}/tests/scripts/pkgconfig.sh \ - tfpsacrypto - # This is the EXPECTED package name. Renaming it could break consumers - # of pkg-config, consider carefully. - fi -} - -support_test_cmake_as_package () { - support_test_cmake_out_of_source -} - -component_test_cmake_as_package_install () { - # Remove existing generated files so that we use the ones CMake - # generates - make neat - - msg "build: cmake 'as-installed-package' build" - cd programs/test/cmake_package_install - cmake . - make - ./cmake_package_install -} - -support_test_cmake_as_package_install () { - support_test_cmake_out_of_source -} - -component_build_cmake_custom_config_file () { - # Make a copy of config file to use for the in-tree test - cp "$CONFIG_H" include/mbedtls_config_in_tree_copy.h - cp "$CRYPTO_CONFIG_H" include/mbedtls_crypto_config_in_tree_copy.h - - MBEDTLS_ROOT_DIR="$PWD" - mkdir "$OUT_OF_SOURCE_DIR" - cd "$OUT_OF_SOURCE_DIR" - - # Build once to get the generated files (which need an intact config file) - cmake "$MBEDTLS_ROOT_DIR" - make - - msg "build: cmake with -DMBEDTLS_CONFIG_FILE" - cd "$MBEDTLS_ROOT_DIR" - scripts/config.py full - cp include/mbedtls/mbedtls_config.h $OUT_OF_SOURCE_DIR/full_config.h - cp tf-psa-crypto/include/psa/crypto_config.h $OUT_OF_SOURCE_DIR/full_crypto_config.h - cd "$OUT_OF_SOURCE_DIR" - echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h "$MBEDTLS_ROOT_DIR" - make - - msg "build: cmake with -DMBEDTLS/TF_PSA_CRYPTO_CONFIG_FILE + -DMBEDTLS/TF_PSA_CRYPTO_USER_CONFIG_FILE" - # In the user config, disable one feature (for simplicity, pick a feature - # that nothing else depends on). - echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - echo '#undef MBEDTLS_NIST_KW_C' >crypto_user_config.h - - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h -DTF_PSA_CRYPTO_USER_CONFIG_FILE=crypto_user_config.h "$MBEDTLS_ROOT_DIR" - make - not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C - - rm -f user_config.h full_config.h full_crypto_config.h - - cd "$MBEDTLS_ROOT_DIR" - rm -rf "$OUT_OF_SOURCE_DIR" - - # Now repeat the test for an in-tree build: - - # Restore config for the in-tree test - mv include/mbedtls_config_in_tree_copy.h "$CONFIG_H" - mv include/mbedtls_crypto_config_in_tree_copy.h "$CRYPTO_CONFIG_H" - - # Build once to get the generated files (which need an intact config) - cmake . - make - - msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE" - cp include/mbedtls/mbedtls_config.h full_config.h - cp tf-psa-crypto/include/psa/crypto_config.h full_crypto_config.h - - echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" - cmake -DGEN_FILES=OFF -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h -DMBEDTLS_CONFIG_FILE=full_config.h . - make - - msg "build: cmake (in-tree) with -DMBEDTLS/TF_PSA_CRYPTO_CONFIG_FILE + -DMBEDTLS/TF_PSA_CRYPTO_USER_CONFIG_FILE" - # In the user config, disable one feature (for simplicity, pick a feature - # that nothing else depends on). - echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - echo '#undef MBEDTLS_NIST_KW_C' >crypto_user_config.h - - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h -DTF_PSA_CRYPTO_USER_CONFIG_FILE=crypto_user_config.h . - make - not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C - - rm -f user_config.h full_config.h -} - -support_build_cmake_custom_config_file () { - support_test_cmake_out_of_source -} - -component_build_cmake_programs_no_testing () { - # Verify that the type of builds performed by oss-fuzz don't get accidentally broken - msg "build: cmake with -DENABLE_PROGRAMS=ON and -DENABLE_TESTING=OFF" - cmake -DENABLE_PROGRAMS=ON -DENABLE_TESTING=OFF . - make -} -support_build_cmake_programs_no_testing () { - support_test_cmake_out_of_source -} diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh deleted file mode 100644 index 0598b2df0..000000000 --- a/tests/scripts/components-compiler.sh +++ /dev/null @@ -1,146 +0,0 @@ -# components-compiler.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Compiler Testing -################################################################ - -support_build_tfm_armcc () { - support_build_armcc -} - -component_build_tfm_armcc () { - # test the TF-M configuration can build cleanly with various warning flags enabled - cp configs/config-tfm.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - msg "build: TF-M config, armclang armv7-m thumb2" - helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" -} - -test_build_opt () { - info=$1 cc=$2; shift 2 - $cc --version - for opt in "$@"; do - msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" - # We're confident enough in compilers to not run _all_ the tests, - # but at least run the unit tests. In particular, runs with - # optimizations use inline assembly whereas runs with -O0 - # skip inline assembly. - make test # ~30s - make clean - done -} - -# For FreeBSD we invoke the function by name so this condition is added -# to disable the existing test_clang_opt function for linux. -if [[ $(uname) != "Linux" ]]; then - component_test_clang_opt () { - scripts/config.py full - test_build_opt 'full config' clang -O0 -Os -O2 - } -fi - -component_test_clang_latest_opt () { - scripts/config.py full - test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2 -} - -support_test_clang_latest_opt () { - type "$CLANG_LATEST" >/dev/null 2>/dev/null -} - -component_test_clang_earliest_opt () { - scripts/config.py full - test_build_opt 'full config' "$CLANG_EARLIEST" -O2 -} - -support_test_clang_earliest_opt () { - type "$CLANG_EARLIEST" >/dev/null 2>/dev/null -} - -component_test_gcc_latest_opt () { - scripts/config.py full - test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2 -} - -support_test_gcc_latest_opt () { - type "$GCC_LATEST" >/dev/null 2>/dev/null -} - -component_test_gcc_earliest_opt () { - scripts/config.py full - test_build_opt 'full config' "$GCC_EARLIEST" -O2 -} - -support_test_gcc_earliest_opt () { - type "$GCC_EARLIEST" >/dev/null 2>/dev/null -} - -component_build_mingw () { - msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs - - # note Make tests only builds the tests, but doesn't run them - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests - make WINDOWS_BUILD=1 clean - - msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests - make WINDOWS_BUILD=1 clean - - msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s - ./scripts/config.py unset MBEDTLS_AESNI_C # - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib - make WINDOWS_BUILD=1 clean -} - -support_build_mingw () { - case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in - [0-5]*|"") false;; - *) true;; - esac -} - -component_build_zeroize_checks () { - msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()" - - scripts/config.py full - - # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" -} - -component_test_zeroize () { - # Test that the function mbedtls_platform_zeroize() is not optimized away by - # different combinations of compilers and optimization flags by using an - # auxiliary GDB script. Unfortunately, GDB does not return error values to the - # system in all cases that the script fails, so we must manually search the - # output to check whether the pass string is present and no failure strings - # were printed. - - # Don't try to disable ASLR. We don't care about ASLR here. We do care - # about a spurious message if Gdb tries and fails, so suppress that. - gdb_disable_aslr= - if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then - gdb_disable_aslr='set disable-randomization off' - fi - - for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - grep "The buffer was correctly zeroized" test_zeroize.log - not grep -i "error" test_zeroize.log - rm -f test_zeroize.log - make clean - done - done -} diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh deleted file mode 100644 index 16a306da1..000000000 --- a/tests/scripts/components-compliance.sh +++ /dev/null @@ -1,32 +0,0 @@ -# components-compliance.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Compliance Testing -################################################################ - -component_test_psa_compliance () { - # The arch tests build with gcc, so require use of gcc here to link properly - msg "build: make, default config (out-of-box), libmbedcrypto.a only" - CC=gcc make -C library libmbedcrypto.a - - msg "unit test: test_psa_compliance.py" - CC=gcc ./tests/scripts/test_psa_compliance.py --build-dir="." -} - -support_test_psa_compliance () { - # psa-compliance-tests only supports CMake >= 3.10.0 - ver="$(cmake --version)" - ver="${ver#cmake version }" - ver_major="${ver%%.*}" - - ver="${ver#*.}" - ver_minor="${ver%%.*}" - - [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] -} - diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh deleted file mode 100644 index bb80bb44c..000000000 --- a/tests/scripts/components-configuration-crypto.sh +++ /dev/null @@ -1,2628 +0,0 @@ -# components-configuration-crypto.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - Crypto -################################################################ - -component_test_psa_crypto_key_id_encodes_owner () { - msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" - make test -} - -component_test_psa_assume_exclusive_buffers () { - msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan" - make test -} - -component_test_crypto_with_static_key_slots() { - msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - scripts/config.py crypto_full - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that - # is enough to contain: - # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS). - # - RSA key pairs up to 1024 bits, but not 2048 or larger. - # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS). - # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS). - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212 - # Disable the fully dynamic key store (default on) since it conflicts - # with the static behavior that we're testing here. - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - - msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test -} - -# check_renamed_symbols HEADER LIB -# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol -# name in LIB. -check_renamed_symbols () { - ! nm "$2" | sed 's/.* //' | - grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" -} - -component_build_psa_crypto_spm () { - msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" - scripts/config.py full - scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM - # We can only compile, not link, since our test and sample programs - # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM - # is active. - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib - - # Check that if a symbol is renamed by crypto_spe.h, the non-renamed - # version is not present. - echo "Checking for renamed symbols in the library" - check_renamed_symbols framework/tests/include/spe/crypto_spe.h library/libmbedcrypto.a -} - -# The goal of this component is to build a configuration where: -# - test code and libtestdriver1 can make use of calloc/free and -# - core library (including PSA core) cannot use calloc/free. -component_test_psa_crypto_without_heap() { - msg "crypto without heap: build libtestdriver1" - # Disable PSA features that cannot be accelerated and whose builtin support - # requires calloc/free. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_" - # RSA key support requires ASN1 parse/write support for testing, but ASN1 - # is disabled below. - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_" - # DES requires built-in support for key generation (parity check) so it - # cannot be accelerated - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - # EC-JPAKE use calloc/free in PSA core - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE - - # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). - PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) - loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') - - helper_libtestdriver1_adjust_config crypto - helper_libtestdriver1_make_drivers "$loc_accel_list" - - msg "crypto without heap: build main library" - # Disable all legacy MBEDTLS_xxx symbols. - scripts/config.py unset-all "^MBEDTLS_" - # Build the PSA core using the proper config file. - scripts/config.py set MBEDTLS_PSA_CRYPTO_C - # Enable fully-static key slots in PSA core. - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Prevent PSA core from creating a copy of input/output buffers. - scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS - # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - # Set calloc/free as null pointer functions. Calling them would crash - # the program so we can use this as a "sentinel" for being sure no module - # is making use of these functions in the library. - scripts/config.py set MBEDTLS_PLATFORM_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL - scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - - helper_libtestdriver1_make_main "$loc_accel_list" lib - - msg "crypto without heap: build test suites and helpers" - # Reset calloc/free functions to normal operations so that test code can - # freely use them. - scripts/config.py unset MBEDTLS_PLATFORM_MEMORY - scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC - scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE - helper_libtestdriver1_make_main "$loc_accel_list" tests - - msg "crypto without heap: test" - make test -} - -component_test_no_rsa_key_pair_generation () { - msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py unset MBEDTLS_GENPRIME - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - make - - msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - make test -} - -component_test_no_pem_no_fs () { - msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" - scripts/config.py unset MBEDTLS_PEM_PARSE_C - scripts/config.py unset MBEDTLS_FS_IO - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min - tests/ssl-opt.sh -} - -component_test_rsa_no_crt () { - msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min - scripts/config.py set MBEDTLS_RSA_NO_CRT - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f RSA - - msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min - tests/compat.sh -t RSA - - msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_no_ctr_drbg_use_psa () { - msg "build: Full minus CTR_DRBG, PSA crypto in TLS" - scripts/config.py full - scripts/config.py unset MBEDTLS_CTR_DRBG_C - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" - make test - - # In this configuration, the TLS test programs use HMAC_DRBG. - # The SSL tests are slow, so run a small subset, just enough to get - # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" - tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL -} - -component_test_no_hmac_drbg_use_psa () { - msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" - scripts/config.py full - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" - make test - - # Normally our ECDSA implementation uses deterministic ECDSA. But since - # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used - # instead. - # Test SSL with non-deterministic ECDSA. Only test features that - # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|SSL async private: sign' - - # To save time, only test one protocol version, since this part of - # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" - tests/compat.sh -m tls12 -t 'ECDSA' -} - -component_test_psa_external_rng_no_drbg_use_psa () { - msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_ENTROPY_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" - make test - - msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|opaque' -} - -component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" - make test - - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" - tests/ssl-opt.sh -f 'Default\|opaque' -} - -component_test_psa_inject_entropy () { - msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY - scripts/config.py set MBEDTLS_ENTROPY_NV_SEED - scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ - scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" - make test -} - -component_full_no_pkparse_pkwrite () { - msg "build: full without pkparse and pkwrite" - - scripts/config.py crypto_full - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). - not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o - not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o - - msg "test: full without pkparse and pkwrite" - make test -} - -component_test_crypto_full_md_light_only () { - msg "build: crypto_full with only the light subset of MD" - scripts/config.py crypto_full - - # Disable MD - scripts/config.py unset MBEDTLS_MD_C - # Disable direct dependencies of MD_C - scripts/config.py unset MBEDTLS_HKDF_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_PKCS7_C - # Disable indirect dependencies of MD_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - # Disable things that would auto-enable MD_C - scripts/config.py unset MBEDTLS_PKCS5_C - - # Note: MD-light is auto-enabled in build_info.h by modules that need it, - # which we haven't disabled, so no need to explicitly enable it. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - # Make sure we don't have the HMAC functions, but the hashing functions - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o - grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o - - msg "test: crypto_full with only the light subset of MD" - make test -} - -component_test_full_no_cipher () { - msg "build: full no CIPHER" - - scripts/config.py full - scripts/config.py unset MBEDTLS_CIPHER_C - - # The built-in implementation of the following algs/key-types depends - # on CIPHER_C so we disable them. - # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 - # so we keep them enabled. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - - # The following modules directly depends on CIPHER_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - make - - # Ensure that CIPHER_C was not re-enabled - not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o - - msg "test: full no CIPHER" - make test -} - -component_test_full_no_ccm () { - msg "build: full no PSA_WANT_ALG_CCM" - - # Full config enables: - # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA - # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated - scripts/config.py full - - # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still - # enabled, but not used from TLS since USE_PSA is set. - # This is helpful to ensure that TLS tests below have proper dependencies. - # - # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause - # PSA_WANT_ALG_CCM to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM - - make - - msg "test: full no PSA_WANT_ALG_CCM" - make test -} - -component_test_full_no_ccm_star_no_tag () { - msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - - # Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated - scripts/config.py full - - # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all - # other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol. - # This basically disables all unauthenticated ciphers on the PSA side, while - # keeping AEADs enabled. - # - # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause - # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - - make - - # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled - not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o - - msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - make test -} - -component_test_config_symmetric_only () { - msg "build: configs/config-symmetric-only.h" - MBEDTLS_CONFIG="configs/config-symmetric-only.h" - CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-symmetric-only.h - unit tests" - make test -} - -component_test_everest () { - msg "build: Everest ECDH context (ASan build)" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: metatests (clang, ASan)" - tests/scripts/run-metatests.sh any asan poison - - msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f ECDH - - msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min - # Exclude some symmetric ciphers that are redundant here to gain time. - tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' -} - -component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE - - # Disable all curves - scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 - - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test -} - -component_test_psa_collect_statuses () { - msg "build+test: psa_collect_statuses" # ~30s - scripts/config.py full - tests/scripts/psa_collect_statuses.py - # Check that psa_crypto_init() succeeded at least once - grep -q '^0:psa_crypto_init:' tests/statuses.log - rm -f tests/statuses.log -} - -# Check that the specified libraries exist and are empty. -are_empty_libraries () { - nm "$@" >/dev/null 2>/dev/null - ! nm "$@" 2>/dev/null | grep -v ':$' | grep . -} - -component_test_crypto_for_psa_service () { - msg "build: make, config for PSA crypto service" - scripts/config.py crypto - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - # Disable things that are not needed for just cryptography, to - # reach a configuration that would be typical for a PSA cryptography - # service providing all implemented PSA algorithms. - # System stuff - scripts/config.py unset MBEDTLS_ERROR_C - scripts/config.py unset MBEDTLS_TIMING_C - scripts/config.py unset MBEDTLS_VERSION_FEATURES - # Crypto stuff with no PSA interface - scripts/config.py unset MBEDTLS_BASE64_C - # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. - scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent - # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_PEM_PARSE_C - scripts/config.py unset MBEDTLS_PEM_WRITE_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_PKCS5_C - # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed - # in PSA code to work with RSA keys. We don't require users to set those: - # they will be reenabled in build_info.h. - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - make CFLAGS='-O1 -Werror' all test - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - -component_build_crypto_baremetal () { - msg "build: make, crypto only, baremetal config" - scripts/config.py crypto_baremetal - make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - -support_build_crypto_baremetal () { - support_build_baremetal "$@" -} - -# depends.py family of tests -component_test_depends_py_cipher_id () { - msg "test/build: depends.py cipher_id (gcc)" - tests/scripts/depends.py cipher_id -} - -component_test_depends_py_cipher_chaining () { - msg "test/build: depends.py cipher_chaining (gcc)" - tests/scripts/depends.py cipher_chaining -} - -component_test_depends_py_cipher_padding () { - msg "test/build: depends.py cipher_padding (gcc)" - tests/scripts/depends.py cipher_padding -} - -component_test_depends_py_curves () { - msg "test/build: depends.py curves (gcc)" - tests/scripts/depends.py curves -} - -component_test_depends_py_hashes () { - msg "test/build: depends.py hashes (gcc)" - tests/scripts/depends.py hashes -} - -component_test_depends_py_pkalgs () { - msg "test/build: depends.py pkalgs (gcc)" - tests/scripts/depends.py pkalgs -} - -component_test_psa_crypto_config_ffdh_2048_only () { - msg "build: full config - only DH 2048" - - scripts/config.py full - - # Disable all DH groups other than 2048. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192 - - make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full config - only DH 2048" - make test - - msg "ssl-opt: full config - only DH 2048" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_accel_ecdsa () { - msg "build: accelerated ECDSA" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Configure - # --------- - - # Start from default config + TLS 1.3 - helper_libtestdriver1_adjust_config "default" - - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - - # Run the tests - # ------------- - - msg "test: accelerated ECDSA" - make test -} - -component_test_psa_crypto_config_accel_ecdh () { - msg "build: accelerated ECDH" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDH \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Configure - # --------- - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDH_C - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - - # Run the tests - # ------------- - - msg "test: accelerated ECDH" - make test -} - -component_test_psa_crypto_config_accel_ffdh () { - msg "build: full with accelerated FFDH" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - - # Configure - # --------- - - # start with full (USE_PSA and TLS 1.3) - helper_libtestdriver1_adjust_config "full" - - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_DHM_C - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o - - # Run the tests - # ------------- - - msg "test: full with accelerated FFDH" - make test - - msg "ssl-opt: full with accelerated FFDH alg" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_reference_ffdh () { - msg "build: full with non-accelerated FFDH" - - # Start with full (USE_PSA and TLS 1.3) - helper_libtestdriver1_adjust_config "full" - - # Disable things that are not supported - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - make - - msg "test suites: full with non-accelerated FFDH alg" - make test - - msg "ssl-opt: full with non-accelerated FFDH alg" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_accel_pake () { - msg "build: full with accelerated PAKE" - - loc_accel_list="ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Configure - # --------- - - helper_libtestdriver1_adjust_config "full" - - # Make built-in fallback not available - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o - - # Run the tests - # ------------- - - msg "test: full with accelerated PAKE" - make test -} - -component_test_psa_crypto_config_accel_ecc_some_key_types () { - msg "build: full with accelerated EC algs and some key types" - - # Algorithms and key types to accelerate - # For key types, use an explicitly list to omit GENERATE (and DERIVE) - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - KEY_TYPE_ECC_PUBLIC_KEY \ - KEY_TYPE_ECC_KEY_PAIR_BASIC \ - KEY_TYPE_ECC_KEY_PAIR_IMPORT \ - KEY_TYPE_ECC_KEY_PAIR_EXPORT \ - $(helper_get_psa_curve_list)" - - # Configure - # --------- - - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_ECP_C - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # ECP should be re-enabled but not the others - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test suites: full with accelerated EC algs and some key types" - make test -} - -# Run tests with only (non-)Weierstrass accelerated -# Common code used in: -# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves -# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves -common_test_psa_crypto_config_accel_ecc_some_curves () { - weierstrass=$1 - if [ $weierstrass -eq 1 ]; then - desc="Weierstrass" - else - desc="non-Weierstrass" - fi - - msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" - - # Note: Curves are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - # Note: the following loop is a modified version of - # helper_get_psa_curve_list that only keeps Weierstrass families. - loc_weierstrass_list="" - loc_non_weierstrass_list="" - for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - case $item in - ECC_BRAINPOOL*|ECC_SECP*) - loc_weierstrass_list="$loc_weierstrass_list $item" - ;; - *) - loc_non_weierstrass_list="$loc_non_weierstrass_list $item" - ;; - esac - done - if [ $weierstrass -eq 1 ]; then - loc_curve_list=$loc_weierstrass_list - else - loc_curve_list=$loc_non_weierstrass_list - fi - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $loc_curve_list" - - # Configure - # --------- - - # Start with config crypto_full and remove PK_C: - # that's what's supported now, see docs/driver-only-builds.md. - helper_libtestdriver1_adjust_config "crypto_full" - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_ECP_C - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # We expect ECDH to be re-enabled for the missing curves - grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - # We expect ECP to be re-enabled, however the parts specific to the - # families of curves that are accelerated should be ommited. - # - functions with mxz in the name are specific to Montgomery curves - # - ecp_muladd is specific to Weierstrass curves - ##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms - if [ $weierstrass -eq 1 ]; then - not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o - grep mxz ${BUILTIN_SRC_PATH}/ecp.o - else - grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o - not grep mxz ${BUILTIN_SRC_PATH}/ecp.o - fi - # We expect ECDSA and ECJPAKE to be re-enabled only when - # Weierstrass curves are not accelerated - if [ $weierstrass -eq 1 ]; then - not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - else - grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - fi - - # Run the tests - # ------------- - - msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - make test -} - -component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { - common_test_psa_crypto_config_accel_ecc_some_curves 1 -} - -component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () { - common_test_psa_crypto_config_accel_ecc_some_curves 0 -} - -# Auxiliary function to build config for all EC based algorithms (EC-JPAKE, -# ECDH, ECDSA) with and without drivers. -# The input parameter is a boolean value which indicates: -# - 0 keep built-in EC algs, -# - 1 exclude built-in EC algs (driver only). -# -# This is used by the two following components to ensure they always use the -# same config, except for the use of driver or built-in EC algorithms: -# - component_test_psa_crypto_config_accel_ecc_ecp_light_only; -# - component_test_psa_crypto_config_reference_ecc_ecp_light_only. -# This supports comparing their test coverage with analyze_outcomes.py. -config_psa_crypto_config_ecp_light_only () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_ECP_C - fi - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only -component_test_psa_crypto_config_accel_ecc_ecp_light_only () { - msg "build: full with accelerated EC algs" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Configure - # --------- - - # Use the same config as reference, only without built-in EC algs - config_psa_crypto_config_ecp_light_only 1 - - # Do not disable builtin curves because that support is required for: - # - MBEDTLS_PK_PARSE_EC_EXTENDED - # - MBEDTLS_PK_PARSE_EC_COMPRESSED - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test suites: full with accelerated EC algs" - make test - - msg "ssl-opt: full with accelerated EC algs" - tests/ssl-opt.sh -} - -# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only -component_test_psa_crypto_config_reference_ecc_ecp_light_only () { - msg "build: non-accelerated EC algs" - - config_psa_crypto_config_ecp_light_only 0 - - make - - msg "test suites: full with non-accelerated EC algs" - make test - - msg "ssl-opt: full with non-accelerated EC algs" - tests/ssl-opt.sh -} - -# This helper function is used by: -# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all() -# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() -# to ensure that both tests use the same underlying configuration when testing -# driver's coverage with analyze_outcomes.py. -# -# This functions accepts 1 boolean parameter as follows: -# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore -# excluding their built-in implementation as well as ECP_C & ECP_LIGHT -# - 0: include built-in implementation of EC algorithms. -# -# PK_C and RSA_C are always disabled to ensure there is no remaining dependency -# on the ECP module. -config_psa_crypto_no_ecp_at_all () { - driver_only="$1" - # start with full config for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - # Disable ECP module (entirely) - scripts/config.py unset MBEDTLS_ECP_C - fi - - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Build and test a configuration where driver accelerates all EC algs while -# all support and dependencies from ECP and ECP_LIGHT are removed on the library -# side. -# -# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() -component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { - msg "build: full + accelerated EC algs - ECP" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_no_ecp_at_all 1 - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - - # Build - # ----- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP module was not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test: full + accelerated EC algs - ECP" - make test - - msg "ssl-opt: full + accelerated EC algs - ECP" - tests/ssl-opt.sh -} - -# Reference function used for driver's coverage analysis in analyze_outcomes.py -# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). -# Keep in sync with its accelerated counterpart. -component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { - msg "build: full + non accelerated EC algs" - - config_psa_crypto_no_ecp_at_all 0 - - make - - msg "test: full + non accelerated EC algs" - make test - - msg "ssl-opt: full + non accelerated EC algs" - tests/ssl-opt.sh -} - -# This is a common configuration helper used directly from: -# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# and indirectly from: -# - component_test_psa_crypto_config_accel_ecc_no_bignum -# - accelerate all EC algs, disable RSA and FFDH -# - component_test_psa_crypto_config_reference_ecc_no_bignum -# - this is the reference component of the above -# - it still disables RSA and FFDH, but it uses builtin EC algs -# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# - accelerate all EC and FFDH algs, disable only RSA -# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# - this is the reference component of the above -# - it still disables RSA, but it uses builtin EC and FFDH algs -# -# This function accepts 2 parameters: -# $1: a boolean value which states if we are testing an accelerated scenario -# or not. -# $2: a string value which states which components are tested. Allowed values -# are "ECC" or "ECC_DH". -config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - driver_only="$1" - test_target="$2" - # start with full config for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - # Disable ECP module (entirely) - scripts/config.py unset MBEDTLS_ECP_C - # Also disable bignum - scripts/config.py unset MBEDTLS_BIGNUM_C - fi - - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # RSA support is intentionally disabled on this test because RSA_C depends - # on BIGNUM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - - if [ "$test_target" = "ECC" ]; then - # When testing ECC only, we disable FFDH support, both from builtin and - # PSA sides, and also disable the key exchanges that depend on DHM. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" - scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - else - # When testing ECC and DH instead, we disable DHM and depending key - # exchanges only in the accelerated build - if [ "$driver_only" -eq 1 ]; then - scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - fi - fi - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Common helper used by: -# - component_test_psa_crypto_config_accel_ecc_no_bignum -# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# -# The goal is to build and test accelerating either: -# - ECC only or -# - both ECC and FFDH -# -# It is meant to be used in conjunction with -# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers -# coverage analysis in the "analyze_outcomes.py" script. -common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - test_target="$1" - - # This is an internal helper to simplify text message handling - if [ "$test_target" = "ECC_DH" ]; then - accel_text="ECC/FFDH" - removed_text="ECP - DH" - else - accel_text="ECC" - removed_text="ECP" - fi - - msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - - # By default we accelerate all EC keys/algs - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Optionally we can also add DH to the list of accelerated items - if [ "$test_target" = "ECC_DH" ]; then - loc_accel_list="$loc_accel_list \ - ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - fi - - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - - # Build - # ----- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o - - # Run the tests - # ------------- - - msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" - - make test - - msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - tests/ssl-opt.sh -} - -# Common helper used by: -# - component_test_psa_crypto_config_reference_ecc_no_bignum -# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# -# The goal is to build and test a reference scenario (i.e. with builtin -# components) compared to the ones used in -# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above. -# -# It is meant to be used in conjunction with -# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers' -# coverage analysis in "analyze_outcomes.py" script. -common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - test_target="$1" - - # This is an internal helper to simplify text message handling - if [ "$test_target" = "ECC_DH" ]; then - accel_text="ECC/FFDH" - else - accel_text="ECC" - fi - - msg "build: full + non accelerated $accel_text algs + USE_PSA" - - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - - make - - msg "test suites: full + non accelerated EC algs + USE_PSA" - make test - - msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" - tests/ssl-opt.sh -} - -component_test_psa_crypto_config_accel_ecc_no_bignum () { - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC" -} - -component_test_psa_crypto_config_reference_ecc_no_bignum () { - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC" -} - -component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH" -} - -component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH" -} - -component_test_tfm_config_as_is () { - msg "build: configs/config-tfm.h" - MBEDTLS_CONFIG="configs/config-tfm.h" - CRYPTO_CONFIG="configs/ext/crypto_config_profile_medium.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-tfm.h - unit tests" - make test -} - -# Helper for setting common configurations between: -# - component_test_tfm_config_p256m_driver_accel_ec() -# - component_test_tfm_config_no_p256m() -common_tfm_config () { - # Enable TF-M config - cp configs/config-tfm.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - # Config adjustment for better test coverage in our environment. - # This is not needed just to build and pass tests. - # - # Enable filesystem I/O for the benefit of PK parse/write tests. - sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #define MBEDTLS_FS_IO' "$CRYPTO_CONFIG_H" -} - -# Keep this in sync with component_test_tfm_config() as they are both meant -# to be used in analyze_outcomes.py for driver's coverage analysis. -component_test_tfm_config_p256m_driver_accel_ec () { - msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - - common_tfm_config - - # Build crypto library - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o - not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - # Check that p256m was built - grep -q p256_ecdsa_ library/libmbedcrypto.a - - # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration - # files, so we want to ensure that it has not be re-enabled accidentally. - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - - # Run the tests - msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - make test -} - -# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as -# they are both meant to be used in analyze_outcomes.py for driver's coverage -# analysis. -component_test_tfm_config_no_p256m () { - common_tfm_config - - # Disable P256M driver, which is on by default, so that analyze_outcomes - # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" - - msg "build: TF-M config without p256m" - make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests - - # Check that p256m was not built - not grep p256_ecdsa_ library/libmbedcrypto.a - - # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration - # files, so we want to ensure that it has not be re-enabled accidentally. - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - - msg "test: TF-M config without p256m" - make test -} - -# This is an helper used by: -# - component_test_psa_ecc_key_pair_no_derive -# - component_test_psa_ecc_key_pair_no_generate -# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols -# enabled, but one. Input arguments are as follows: -# - $1 is the configuration to start from -# - $2 is the key type under test, i.e. ECC/RSA/DH -# - $3 is the key option to be unset (i.e. generate, derive, etc) -build_and_test_psa_want_key_pair_partial () { - base_config=$1 - key_type=$2 - unset_option=$3 - disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}" - - msg "build: $base_config - ${disabled_psa_want}" - scripts/config.py "$base_config" - - # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in - # crypto_config.h so we just disable the one we don't want. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" - - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: $base_config - ${disabled_psa_want}" - make test -} - -component_test_psa_ecc_key_pair_no_derive () { - build_and_test_psa_want_key_pair_partial full "ECC" "DERIVE" -} - -component_test_psa_ecc_key_pair_no_generate () { - # TLS needs ECC key generation whenever ephemeral ECDH is enabled. - # We don't have proper guards for configurations with ECC key generation - # disabled (https://github.com/Mbed-TLS/mbedtls/issues/9481). Until - # then (if ever), just test the crypto part of the library. - build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE" -} - -config_psa_crypto_accel_rsa () { - driver_only=$1 - - # Start from crypto_full config (no X.509, no TLS) - helper_libtestdriver1_adjust_config "crypto_full" - - if [ "$driver_only" -eq 1 ]; then - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - - # We need PEM parsing in the test library as well to support the import - # of PEM encoded RSA keys. - scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C - scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C - fi -} - -component_test_psa_crypto_config_accel_rsa_crypto () { - msg "build: crypto_full with accelerated RSA" - - loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \ - ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \ - KEY_TYPE_RSA_PUBLIC_KEY \ - KEY_TYPE_RSA_KEY_PAIR_BASIC \ - KEY_TYPE_RSA_KEY_PAIR_GENERATE \ - KEY_TYPE_RSA_KEY_PAIR_IMPORT \ - KEY_TYPE_RSA_KEY_PAIR_EXPORT" - - # Configure - # --------- - - config_psa_crypto_accel_rsa 1 - - # Build - # ----- - - # These hashes are needed for unit tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o - - # Run the tests - # ------------- - - msg "test: crypto_full with accelerated RSA" - make test -} - -component_test_psa_crypto_config_reference_rsa_crypto () { - msg "build: crypto_full with non-accelerated RSA" - - # Configure - # --------- - config_psa_crypto_accel_rsa 0 - - # Build - # ----- - make - - # Run the tests - # ------------- - msg "test: crypto_full with non-accelerated RSA" - make test -} - -# This is a temporary test to verify that full RSA support is present even when -# only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined. -component_test_new_psa_want_key_pair_symbol () { - msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - - # Create a temporary output file unless there is already one set - if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then - REMOVE_OUTCOME_ON_EXIT="no" - else - REMOVE_OUTCOME_ON_EXIT="yes" - MBEDTLS_TEST_OUTCOME_FILE="$PWD/out.csv" - export MBEDTLS_TEST_OUTCOME_FILE - fi - - # Start from crypto configuration - scripts/config.py crypto - - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - - # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure - # that proper translations is done in crypto_legacy.h. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - - make - - msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - make test - - # Parse only 1 relevant line from the outcome file, i.e. a test which is - # performing RSA signature. - msg "Verify that 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' is PASS" - cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS" - - if [ "$REMOVE_OUTCOME_ON_EXIT" == "yes" ]; then - rm $MBEDTLS_TEST_OUTCOME_FILE - fi -} - -component_test_psa_crypto_config_accel_hash () { - msg "test: accelerated hash" - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SHA1_C - scripts/config.py unset MBEDTLS_SHA224_C - scripts/config.py unset MBEDTLS_SHA256_C - scripts/config.py unset MBEDTLS_SHA384_C - scripts/config.py unset MBEDTLS_SHA512_C - scripts/config.py unset MBEDTLS_SHA3_C - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # There's a risk of something getting re-enabled via config_psa.h; - # make sure it did not happen. Note: it's OK for MD_C to be enabled. - not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o - not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o - not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o - not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o - not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o - - # Run the tests - # ------------- - - msg "test: accelerated hash" - make test -} - -# Auxiliary function to build config for hashes with and without drivers -config_psa_crypto_hash_use_psa () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # disable the built-in implementation of hashes - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SHA1_C - scripts/config.py unset MBEDTLS_SHA224_C - scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA384_C - scripts/config.py unset MBEDTLS_SHA512_C - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA3_C - fi -} - -# Note that component_test_psa_crypto_config_reference_hash_use_psa -# is related to this component and both components need to be kept in sync. -# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa. -component_test_psa_crypto_config_accel_hash_use_psa () { - msg "test: full with accelerated hashes" - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - config_psa_crypto_hash_use_psa 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # There's a risk of something getting re-enabled via config_psa.h; - # make sure it did not happen. Note: it's OK for MD_C to be enabled. - not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o - not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o - not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o - not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o - not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o - - # Run the tests - # ------------- - - msg "test: full with accelerated hashes" - make test - - # This is mostly useful so that we can later compare outcome files with - # the reference config in analyze_outcomes.py, to check that the - # dependency declarations in ssl-opt.sh and in TLS code are correct. - msg "test: ssl-opt.sh, full with accelerated hashes" - tests/ssl-opt.sh - - # This is to make sure all ciphersuites are exercised, but we don't need - # interop testing (besides, we already got some from ssl-opt.sh). - msg "test: compat.sh, full with accelerated hashes" - tests/compat.sh -p mbedTLS -V YES -} - -# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa -# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py -# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt). -# Both components need to be kept in sync. -component_test_psa_crypto_config_reference_hash_use_psa () { - msg "test: full without accelerated hashes" - - config_psa_crypto_hash_use_psa 0 - - make - - msg "test: full without accelerated hashes" - make test - - msg "test: ssl-opt.sh, full without accelerated hashes" - tests/ssl-opt.sh -} - -# Auxiliary function to build config for hashes with and without drivers -config_psa_crypto_hmac_use_psa () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - if [ "$driver_only" -eq 1 ]; then - # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT - # is still enabled though (for ENTROPY_C among others). - scripts/config.py unset MBEDTLS_MD_C - # Disable also the builtin hashes since they are supported by the driver - # and MD module is able to perform PSA dispathing. - scripts/config.py unset-all MBEDTLS_SHA - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - fi - - # Direct dependencies of MD_C. We disable them also in the reference - # component to work with the same set of features. - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_HKDF_C - # Dependencies of HMAC_DRBG - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA -} - -component_test_psa_crypto_config_accel_hmac () { - msg "test: full with accelerated hmac" - - loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \ - ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - config_psa_crypto_hmac_use_psa 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Ensure that built-in support for HMAC is disabled. - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o - - # Run the tests - # ------------- - - msg "test: full with accelerated hmac" - make test -} - -component_test_psa_crypto_config_reference_hmac () { - msg "test: full without accelerated hmac" - - config_psa_crypto_hmac_use_psa 0 - - make - - msg "test: full without accelerated hmac" - make test -} - -component_test_psa_crypto_config_accel_des () { - msg "test: accelerated DES" - - # Albeit this components aims at accelerating DES which should only support - # CBC and ECB modes, we need to accelerate more than that otherwise DES_C - # would automatically be re-enabled by "config_adjust_legacy_from_psa.c" - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \ - ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \ - KEY_TYPE_DES" - - # Note: we cannot accelerate all ciphers' key types otherwise we would also - # have to either disable CCM/GCM or accelerate them, but that's out of scope - # of this component. This limitation will be addressed by #8598. - - # Configure - # --------- - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_CMAC_C - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o - - # Run the tests - # ------------- - - msg "test: accelerated DES" - make test -} - -component_test_psa_crypto_config_accel_aead () { - msg "test: accelerated AEAD" - - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \ - KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - # Start from full config - helper_libtestdriver1_adjust_config "full" - - # Disable things that are being accelerated - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - - # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o - not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o - not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o - - # Run the tests - # ------------- - - msg "test: accelerated AEAD" - make test -} - -# This is a common configuration function used in: -# - component_test_psa_crypto_config_accel_cipher_aead_cmac -# - component_test_psa_crypto_config_reference_cipher_aead_cmac -common_psa_crypto_config_accel_cipher_aead_cmac () { - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - scripts/config.py unset MBEDTLS_NIST_KW_C -} - -# The 2 following test components, i.e. -# - component_test_psa_crypto_config_accel_cipher_aead_cmac -# - component_test_psa_crypto_config_reference_cipher_aead_cmac -# are meant to be used together in analyze_outcomes.py script in order to test -# driver's coverage for ciphers and AEADs. -component_test_psa_crypto_config_accel_cipher_aead_cmac () { - msg "build: full config with accelerated cipher inc. AEAD and CMAC" - - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ - ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ - ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ - KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_psa_crypto_config_accel_cipher_aead_cmac - - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_AES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CHACHA20_C - scripts/config.py unset MBEDTLS_CAMELLIA_C - - # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA - # does not depend on it. - scripts/config.py unset MBEDTLS_CIPHER_C - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o - not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o - not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o - not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o - not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o - not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o - - # Run the tests - # ------------- - - msg "test: full config with accelerated cipher inc. AEAD and CMAC" - make test - - msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" - tests/ssl-opt.sh - - msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC" - tests/compat.sh -V NO -p mbedTLS -} - -component_test_psa_crypto_config_reference_cipher_aead_cmac () { - msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" - common_psa_crypto_config_accel_cipher_aead_cmac - - make - - msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - make test - - msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" - tests/ssl-opt.sh - - msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC" - tests/compat.sh -V NO -p mbedTLS -} - -common_block_cipher_dispatch () { - TEST_WITH_DRIVER="$1" - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - if [ "$TEST_WITH_DRIVER" -eq 1 ]; then - # Disable key types that are accelerated (there is no legacy equivalent - # symbol for ECB) - scripts/config.py unset MBEDTLS_AES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CAMELLIA_C - fi - - # Disable cipher's modes that, when not accelerated, cause - # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". - # Keep this also in the reference component in order to skip the same tests - # that were skipped in the accelerated one. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - - # Disable direct dependency on AES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Prevent the cipher module from using deprecated PSA path. The reason is - # that otherwise there will be tests relying on "aes_info" (defined in - # "cipher_wrap.c") whose functions are not available when AES_C is - # not defined. ARIA and Camellia are not a problem in this case because - # the PSA path is not tested for these key types. - scripts/config.py set MBEDTLS_DEPRECATED_REMOVED -} - -component_test_full_block_cipher_psa_dispatch_static_keystore () { - msg "build: full + PSA dispatch in block_cipher with static keystore" - # Check that the static key store works well when CTR_DRBG uses a - # PSA key for AES. - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - - loc_accel_list="ALG_ECB_NO_PADDING \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_block_cipher_dispatch 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure disabled components were not re-enabled by accident (additive - # config) - not grep mbedtls_aes_ library/aes.o - not grep mbedtls_aria_ library/aria.o - not grep mbedtls_camellia_ library/camellia.o - - # Run the tests - # ------------- - - msg "test: full + PSA dispatch in block_cipher with static keystore" - make test -} - -component_test_full_block_cipher_psa_dispatch () { - msg "build: full + PSA dispatch in block_cipher" - - loc_accel_list="ALG_ECB_NO_PADDING \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_block_cipher_dispatch 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure disabled components were not re-enabled by accident (additive - # config) - not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o - - # Run the tests - # ------------- - - msg "test: full + PSA dispatch in block_cipher" - make test -} - -# This is the reference component of component_test_full_block_cipher_psa_dispatch -component_test_full_block_cipher_legacy_dispatch () { - msg "build: full + legacy dispatch in block_cipher" - - common_block_cipher_dispatch 0 - - make - - msg "test: full + legacy dispatch in block_cipher" - make test -} - -component_test_aead_chachapoly_disabled () { - msg "build: full minus CHACHAPOLY" - scripts/config.py full - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full minus CHACHAPOLY" - make test -} - -component_test_aead_only_ccm () { - msg "build: full minus CHACHAPOLY and GCM" - scripts/config.py full - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full minus CHACHAPOLY and GCM" - make test -} - -component_test_ccm_aes_sha256 () { - msg "build: CCM + AES + SHA256 configuration" - - # Setting a blank config disables everyhing in the library side. - echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" - cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" - - make - msg "test: CCM + AES + SHA256 configuration" - make test -} - -# Test that the given .o file builds with all (valid) combinations of the given options. -# -# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... -# -# The validator function is the name of a function to validate the combination of options. -# It may be "" if all combinations are valid. -# It receives a string containing a combination of options, as passed to the compiler, -# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid. -build_test_config_combos () { - file=$1 - shift - validate_options=$1 - shift - options=("$@") - - # clear all of the options so that they can be overridden on the clang commandline - for opt in "${options[@]}"; do - ./scripts/config.py unset ${opt} - done - - # enter the library directory - cd library - - # The most common issue is unused variables/functions, so ensure -Wunused is set. - warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - - # Extract the command generated by the Makefile to build the target file. - # This ensures that we have any include paths, macro definitions, etc - # that may be applied by make. - # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c" - - makefile=$(TMPDIR=. mktemp) - deps="" - - len=${#options[@]} - source_file=../${file%.o}.c - - targets=0 - echo 'include Makefile' >${makefile} - - for ((i = 0; i < $((2**${len})); i++)); do - # generate each of 2^n combinations of options - # each bit of $i is used to determine if options[i] will be set or not - target="t" - clang_args="" - for ((j = 0; j < ${len}; j++)); do - if (((i >> j) & 1)); then - opt=-D${options[$j]} - clang_args="${clang_args} ${opt}" - target="${target}${opt}" - fi - done - - # if combination is not known to be invalid, add it to the makefile - if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then - cmd="${compile_cmd} ${clang_args}" - echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} - - deps="${deps} ${target}" - ((++targets)) - fi - done - - echo "build_test_config_combos: ${deps}" >> ${makefile} - - # execute all of the commands via Make (probably in parallel) - make -s -f ${makefile} build_test_config_combos - echo "$targets targets checked" - - # clean up the temporary makefile - rm ${makefile} -} - -validate_aes_config_variations () { - if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ - ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - return 1 - fi - fi - return 0 -} - -component_build_aes_variations () { - # 18s - around 90ms per clang invocation on M1 Pro - # - # aes.o has many #if defined(...) guards that intersect in complex ways. - # Test that all the combinations build cleanly. - - MBEDTLS_ROOT_DIR="$PWD" - msg "build: aes.o for all combinations of relevant config options" - - build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ - "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" - - cd "$MBEDTLS_ROOT_DIR" - msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, - # manually set or unset those configurations to check - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_NIST_KW_C - - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_DES_C - - build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ - "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" -} - -component_test_sha3_variations () { - msg "sha3 loop unroll variations" - - # define minimal config sufficient to test SHA3 - cat > include/mbedtls/mbedtls_config.h << END -END - - cat > tf-psa-crypto/include/psa/crypto_config.h << END - #define PSA_WANT_ALG_SHA_256 1 - #define PSA_WANT_ALG_SHA3_224 1 - #define PSA_WANT_ALG_SHA3_256 1 - #define PSA_WANT_ALG_SHA3_384 1 - #define PSA_WANT_ALG_SHA3_512 1 - #define MBEDTLS_AES_C - #define MBEDTLS_CTR_DRBG_C - #define MBEDTLS_ENTROPY_C - #define MBEDTLS_PSA_CRYPTO_C - #define MBEDTLS_SELF_TEST -END - - msg "all loops unrolled" - make clean - make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" - ./tf-psa-crypto/tests/test_suite_shax - - msg "all loops rolled up" - make clean - make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0" - ./tf-psa-crypto/tests/test_suite_shax -} - -support_build_aes_aesce_armcc () { - support_build_armcc -} - -# For timebeing, no aarch64 gcc available in CI and no arm64 CI node. -component_build_aes_aesce_armcc () { - msg "Build: AESCE test on arm64 platform without plain C." - scripts/config.py baremetal - - # armc[56] don't support SHA-512 intrinsics - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - - # Stop armclang warning about feature detection for A64_CRYPTO. - # With this enabled, the library does build correctly under armclang, - # but in baremetal builds (as tested here), feature detection is - # unavailable, and the user is notified via a #warning. So enabling - # this feature would prevent us from building with -Werror on - # armclang. Tracked in #7198. - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py set MBEDTLS_HAVE_ASM - - msg "AESCE, build with default configuration." - scripts/config.py set MBEDTLS_AESCE_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" - - msg "AESCE, build AESCE only" - scripts/config.py set MBEDTLS_AESCE_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" -} - -component_test_aes_only_128_bit_keys () { - msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH" - scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - - make CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" - make test -} - -component_test_no_ctr_drbg_aes_only_128_bit_keys () { - msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py unset MBEDTLS_CTR_DRBG_C - - make CC=clang CFLAGS='-Werror -Wall -Wextra' - - msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - make test -} - -component_test_aes_only_128_bit_keys_have_builtins () { - msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - - make CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - make test - - msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - programs/test/selftest -} - -component_test_gcm_largetable () { - msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C" - scripts/config.py set MBEDTLS_GCM_LARGE_TABLE - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - - make CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" - make test -} - -component_test_aes_fewer_tables () { - msg "build: default config with AES_FEWER_TABLES enabled" - scripts/config.py set MBEDTLS_AES_FEWER_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: AES_FEWER_TABLES" - make test -} - -component_test_aes_rom_tables () { - msg "build: default config with AES_ROM_TABLES enabled" - scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: AES_ROM_TABLES" - make test -} - -component_test_aes_fewer_tables_and_rom_tables () { - msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - scripts/config.py set MBEDTLS_AES_FEWER_TABLES - scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - make test -} - -# helper for component_test_block_cipher_no_decrypt_aesni() which: -# - enable/disable the list of config options passed from -s/-u respectively. -# - build -# - test for tests_suite_xxx -# - selftest -# -# Usage: helper_block_cipher_no_decrypt_build_test -# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]] -# Options: -s set_opts the list of config options to enable -# -u unset_opts the list of config options to disable -# -c cflags the list of options passed to CFLAGS -# -l ldflags the list of options passed to LDFLAGS -helper_block_cipher_no_decrypt_build_test () { - while [ $# -gt 0 ]; do - case "$1" in - -s) - shift; local set_opts="$1";; - -u) - shift; local unset_opts="$1";; - -c) - shift; local cflags="-Werror -Wall -Wextra $1";; - -l) - shift; local ldflags="$1";; - esac - shift - done - set_opts="${set_opts:-}" - unset_opts="${unset_opts:-}" - cflags="${cflags:-}" - ldflags="${ldflags:-}" - - [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts - [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts - - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - make clean - make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o - # Make sure we don't have mbedtls_aesni_inverse_key in AESNI - not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - programs/test/selftest -} - -# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: -config_block_cipher_no_decrypt () { - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_DES_C -} - -component_test_block_cipher_no_decrypt_aesni () { - # Test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, AESNI assembly and - # AES C implementation on x86_64 and with AESNI intrinsics on x86. - - # This consistently causes an llvm crash on clang 3.8, so use gcc - export CC=gcc - config_block_cipher_no_decrypt - - # test AESNI intrinsics - helper_block_cipher_no_decrypt_build_test \ - -s "MBEDTLS_AESNI_C" \ - -c "-mpclmul -msse2 -maes" - - # test AESNI assembly - helper_block_cipher_no_decrypt_build_test \ - -s "MBEDTLS_AESNI_C" \ - -c "-mno-pclmul -mno-sse2 -mno-aes" - - # test AES C implementation - helper_block_cipher_no_decrypt_build_test \ - -u "MBEDTLS_AESNI_C" - - # test AESNI intrinsics for i386 target - helper_block_cipher_no_decrypt_build_test \ - -s "MBEDTLS_AESNI_C" \ - -c "-m32 -mpclmul -msse2 -maes" \ - -l "-m32" -} - -support_test_block_cipher_no_decrypt_aesce_armcc () { - support_build_armcc -} - -component_test_block_cipher_no_decrypt_aesce_armcc () { - scripts/config.py baremetal - - # armc[56] don't support SHA-512 intrinsics - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - - # Stop armclang warning about feature detection for A64_CRYPTO. - # With this enabled, the library does build correctly under armclang, - # but in baremetal builds (as tested here), feature detection is - # unavailable, and the user is notified via a #warning. So enabling - # this feature would prevent us from building with -Werror on - # armclang. Tracked in #7198. - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py set MBEDTLS_HAVE_ASM - - config_block_cipher_no_decrypt - - # test AESCE baremetal build - scripts/config.py set MBEDTLS_AESCE_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o - # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE - not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o - not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o -} - -component_test_ctr_drbg_aes_256_sha_256 () { - msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" - make test -} - -component_test_ctr_drbg_aes_128_sha_512 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" - make test -} - -component_test_ctr_drbg_aes_128_sha_256 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" - make test -} - -component_test_full_static_keystore () { - msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - scripts/config.py full - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - make test -} - -component_test_psa_crypto_drivers () { - # Test dispatch to drivers and fallbacks with - # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that - # are wrappers around the builtin drivers are activated by - # PSA_CRYPTO_DRIVER_TEST. - # - # For the time being, some test cases in test_suite_block_cipher and - # test_suite_md.psa rely on this component to be run at least once by the - # CI. This should disappear as we progress the 4.x work. See - # config_adjust_test_accelerators.h for more information. - msg "build: full + test drivers dispatching to builtins" - scripts/config.py full - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" - loc_cflags="${loc_cflags} -I../framework/tests/include" - - make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + test drivers dispatching to builtins" - make test -} - -component_build_psa_config_file () { - msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE" # ~40s - cp "$CRYPTO_CONFIG_H" psa_test_config.h - echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" - make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" - # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config MBEDTLS_CMAC_C - make clean - - msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s - # In the user config, disable one feature and its dependencies, which will - # reflect on the mbedtls configuration so we can query it with - # query_compile_time_config. - echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h - echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h - make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" - not programs/test/query_compile_time_config MBEDTLS_CMAC_C - - rm -f psa_test_config.h psa_user_config.h -} - -component_build_psa_alt_headers () { - msg "build: make with PSA alt headers" # ~20s - - # Generate alternative versions of the substitutable headers with the - # same content except different include guards. - make -C tests ../framework/tests/include/alt-extra/psa/crypto_platform_alt.h ../framework/tests/include/alt-extra/psa/crypto_struct_alt.h - - # Build the library and some programs. - # Don't build the fuzzers to avoid having to go through hoops to set - # a correct include path for programs/fuzz/Makefile. - make CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib - make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" - - # Check that we're getting the alternative include guards and not the - # original include guards. - programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H - programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H - programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H - programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H -} - -component_test_min_mpi_window_size () { - msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s - scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s - make test -} diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh deleted file mode 100644 index bebd86051..000000000 --- a/tests/scripts/components-configuration-platform.sh +++ /dev/null @@ -1,111 +0,0 @@ -# components-configuration-platform.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - Platform -################################################################ - -component_build_no_std_function () { - # catch compile bugs in _uninit functions - msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s - scripts/config.py full - scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . - make -} - -component_build_no_sockets () { - # Note, C99 compliance can also be tested with the sockets support disabled, - # as that requires a POSIX platform (which isn't the same as C99). - msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. - scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib -} - -component_test_no_date_time () { - msg "build: default config without MBEDTLS_HAVE_TIME_DATE" - scripts/config.py unset MBEDTLS_HAVE_TIME_DATE - cmake -D CMAKE_BUILD_TYPE:String=Check . - make - - msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" - make test -} - -component_test_platform_calloc_macro () { - msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc - scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - make test -} - -component_test_have_int32 () { - msg "build: gcc, force 32-bit bignum limbs" - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - - msg "test: gcc, force 32-bit bignum limbs" - make test -} - -component_test_have_int64 () { - msg "build: gcc, force 64-bit bignum limbs" - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - - msg "test: gcc, force 64-bit bignum limbs" - make test -} - -component_test_have_int32_cmake_new_bignum () { - msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" - - msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" - make test -} - -component_test_no_udbl_division () { - msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - scripts/config.py full - scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' - - msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - make test -} - -component_test_no_64bit_multiplication () { - msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - scripts/config.py full - scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' - - msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - make test -} - - - diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh deleted file mode 100644 index 83795012f..000000000 --- a/tests/scripts/components-configuration-tls.sh +++ /dev/null @@ -1,661 +0,0 @@ -# components-configuration-tls.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - TLS -################################################################ - -component_test_config_suite_b () { - msg "build: configs/config-suite-b.h" - MBEDTLS_CONFIG="configs/config-suite-b.h" - CRYPTO_CONFIG="configs/crypto-config-suite-b.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-suite-b.h - unit tests" - make test - - msg "test: configs/config-suite-b.h - compat.sh" - tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS - - msg "build: configs/config-suite-b.h + DEBUG" - MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" - make clean - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C - make ssl-opt - - msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh" - tests/ssl-opt.sh -} - -component_test_no_renegotiation () { - msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min - scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min - tests/ssl-opt.sh -} - -component_test_tls1_2_default_stream_cipher_only () { - msg "build: default with only stream cipher use psa" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - # Note: The unset below is to be removed for 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only stream cipher use psa" - make test - - # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. -} - -component_test_tls1_2_default_cbc_legacy_cipher_only () { - msg "build: default with only CBC-legacy cipher use psa" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only CBC-legacy cipher use psa" - make test - - msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - -component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { - msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING - # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" - make test - - msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - -component_test_config_thread () { - msg "build: configs/config-thread.h" - MBEDTLS_CONFIG="configs/config-thread.h" - CRYPTO_CONFIG="configs/crypto-config-thread.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-thread.h - unit tests" - make test - - msg "test: configs/config-thread.h - ssl-opt.sh" - tests/ssl-opt.sh -f 'ECJPAKE.*nolog' -} - -component_test_tls1_2_ccm_psk () { - msg "build: configs/config-ccm-psk-tls1_2.h" - MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h" - CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-ccm-psk-tls1_2.h - unit tests" - make test - - msg "test: configs/config-ccm-psk-tls1_2.h - compat.sh" - tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8' -} - -component_test_tls1_2_ccm_psk_dtls () { - msg "build: configs/config-ccm-psk-dtls1_2.h" - MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" - CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests" - make test - - msg "test: configs/config-ccm-psk-dtls1_2.h - compat.sh" - tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8' - - msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG" - MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" - make clean - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C - make ssl-opt - - msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh" - tests/ssl-opt.sh -} - -component_test_small_ssl_out_content_len () { - msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" - scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 - scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" - tests/ssl-opt.sh -f "Max fragment\|Large packet" -} - -component_test_small_ssl_in_content_len () { - msg "build: small SSL_IN_CONTENT_LEN (ASan build)" - scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 - scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" - tests/ssl-opt.sh -f "Max fragment" -} - -component_test_small_ssl_dtls_max_buffering () { - msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" - scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" - tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" -} - -component_test_small_mbedtls_ssl_dtls_max_buffering () { - msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" - scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" - tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" -} - -# Common helper for component_full_without_ecdhe_ecdsa() and -# component_full_without_ecdhe_ecdsa_and_tls13() which: -# - starts from the "full" configuration minus the list of symbols passed in -# as 1st parameter -# - build -# - test only TLS (i.e. test_suite_tls and ssl-opt) -build_full_minus_something_and_test_tls () { - symbols_to_disable="$1" - - msg "build: full minus something, test TLS" - - scripts/config.py full - for sym in $symbols_to_disable; do - echo "Disabling $sym" - scripts/config.py unset $sym - done - - make - - msg "test: full minus something, test TLS" - ( cd tests; ./test_suite_ssl ) - - msg "ssl-opt: full minus something, test TLS" - tests/ssl-opt.sh -} - -component_full_without_ecdhe_ecdsa () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -} - -component_full_without_ecdhe_ecdsa_and_tls13 () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - MBEDTLS_SSL_PROTO_TLS1_3" -} - -component_build_no_ssl_srv () { - msg "build: full config except SSL server, make, gcc" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' -} - -component_build_no_ssl_cli () { - msg "build: full config except SSL client, make, gcc" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' -} - -component_test_no_max_fragment_length () { - # Run max fragment length tests with MFL disabled - msg "build: default config except MFL extension (ASan build)" # ~ 30s - scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: ssl-opt.sh, MFL-related tests" - tests/ssl-opt.sh -f "Max fragment length" -} - -component_test_asan_remove_peer_certificate () { - msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" - scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - make test - - msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - tests/ssl-opt.sh - - msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - tests/compat.sh - - msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - tests/context-info.sh -} - -component_test_no_max_fragment_length_small_ssl_out_content_len () { - msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" - scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 - scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MFL tests (disabled MFL extension case) & large packet tests" - tests/ssl-opt.sh -f "Max fragment length\|Large buffer" - - msg "test: context-info.sh (disabled MFL extension case)" - tests/context-info.sh -} - -component_test_variable_ssl_in_out_buffer_len () { - msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" - scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - make test - - msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - tests/ssl-opt.sh - - msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - tests/compat.sh -} - -component_test_dtls_cid_legacy () { - msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" - scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" - make test - - msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/ssl-opt.sh - - msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/compat.sh -} - -component_test_ssl_alloc_buffer_and_mfl () { - msg "build: default config with memory buffer allocator and MFL extension" - scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_MEMORY_DEBUG - scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - cmake -DCMAKE_BUILD_TYPE:String=Release . - make - - msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - make test - - msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - tests/ssl-opt.sh -f "Handshake memory usage" -} - -component_test_when_no_ciphersuites_have_mac () { - msg "build: when no ciphersuites have MAC" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CMAC_C - - make - - msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" - make test - - msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" - tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' -} - -component_test_tls12_only () { - msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan" - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (ASan build)" - make test - - msg "test: ssl-opt.sh (ASan build)" - tests/ssl-opt.sh - - msg "test: compat.sh (ASan build)" - tests/compat.sh -} - -component_test_tls13_only () { - msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2" - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT - - scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test: TLS 1.3 only, all key exchange modes enabled" - make test - - msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk () { - msg "build: TLS 1.3 only from default, only PSK key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192 - # Note: The four unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_DHM_C - - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled" - tests/ssl-opt.sh -} - -component_test_tls13_only_ephemeral () { - msg "build: TLS 1.3 only from default, only ephemeral key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode" - tests/ssl-opt.sh -} - -component_test_tls13_only_ephemeral_ffdh () { - msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - # Note: The unset below is to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C - - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk_ephemeral () { - msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 - - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk_ephemeral_ffdh () { - msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 - - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk_all () { - msg "build: TLS 1.3 only from default, without ephemeral key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 - - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" - tests/ssl-opt.sh -} - -component_test_tls13_only_ephemeral_all () { - msg "build: TLS 1.3 only from default, without PSK key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" - tests/ssl-opt.sh -} - -component_test_tls13_no_padding () { - msg "build: default config plus early data minus padding" - scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: default config plus early data minus padding" - make test - msg "ssl-opt.sh (TLS 1.3 no padding)" - tests/ssl-opt.sh -} - -component_test_tls13_no_compatibility_mode () { - msg "build: default config plus early data minus middlebox compatibility mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: default config plus early data minus middlebox compatibility mode" - make test - msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" - tests/ssl-opt.sh -} - -component_test_full_minus_session_tickets () { - msg "build: full config without session tickets" - scripts/config.py full - scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: full config without session tickets" - make test - msg "ssl-opt.sh (full config without session tickets)" - tests/ssl-opt.sh -} - -component_test_depends_py_kex () { - msg "test/build: depends.py kex (gcc)" - tests/scripts/depends.py kex -} - - diff --git a/tests/scripts/components-configuration-x509.sh b/tests/scripts/components-configuration-x509.sh deleted file mode 100644 index 800d98ed6..000000000 --- a/tests/scripts/components-configuration-x509.sh +++ /dev/null @@ -1,35 +0,0 @@ -# components-configuration-x509.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - X509 -################################################################ - -component_test_no_x509_info () { - msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests - scripts/config.py set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O2' - - msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s - make test - - msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min - tests/ssl-opt.sh -} - -component_test_sw_inet_pton () { - msg "build: default plus MBEDTLS_TEST_SW_INET_PTON" - - # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton - scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" - - msg "test: default plus MBEDTLS_TEST_SW_INET_PTON" - make test -} diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh deleted file mode 100644 index 74408457d..000000000 --- a/tests/scripts/components-configuration.sh +++ /dev/null @@ -1,349 +0,0 @@ -# components-configuration.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing -################################################################ - -component_test_default_out_of_box () { - msg "build: make, default config (out-of-box)" # ~1min - make - # Disable fancy stuff - unset MBEDTLS_TEST_OUTCOME_FILE - - msg "test: main suites make, default config (out-of-box)" # ~10s - make test - - msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~10s - tests/scripts/run_demos.py -} - -component_test_default_cmake_gcc_asan () { - msg "build: cmake, gcc, ASan" # ~ 1 min 50s - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "program demos (ASan build)" # ~10s - tests/scripts/run_demos.py - - msg "test: selftest (ASan build)" # ~ 10s - programs/test/selftest - - msg "test: metatests (GCC, ASan build)" - tests/scripts/run-metatests.sh any asan poison - - msg "test: ssl-opt.sh (ASan build)" # ~ 1 min - tests/ssl-opt.sh - - msg "test: compat.sh (ASan build)" # ~ 6 min - tests/compat.sh - - msg "test: context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_default_cmake_gcc_asan_new_bignum () { - msg "build: cmake, gcc, ASan" # ~ 1 min 50s - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: selftest (ASan build)" # ~ 10s - programs/test/selftest - - msg "test: ssl-opt.sh (ASan build)" # ~ 1 min - tests/ssl-opt.sh - - msg "test: compat.sh (ASan build)" # ~ 6 min - tests/compat.sh - - msg "test: context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_full_cmake_gcc_asan () { - msg "build: full config, cmake, gcc, ASan" - scripts/config.py full - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (full config, ASan build)" - make test - - msg "test: selftest (full config, ASan build)" # ~ 10s - programs/test/selftest - - msg "test: ssl-opt.sh (full config, ASan build)" - tests/ssl-opt.sh - - # Note: the next two invocations cover all compat.sh test cases. - # We should use the same here and in basic-build-test.sh. - msg "test: compat.sh: default version (full config, ASan build)" - tests/compat.sh -e 'ARIA\|CHACHA' - - msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' - - msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_full_cmake_gcc_asan_new_bignum () { - msg "build: full config, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (full config, new bignum, ASan)" - make test - - msg "test: selftest (full config, new bignum, ASan)" # ~ 10s - programs/test/selftest - - msg "test: ssl-opt.sh (full config, new bignum, ASan)" - tests/ssl-opt.sh - - # Note: the next two invocations cover all compat.sh test cases. - # We should use the same here and in basic-build-test.sh. - msg "test: compat.sh: default version (full config, new bignum, ASan)" - tests/compat.sh -e 'ARIA\|CHACHA' - - msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' - - msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec - tests/context-info.sh -} - -component_test_full_cmake_clang () { - msg "build: cmake, full config, clang" # ~ 50s - scripts/config.py full - CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 . - make - - msg "test: main suites (full config, clang)" # ~ 5s - make test - - msg "test: cpp_dummy_build (full config, clang)" # ~ 1s - programs/test/cpp_dummy_build - - msg "test: metatests (clang)" - tests/scripts/run-metatests.sh any pthread - - msg "program demos (full config, clang)" # ~10s - tests/scripts/run_demos.py - - msg "test: psa_constant_names (full config, clang)" # ~ 1s - tests/scripts/test_psa_constant_names.py - - msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s - tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' -} - -component_test_default_no_deprecated () { - # Test that removing the deprecated features from the default - # configuration leaves something consistent. - msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s - scripts/config.py set MBEDTLS_DEPRECATED_REMOVED - make CFLAGS='-O -Werror -Wall -Wextra' - - msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s - make test -} - -component_test_full_no_deprecated () { - msg "build: make, full_no_deprecated config" # ~ 30s - scripts/config.py full_no_deprecated - make CFLAGS='-O -Werror -Wall -Wextra' - - msg "test: make, full_no_deprecated config" # ~ 5s - make test - - msg "test: ensure that X509 has no direct dependency on BIGNUM_C" - not grep mbedtls_mpi library/libmbedx509.a -} - -component_test_full_no_deprecated_deprecated_warning () { - # Test that there is nothing deprecated in "full_no_deprecated". - # A deprecated feature would trigger a warning (made fatal) from - # MBEDTLS_DEPRECATED_WARNING. - msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s - scripts/config.py full_no_deprecated - scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED - scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CFLAGS='-O -Werror -Wall -Wextra' - - msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s - make test -} - -component_test_full_deprecated_warning () { - # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes - # with only certain whitelisted types of warnings. - msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s - scripts/config.py full - scripts/config.py set MBEDTLS_DEPRECATED_WARNING - # Expect warnings from '#warning' directives in check_config.h. - # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to - # display #warning messages without them being treated as errors. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs - - msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s - # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. - # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. - # Expect warnings from '#warning' directives in check_config.h and - # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests - - msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s - make test - - msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s - tests/scripts/run_demos.py -} - -component_build_baremetal () { - msg "build: make, baremetal config" - scripts/config.py baremetal - make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" -} - -support_build_baremetal () { - # Older Glibc versions include time.h from other headers such as stdlib.h, - # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this - # problem, Ubuntu 18.04 is ok. - ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h -} - -component_build_tfm () { - # Check that the TF-M configuration can build cleanly with various - # warning flags enabled. We don't build or run tests, since the - # TF-M configuration needs a TF-M platform. A tweaked version of - # the configuration that works on mainstream platforms is in - # configs/config-tfm.h, tested via test-ref-configs.pl. - cp configs/config-tfm.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - msg "build: TF-M config, clang, armv7-m thumb2" - make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" - - msg "build: TF-M config, gcc native build" - make clean - make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" -} - -component_test_malloc_0_null () { - msg "build: malloc(0) returns NULL (ASan+UBSan build)" - scripts/config.py full - make CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: malloc(0) returns NULL (ASan+UBSan build)" - make test - - msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" - # Just the calloc selftest. "make test" ran the others as part of the - # test suites. - programs/test/selftest calloc - - msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" - # Run a subset of the tests. The choice is a balance between coverage - # and time (including time indirectly wasted due to flaky tests). - # The current choice is to skip tests whose description includes - # "proxy", which is an approximation of skipping tests that use the - # UDP proxy, which tend to be slower and flakier. - tests/ssl-opt.sh -e 'proxy' -} - -component_test_no_platform () { - # Full configuration build, without platform support, file IO and net sockets. - # This should catch missing mbedtls_printf definitions, and by disabling file - # IO, it should catch missing '#include ' - msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - scripts/config.py full_no_platform - scripts/config.py unset MBEDTLS_PLATFORM_C - scripts/config.py unset MBEDTLS_NET_C - scripts/config.py unset MBEDTLS_FS_IO - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, - # to re-enable platform integration features otherwise disabled in C99 builds - make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test -} - -component_build_mbedtls_config_file () { - msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s - scripts/config.py -w full_config.h full - echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" - # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - make clean - - msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE" - # In the user config, disable one feature (for simplicity, pick a feature - # that nothing else depends on). - echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" - not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - - rm -f user_config.h full_config.h -} - -component_test_no_strings () { - msg "build: no strings" # ~10s - scripts/config.py full - # Disable options that activate a large amount of string constants. - scripts/config.py unset MBEDTLS_DEBUG_C - scripts/config.py unset MBEDTLS_ERROR_C - scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY - scripts/config.py unset MBEDTLS_VERSION_FEATURES - make CFLAGS='-Werror -Os' - - msg "test: no strings" # ~ 10s - make test -} - -component_test_memory_buffer_allocator_backtrace () { - msg "build: default config with memory buffer allocator and backtrace enabled" - scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_MEMORY_BACKTRACE - scripts/config.py set MBEDTLS_MEMORY_DEBUG - cmake -DCMAKE_BUILD_TYPE:String=Release . - make - - msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" - make test -} - -component_test_memory_buffer_allocator () { - msg "build: default config with memory buffer allocator" - scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - cmake -DCMAKE_BUILD_TYPE:String=Release . - make - - msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" - make test - - msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" - # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. - tests/ssl-opt.sh -e '^DTLS proxy' -} diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh deleted file mode 100644 index abae2830a..000000000 --- a/tests/scripts/components-platform.sh +++ /dev/null @@ -1,604 +0,0 @@ -# components-platform.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Platform Testing -################################################################ - -component_test_m32_no_asm () { - # Build without assembly, so as to use portable C code (in a 32-bit - # build) and not the i386-specific inline assembly. - # - # Note that we require gcc, because clang Asan builds fail to link for - # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue). - msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - - msg "test: i386, make, gcc, no asm (ASan build)" - make test -} - -support_test_m32_no_asm () { - case $(uname -m) in - amd64|x86_64) true;; - *) false;; - esac -} - -component_test_m32_o2 () { - # Build with optimization, to use the i386 specific inline assembly - # and go faster for tests. - msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - - msg "test: i386, make, gcc -O2 (ASan build)" - make test - - msg "test ssl-opt.sh, i386, make, gcc-O2" - tests/ssl-opt.sh -} - -support_test_m32_o2 () { - support_test_m32_no_asm "$@" -} - -component_test_m32_everest () { - msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - - msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f ECDH - - msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min - # Exclude some symmetric ciphers that are redundant here to gain time. - tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' -} - -support_test_m32_everest () { - support_test_m32_no_asm "$@" -} - -component_test_mx32 () { - msg "build: 64-bit ILP32, make, gcc" # ~ 30s - scripts/config.py full - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' - - msg "test: 64-bit ILP32, make, gcc" - make test -} - -support_test_mx32 () { - case $(uname -m) in - amd64|x86_64) true;; - *) false;; - esac -} - -support_test_aesni () { - # Check that gcc targets x86_64 (we can build AESNI), and check for - # AESNI support on the host (we can run AESNI). - # - # The name of this function is possibly slightly misleading, but needs to align - # with the name of the corresponding test, component_test_aesni. - # - # In principle 32-bit x86 can support AESNI, but our implementation does not - # support 32-bit x86, so we check for x86-64. - # We can only grep /proc/cpuinfo on Linux, so this also checks for Linux - (gcc -v 2>&1 | grep Target | grep -q x86_64) && - [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] && - (lscpu | grep -qw aes) -} - -component_test_aesni () { # ~ 60s - # This tests the two AESNI implementations (intrinsics and assembly), and also the plain C - # fallback. It also tests the logic that is used to select which implementation(s) to build. - # - # This test does not require the host to have support for AESNI (if it doesn't, the run-time - # AESNI detection will fallback to the plain C implementation, so the tests will instead - # exercise the plain C impl). - - msg "build: default config with different AES implementations" - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - scripts/config.py set MBEDTLS_HAVE_ASM - - # test the intrinsics implementation - msg "AES tests, test intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - - # test the asm implementation - msg "AES tests, test assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - # check that we built assembly - this should be built if the compiler does not support intrinsics - ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly" - - # test the plain C implementation - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - msg "AES tests, plain C" - make clean - make CC=gcc CFLAGS='-O2 -Werror' - # check that there is no AESNI code present - ./programs/test/selftest aes | not grep -q "AESNI code" - not grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - - # test the intrinsics implementation - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - msg "AES tests, test AESNI only" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest -} - -support_test_aesni_m32 () { - support_test_m32_no_asm && (lscpu | grep -qw aes) -} - -component_test_aesni_m32 () { # ~ 60s - # This tests are duplicated from component_test_aesni for i386 target - # - # AESNI intrinsic code supports i386 and assembly code does not support it. - - msg "build: default config with different AES implementations" - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - scripts/config.py set MBEDTLS_HAVE_ASM - - # test the intrinsics implementation with gcc - msg "AES tests, test intrinsics (gcc)" - make clean - make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest - - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - msg "AES tests, test AESNI only" - make clean - make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest - not grep -q mbedtls_aesni_has_support ./programs/test/selftest -} - -support_test_aesni_m32_clang () { - # clang >= 4 is required to build with target attributes - support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]] -} - -component_test_aesni_m32_clang () { - - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - scripts/config.py set MBEDTLS_HAVE_ASM - - # test the intrinsics implementation with clang - msg "AES tests, test intrinsics (clang)" - make clean - make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest -} - -support_build_aes_armce () { - # clang >= 11 is required to build with AES extensions - [[ $(clang_version) -ge 11 ]] -} - -component_build_aes_armce () { - # Test variations of AES with Armv8 crypto extensions - scripts/config.py set MBEDTLS_AESCE_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - - msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "clang, test aarch64 crypto instructions built" - grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "clang, test A32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "clang, test T32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - - msg "MBEDTLS_AES_USE_both, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "clang, test aarch64 crypto instructions built" - grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_both, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "clang, test A32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_both, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "clang, test T32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - scripts/config.py unset MBEDTLS_AESCE_C - - msg "no MBEDTLS_AESCE_C, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" - msg "clang, test aarch64 crypto instructions not built" - not grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "no MBEDTLS_AESCE_C, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" - msg "clang, test A32 crypto instructions not built" - not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "no MBEDTLS_AESCE_C, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" - msg "clang, test T32 crypto instructions not built" - not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s -} - -support_build_sha_armce () { - # clang >= 4 is required to build with SHA extensions - [[ $(clang_version) -ge 4 ]] -} - -component_build_sha_armce () { - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - # Test variations of SHA256 Armv8 crypto extensions - scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test aarch64 crypto instructions built" - grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test A32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - - - # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, test T32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY - - scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, test aarch64 crypto instructions built" - grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - - # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99" - - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, test T32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - - # examine the disassembly for absence of SHA instructions - msg "clang, test A32 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" - not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - - msg "clang, test T32 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" - not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - - msg "clang, test aarch64 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" - not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s -} - -component_test_arm_linux_gnueabi_gcc_arm5vte () { - # Mimic Debian armel port - msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, default config" # ~4m - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' - - msg "test: main suites make, default config (out-of-box)" # ~7m 40s - make test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabi_gcc_arm5vte () { - can_run_arm_linux_gnueabi -} - -# The hard float ABI is not implemented for Thumb 1, so use gnueabi -# Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os -component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { - msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -O0, thumb 1, default config" # ~2m 10s - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb' - - msg "test: main suites make, default config (out-of-box)" # ~36m - make test - - msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { - can_run_arm_linux_gnueabi -} - -component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { - msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -Os, thumb 1, default config" # ~3m 10s - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb' - - msg "test: main suites make, default config (out-of-box)" # ~21m 10s - make test - - msg "selftest: make, default config (out-of-box)" # ~2s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { - can_run_arm_linux_gnueabi -} - -component_test_arm_linux_gnueabihf_gcc_armv7 () { - msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -O2, A32, default config" # ~4m 30s - make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm' - - msg "test: main suites make, default config (out-of-box)" # ~3m 30s - make test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabihf_gcc_armv7 () { - can_run_arm_linux_gnueabihf -} - -component_test_arm_linux_gnueabihf_gcc_thumb_2 () { - msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -Os, thumb 2, default config" # ~4m - make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb' - - msg "test: main suites make, default config (out-of-box)" # ~3m 40s - make test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabihf_gcc_thumb_2 () { - can_run_arm_linux_gnueabihf -} - -component_test_aarch64_linux_gnu_gcc () { - msg "test: ${AARCH64_LINUX_GNU_GCC_PREFIX}gcc -O2, default config" # ~3m 50s - make CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2' - - msg "test: main suites make, default config (out-of-box)" # ~1m 50s - make test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_aarch64_linux_gnu_gcc () { - # Minimum version of GCC for MBEDTLS_AESCE_C is 6.0 - [ "$(gcc_version "${AARCH64_LINUX_GNU_GCC_PREFIX}gcc")" -ge 6 ] && can_run_aarch64_linux_gnu -} - -component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s - scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib - - msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_linux_gnueabi_gcc_arm5vte () { - msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s - scripts/config.py baremetal - # Build for a target platform that's close to what Debian uses - # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). - # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. - # Build everything including programs, see for example - # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' - - msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o -} - -support_build_arm_linux_gnueabi_gcc_arm5vte () { - type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 -} - -component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s - scripts/config.py baremetal - # This is an imperfect substitute for - # component_build_arm_linux_gnueabi_gcc_arm5vte - # in case the gcc-arm-linux-gnueabi toolchain is not available - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib - - msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_none_eabi_gcc_m0plus () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s - scripts/config.py baremetal_size - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib - - msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" - ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o - for lib in library/*.a; do - echo "$lib:" - ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS - done -} - -component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - scripts/config.py baremetal - scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib - echo "Checking that software 64-bit division is not required" - not grep __aeabi_uldiv library/*.o - not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o - not grep __aeabi_uldiv ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - scripts/config.py baremetal - scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib - echo "Checking that software 64-bit multiplication is not required" - not grep __aeabi_lmul library/*.o - not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o - not grep __aeabi_lmul ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_clang_thumb () { - # ~ 30s - - scripts/config.py baremetal - - msg "build: clang thumb 2, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib - - # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os - msg "build: clang thumb 1 -O0, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib - - msg "build: clang thumb 1 -Os, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib -} - -component_build_armcc () { - # Common configuration for all the builds below - scripts/config.py baremetal - - # armc[56] don't support SHA-512 intrinsics - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - - # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm - scripts/config.py unset MBEDTLS_AESCE_C - - # Stop armclang warning about feature detection for A64_CRYPTO. - # With this enabled, the library does build correctly under armclang, - # but in baremetal builds (as tested here), feature detection is - # unavailable, and the user is notified via a #warning. So enabling - # this feature would prevent us from building with -Werror on - # armclang. Tracked in #7198. - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - scripts/config.py set MBEDTLS_HAVE_ASM - - # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. - - # ARM Compiler 6 - Target ARMv7-A - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a" - - # ARM Compiler 6 - Target ARMv7-M - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m" - - # ARM Compiler 6 - Target ARMv7-M+DSP - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp" - - # ARM Compiler 6 - Target ARMv8-A - AArch32 - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a" - - # ARM Compiler 6 - Target ARMv8-M - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" - - # ARM Compiler 6 - Target Cortex-M0 - no optimisation - helper_armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" - - # ARM Compiler 6 - Target Cortex-M0 - helper_armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" - - # ARM Compiler 6 - Target ARMv8.2-A - AArch64 - # - # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang - # that we have in our CI - scripts/config.py set MBEDTLS_AESCE_C - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" -} - -support_build_armcc () { - armc6_cc="$ARMC6_BIN_DIR/armclang" - (check_tools "$armc6_cc" > /dev/null 2>&1) -} diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh deleted file mode 100644 index ba8ab331d..000000000 --- a/tests/scripts/components-psasim.sh +++ /dev/null @@ -1,99 +0,0 @@ -# components-psasim.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Remote Procedure Call PSA Testing -################################################################ - -# Helper function for controlling (start & stop) the psasim server. -helper_psasim_server() { - OPERATION=$1 - if [ "$OPERATION" == "start" ]; then - msg "start server in tests" - ( - cd tests - ../$PSASIM_PATH/test/start_server.sh - ) - msg "start server in tf-psa-crypto/tests" - ( - cd tf-psa-crypto/tests - ../../$PSASIM_PATH/test/start_server.sh - ) - else - msg "terminate server in tests" - ( - # This will kill both servers and clean up all the message queues, - # and clear temporary files in tests - cd tests - ../$PSASIM_PATH/test/kill_servers.sh - ) - msg "terminate server in tf-psa-crypto/tests" - ( - # This just clears temporary files in tf-psa-crypto/tests - cd tf-psa-crypto/tests - ../../$PSASIM_PATH/test/kill_servers.sh - ) - fi -} - -component_test_psasim() { - msg "build server library and application" - scripts/config.py crypto - helper_psasim_config server - helper_psasim_build server - - helper_psasim_cleanup_before_client - - msg "build library for client" - helper_psasim_config client - helper_psasim_build client - - msg "build basic psasim client" - make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base - msg "test basic psasim client" - $PSASIM_PATH/test/run_test.sh psa_client_base - - msg "build full psasim client" - make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full - msg "test full psasim client" - $PSASIM_PATH/test/run_test.sh psa_client_full - - helper_psasim_server kill - make -C $PSASIM_PATH clean -} - -component_test_suite_with_psasim() -{ - msg "build server library and application" - helper_psasim_config server - # Modify server's library configuration here (if needed) - helper_psasim_build server - - helper_psasim_cleanup_before_client - - msg "build client library" - helper_psasim_config client - # PAKE functions are still unsupported from PSASIM - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - helper_psasim_build client - - msg "build test suites" - make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests - - helper_psasim_server start - - # psasim takes an extremely long execution time on some test suites so we - # exclude them from the list. - SKIP_TEST_SUITES="constant_time_hmac,lmots,lms" - export SKIP_TEST_SUITES - - msg "run test suites" - make PSASIM=1 test - - helper_psasim_server kill -} diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh deleted file mode 100644 index 454d1407f..000000000 --- a/tests/scripts/components-sanitizers.sh +++ /dev/null @@ -1,192 +0,0 @@ -# components-sanitizers.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Sanitizer Testing -################################################################ - -skip_suites_without_constant_flow () { - # Skip the test suites that don't have any constant-flow annotations. - # This will need to be adjusted if we ever start declaring things as - # secret from macros or functions inside framework/tests/include or framework/tests/src. - SKIP_TEST_SUITES=$( - git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | - sed 's/test_suite_//; s/\.function$//' | - tr '\n' ,),$( - git -C tf-psa-crypto/tests/suites grep -L TEST_CF_ 'test_suite_*.function' | - sed 's/test_suite_//; s/\.function$//' | - tr '\n' ,) - export SKIP_TEST_SUITES -} - -skip_all_except_given_suite () { - # Skip all but the given test suite - SKIP_TEST_SUITES=$( - ls -1 tests/suites/test_suite_*.function | - grep -v $1.function | - sed 's/tests.suites.test_suite_//; s/\.function$//' | - tr '\n' ,),$( - ls -1 tf-psa-crypto/tests/suites/test_suite_*.function | - grep -v $1.function | - sed 's/tf-psa-crypto.tests.suites.test_suite_//; s/\.function$//' | - tr '\n' ,) - export SKIP_TEST_SUITES -} - -component_test_memsan_constant_flow_psa () { - # This tests both (1) accesses to undefined memory, and (2) branches or - # memory access depending on secret values. To distinguish between those: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? - # - or alternatively, change the build type to MemSanDbg, which enables - # origin tracking and nicer stack traces (which are useful for debugging - # anyway), and check if the origin was TEST_CF_SECRET() or something else. - msg "build: cmake MSan (clang), full config with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm - scripts/config.py unset MBEDTLS_HAVE_ASM - CC=clang cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=MemSan . - make - - msg "test: main suites (Msan + constant flow)" - make test -} - -component_release_test_valgrind_constant_flow_no_asm () { - # This tests both (1) everything that valgrind's memcheck usually checks - # (heap buffer overflows, use of uninitialized memory, use-after-free, - # etc.) and (2) branches or memory access depending on secret values, - # which will be reported as uninitialized memory. To distinguish between - # secret and actually uninitialized: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? - # - or alternatively, build with debug info and manually run the offending - # test suite with valgrind --track-origins=yes, then check if the origin - # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_HAVE_ASM - skip_suites_without_constant_flow - cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - # this only shows a summary of the results (how many of each type) - # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" - make memcheck -} - -component_release_test_valgrind_constant_flow_psa () { - # This tests both (1) everything that valgrind's memcheck usually checks - # (heap buffer overflows, use of uninitialized memory, use-after-free, - # etc.) and (2) branches or memory access depending on secret values, - # which will be reported as uninitialized memory. To distinguish between - # secret and actually uninitialized: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? - # - or alternatively, build with debug info and manually run the offending - # test suite with valgrind --track-origins=yes, then check if the origin - # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - skip_suites_without_constant_flow - cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - # this only shows a summary of the results (how many of each type) - # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (valgrind + constant flow)" - make memcheck -} - -component_test_tsan () { - msg "build: TSan (clang)" - scripts/config.py full - scripts/config.py set MBEDTLS_THREADING_C - scripts/config.py set MBEDTLS_THREADING_PTHREAD - # Self-tests do not currently use multiple threads. - scripts/config.py unset MBEDTLS_SELF_TEST - # Interruptible ECC tests are not thread safe - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - - CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . - make - - msg "test: main suites (TSan)" - make test -} - -component_test_memsan () { - msg "build: MSan (clang)" # ~ 1 min 20s - scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm - scripts/config.py unset MBEDTLS_HAVE_ASM - CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . - make - - msg "test: main suites (MSan)" # ~ 10s - make test - - msg "test: metatests (MSan)" - tests/scripts/run-metatests.sh any msan - - msg "program demos (MSan)" # ~20s - tests/scripts/run_demos.py - - msg "test: ssl-opt.sh (MSan)" # ~ 1 min - tests/ssl-opt.sh - - # Optional part(s) - - if [ "$MEMORY" -gt 0 ]; then - msg "test: compat.sh (MSan)" # ~ 6 min 20s - tests/compat.sh - fi -} - -component_release_test_valgrind () { - msg "build: Release (clang)" - # default config, in particular without MBEDTLS_USE_PSA_CRYPTO - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - msg "test: main suites, Valgrind (default config)" - make memcheck - - # Optional parts (slow; currently broken on OS X because programs don't - # seem to receive signals under valgrind on OS X). - # These optional parts don't run on the CI. - if [ "$MEMORY" -gt 0 ]; then - msg "test: ssl-opt.sh --memcheck (default config)" - tests/ssl-opt.sh --memcheck - fi - - if [ "$MEMORY" -gt 1 ]; then - msg "test: compat.sh --memcheck (default config)" - tests/compat.sh --memcheck - fi - - if [ "$MEMORY" -gt 0 ]; then - msg "test: context-info.sh --memcheck (default config)" - tests/context-info.sh --memcheck - fi -} - -component_release_test_valgrind_psa () { - msg "build: Release, full (clang)" - # full config, in particular with MBEDTLS_USE_PSA_CRYPTO - scripts/config.py full - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - msg "test: main suites, Valgrind (full config)" - make memcheck -} - diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py deleted file mode 100755 index f7fc60f57..000000000 --- a/tests/scripts/depends.py +++ /dev/null @@ -1,689 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -""" -Test Mbed TLS with a subset of algorithms. - -This script can be divided into several steps: - -First, include/mbedtls/mbedtls_config.h or a different config file passed -in the arguments is parsed to extract any configuration options (using config.py). - -Then, test domains (groups of jobs, tests) are built based on predefined data -collected in the DomainData class. Here, each domain has five major traits: -- domain name, can be used to run only specific tests via command-line; -- configuration building method, described in detail below; -- list of symbols passed to the configuration building method; -- commands to be run on each job (only build, build and test, or any other custom); -- optional list of symbols to be excluded from testing. - -The configuration building method can be one of the three following: - -- ComplementaryDomain - build a job for each passed symbol by disabling a single - symbol and its reverse dependencies (defined in REVERSE_DEPENDENCIES); - -- ExclusiveDomain - build a job where, for each passed symbol, only this particular - one is defined and other symbols from the list are unset. For each job look for - any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not - direct dependencies, but rather non-trivial results of other configs missing. Then - look for any unset symbols and handle their reverse dependencies. - Examples of EXCLUSIVE_GROUPS usage: - - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C - requires either SHA256 or SHA384 to work, so it also has to be disabled. - This is not a dependency on SHA512_C, but a result of an exclusive domain - config building method. Relevant field: - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'], - -- DualDomain - combination of the two above - both complementary and exclusive domain - job generation code will be run. Currently only used for hashes. - -Lastly, the collected jobs are executed and (optionally) tested, with -error reporting and coloring as configured in options. Each test starts with -a full config without a couple of slowing down or unnecessary options -(see set_reference_config), then the specific job config is derived. -""" -import argparse -import os -import re -import subprocess -import sys -import traceback -from typing import Union - -# Add the Mbed TLS Python library directory to the module search path -import scripts_path # pylint: disable=unused-import -import config -from mbedtls_framework import c_build_helper -from mbedtls_framework import crypto_knowledge -from mbedtls_framework import psa_information - -class Colors: # pylint: disable=too-few-public-methods - """Minimalistic support for colored output. -Each field of an object of this class is either None if colored output -is not possible or not desired, or a pair of strings (start, stop) such -that outputting start switches the text color to the desired color and -stop switches the text color back to the default.""" - red = None - green = None - cyan = None - bold_red = None - bold_green = None - def __init__(self, options=None): - """Initialize color profile according to passed options.""" - if not options or options.color in ['no', 'never']: - want_color = False - elif options.color in ['yes', 'always']: - want_color = True - else: - want_color = sys.stderr.isatty() - if want_color: - # Assume ANSI compatible terminal - normal = '\033[0m' - self.red = ('\033[31m', normal) - self.green = ('\033[32m', normal) - self.cyan = ('\033[36m', normal) - self.bold_red = ('\033[1;31m', normal) - self.bold_green = ('\033[1;32m', normal) -NO_COLORS = Colors(None) - -def log_line(text, prefix='depends.py:', suffix='', color=None): - """Print a status message.""" - if color is not None: - prefix = color[0] + prefix - suffix = suffix + color[1] - sys.stderr.write(prefix + ' ' + text + suffix + '\n') - sys.stderr.flush() - -def log_command(cmd): - """Print a trace of the specified command. -cmd is a list of strings: a command name and its arguments.""" - log_line(' '.join(cmd), prefix='+') - -def option_exists(conf, option): - return option in conf.settings - -def set_config_option_value(conf, option, colors, value: Union[bool, str]): - """Set/unset a configuration option, optionally specifying a value. -value can be either True/False (set/unset config option), or a string, -which will make a symbol defined with a certain value.""" - if not option_exists(conf, option): - log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) - return False - - if value is False: - log_command(['config.py', 'unset', option]) - conf.unset(option) - elif value is True: - log_command(['config.py', 'set', option]) - conf.set(option) - else: - log_command(['config.py', 'set', option, value]) - conf.set(option, value) - return True - -def set_reference_config(conf, colors): - """Change the library configuration file (mbedtls_config.h) to the reference state. -The reference state is the one from which the tested configurations are -derived.""" - # Turn off options that are not relevant to the tests and slow them down. - log_command(['config.py', 'full']) - conf.adapt(config.full_adapter) - set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False) - -class Job: - """A job builds the library in a specific configuration and runs some tests.""" - def __init__(self, name, config_settings, commands): - """Build a job object. -The job uses the configuration described by config_settings. This is a -dictionary where the keys are preprocessor symbols and the values are -booleans or strings. A boolean indicates whether or not to #define the -symbol. With a string, the symbol is #define'd to that value. -After setting the configuration, the job runs the programs specified by -commands. This is a list of lists of strings; each list of string is a -command name and its arguments and is passed to subprocess.call with -shell=False.""" - self.name = name - self.config_settings = config_settings - self.commands = commands - - def announce(self, colors, what): - '''Announce the start or completion of a job. -If what is None, announce the start of the job. -If what is True, announce that the job has passed. -If what is False, announce that the job has failed.''' - if what is True: - log_line(self.name + ' PASSED', color=colors.green) - elif what is False: - log_line(self.name + ' FAILED', color=colors.red) - else: - log_line('starting ' + self.name, color=colors.cyan) - - def configure(self, conf, colors): - '''Set library configuration options as required for the job.''' - set_reference_config(conf, colors) - for key, value in sorted(self.config_settings.items()): - ret = set_config_option_value(conf, key, colors, value) - if ret is False: - return False - return True - - def _consistency_check(self): - '''Check if the testable option is consistent with the goal. - - The purpose of this function to ensure that every option is set or unset according to - the settings. - ''' - log_command(['consistency check']) - c_name = None - exe_name = None - header = '#include "mbedtls/build_info.h"\n' - - # Generate a C error directive for each setting to test if it is active - for option, value in sorted(self.config_settings.items()): - header += '#if ' - if value: - header += '!' - header += f'defined({option})\n' - header += f'#error "{option}"\n' - header += '#endif\n' - include_path = ['include', 'tf-psa-crypto/include', - 'tf-psa-crypto/drivers/builtin/include'] - - try: - # Generate a C file, build and run it - c_file, c_name, exe_name = c_build_helper.create_c_file(self.name) - c_build_helper.generate_c_file(c_file, 'depends.py', header, lambda x: '') - c_file.close() - c_build_helper.compile_c_file(c_name, exe_name, include_path) - return True - - except c_build_helper.CompileError as e: - # Read the command line output to find out which setting has been failed - failed = {m.group(1) for m in re.finditer('.*#error "(.*)"', e.message) if m} - log_line('Inconsistent config option(s):') - for option in sorted(failed): - log_line(' ' + option) - return False - - finally: - c_build_helper.remove_file_if_exists(c_name) - c_build_helper.remove_file_if_exists(exe_name) - - def test(self, options): - '''Run the job's build and test commands. -Return True if all the commands succeed and False otherwise. -If options.keep_going is false, stop as soon as one command fails. Otherwise -run all the commands, except that if the first command fails, none of the -other commands are run (typically, the first command is a build command -and subsequent commands are tests that cannot run if the build failed).''' - if not self._consistency_check(): - return False - built = False - success = True - for command in self.commands: - log_command(command) - env = os.environ.copy() - if 'MBEDTLS_TEST_CONFIGURATION' in env: - env['MBEDTLS_TEST_CONFIGURATION'] += '-' + self.name - ret = subprocess.call(command, env=env) - if ret != 0: - if command[0] not in ['make', options.make_command]: - log_line('*** [{}] Error {}'.format(' '.join(command), ret)) - if not options.keep_going or not built: - return False - success = False - built = True - return success - -# If the configuration option A requires B, make sure that -# B in REVERSE_DEPENDENCIES[A]. -# All the information here should be contained in check_config.h or check_crypto_config.h. -# This file includes a copy because it changes rarely and it would be a pain -# to extract automatically. -REVERSE_DEPENDENCIES = { - 'PSA_WANT_KEY_TYPE_AES': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', - 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_AES_C'], - 'PSA_WANT_KEY_TYPE_ARIA': ['MBEDTLS_ARIA_C'], - 'PSA_WANT_KEY_TYPE_CAMELLIA': ['MBEDTLS_CAMELLIA_C'], - 'PSA_WANT_KEY_TYPE_CHACHA20': ['PSA_WANT_ALG_CHACHA20_POLY1305', - 'PSA_WANT_ALG_STREAM_CIPHER', - 'MBEDTLS_CHACHA20_C', - 'MBEDTLS_CHACHAPOLY_C'], - 'PSA_WANT_KEY_TYPE_DES': ['MBEDTLS_DES_C'], - 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG', - 'MBEDTLS_CCM_C'], - 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', - 'MBEDTLS_CMAC_C'], - 'PSA_WANT_ALG_GCM': ['MBEDTLS_GCM_C'], - - 'PSA_WANT_ALG_CBC_NO_PADDING': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ALG_CBC_PKCS7': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ALG_CFB': ['MBEDTLS_CIPHER_MODE_CFB'], - 'PSA_WANT_ALG_CTR': ['MBEDTLS_CIPHER_MODE_CTR'], - 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], - 'PSA_WANT_ALG_XTS': ['MBEDTLS_CIPHER_MODE_XTS'], - - 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', - 'MBEDTLS_PKCS12_C', - 'PSA_WANT_ALG_CBC_PKCS7'], - 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'], - - 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'], - 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'], - 'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'], - 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'], - 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'], - 'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'], - 'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'], - 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256', - 'PSA_WANT_ALG_JPAKE', - 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], - 'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'], - 'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'], - 'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'], - 'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'], - 'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'], - - 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', - 'PSA_WANT_ALG_ECDSA', - 'PSA_WANT_ALG_DETERMINISTIC_ECDSA'], - 'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECDH_C', 'PSA_WANT_ALG_ECDH', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_ECP_RESTARTABLE', - 'MBEDTLS_PK_PARSE_EC_EXTENDED', - 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', - 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE'], - 'MBEDTLS_ECJPAKE_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'PSA_WANT_ALG_JPAKE'], - 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', - 'PSA_WANT_ALG_RSA_OAEP', - 'PSA_WANT_ALG_RSA_PSS'], - 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', - 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', - 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], - 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15', - 'MBEDTLS_PKCS1_V21', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], - - 'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'], - 'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'], - 'MBEDTLS_SHA1_C' : ['PSA_WANT_ALG_SHA_1'], - 'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'PSA_WANT_ALG_SHA_224'], - 'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'MBEDTLS_LMS_C', - 'MBEDTLS_LMS_PRIVATE', - 'PSA_WANT_ALG_SHA_256', - 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], - 'MBEDTLS_SHA384_C' : ['PSA_WANT_ALG_SHA_384'], - 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - 'PSA_WANT_ALG_SHA_512'], - 'MBEDTLS_SHA3_C' : ['PSA_WANT_ALG_SHA3_224', - 'PSA_WANT_ALG_SHA3_256', - 'PSA_WANT_ALG_SHA3_384', - 'PSA_WANT_ALG_SHA3_512'], -} - -# If an option is tested in an exclusive test, alter the following defines. -# These are not necessarily dependencies, but just minimal required changes -# if a given define is the only one enabled from an exclusive group. -EXCLUSIVE_GROUPS = { - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', - '-MBEDTLS_SSL_TLS_C'], - 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C',], - 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C'], - 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', - '-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], - 'PSA_WANT_KEY_TYPE_CAMELLIA': ['-PSA_WANT_ALG_CMAC'], - 'PSA_WANT_KEY_TYPE_CHACHA20': ['-PSA_WANT_ALG_CMAC', - '-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-PSA_WANT_ALG_ECB_NO_PADDING'], - 'PSA_WANT_KEY_TYPE_DES': ['-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], -} -def handle_exclusive_groups(config_settings, symbol): - """For every symbol tested in an exclusive group check if there are other -defines to be altered. """ - for dep in EXCLUSIVE_GROUPS.get(symbol, []): - unset = dep.startswith('-') - dep = dep[1:] - config_settings[dep] = not unset - -def turn_off_dependencies(config_settings, exclude=None): - """For every option turned off config_settings, also turn off what depends on it. - - An option O is turned off if config_settings[O] is False. - Handle the dependencies recursively. - - If 'exclude' is a symbol, ensure its dependencies are not turned off while dependencies - of other settings are turned off. - """ - - # Determine recursively the settings that should not be turned off for the sake of 'exclude'. - excludes = set() - if exclude: - revdep = set(REVERSE_DEPENDENCIES.get(exclude, [])) - while revdep: - dep = revdep.pop() - excludes.add(dep) - revdep.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - excludes) - - for key, value in sorted(config_settings.items()): - if value is not False: - continue - - # Save the processed settings to handle cross referencies. - # Start with set of settings that we do not want to turn off. - history = excludes.copy() - revdep = set(REVERSE_DEPENDENCIES.get(key, [])) - excludes - while revdep: - dep = revdep.pop() - history.add(dep) - config_settings[dep] = False - # Do not add symbols which are already processed - revdep.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - history) - -class BaseDomain: # pylint: disable=too-few-public-methods, unused-argument - """A base class for all domains.""" - def __init__(self, symbols, commands, exclude): - """Initialize the jobs container""" - self.jobs = [] - -class ExclusiveDomain(BaseDomain): # pylint: disable=too-few-public-methods - """A domain consisting of a set of conceptually-equivalent settings. -Establish a list of configuration symbols. For each symbol, run a test job -with this symbol set and the others unset.""" - def __init__(self, symbols, commands, exclude=None): - """Build a domain for the specified list of configuration symbols. -The domain contains a set of jobs that enable one of the elements -of symbols and disable the others. -Each job runs the specified commands. -If exclude is a regular expression, skip generated jobs whose description -would match this regular expression.""" - super().__init__(symbols, commands, exclude) - base_config_settings = {} - for symbol in symbols: - base_config_settings[symbol] = False - for symbol in symbols: - description = symbol - if exclude and re.match(exclude, description): - continue - config_settings = base_config_settings.copy() - config_settings[symbol] = True - handle_exclusive_groups(config_settings, symbol) - turn_off_dependencies(config_settings, symbol) - job = Job(description, config_settings, commands) - self.jobs.append(job) - -class ComplementaryDomain(BaseDomain): # pylint: disable=too-few-public-methods - """A domain consisting of a set of loosely-related settings. -Establish a list of configuration symbols. For each symbol, run a test job -with this symbol unset. -If exclude is a regular expression, skip generated jobs whose description -would match this regular expression.""" - def __init__(self, symbols, commands, exclude=None): - """Build a domain for the specified list of configuration symbols. -Each job in the domain disables one of the specified symbols. -Each job runs the specified commands.""" - super().__init__(symbols, commands, exclude) - for symbol in symbols: - description = '!' + symbol - if exclude and re.match(exclude, description): - continue - config_settings = {symbol: False} - turn_off_dependencies(config_settings) - job = Job(description, config_settings, commands) - self.jobs.append(job) - -class DualDomain(ExclusiveDomain, ComplementaryDomain): # pylint: disable=too-few-public-methods - """A domain that contains both the ExclusiveDomain and BaseDomain tests. -Both parent class __init__ calls are performed in any order and -each call adds respective jobs. The job array initialization is done once in -BaseDomain, before the parent __init__ calls.""" - -class DomainData: - """A container for domains and jobs, used to structurize testing.""" - def config_symbols_matching(self, regexp): - """List the mbedtls_config.h settings matching regexp.""" - return [symbol for symbol in self.all_config_symbols - if re.match(regexp, symbol)] - - # pylint: disable=too-many-locals - def __init__(self, options, conf): - """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, 'CFLAGS=-Werror -O2'] - build_and_test = [build_command, [options.make_command, 'test']] - self.all_config_symbols = set(conf.settings.keys()) - psa_info = psa_information.Information().constructors - algs = {crypto_knowledge.Algorithm(alg): symbol - for alg, symbol in ((alg, psa_information.psa_want_symbol(alg)) - for alg in psa_info.algorithms) - if symbol in self.all_config_symbols} - cipher_algs = {alg - for alg in algs - if alg.can_do(crypto_knowledge.AlgorithmCategory.CIPHER)} - key_types = {crypto_knowledge.KeyType(expr): symbol - for key_type in psa_info.key_types - for expr, symbol in ((expr, psa_information.psa_want_symbol(key_type)) - for expr in psa_info.generate_expressions([key_type])) - if symbol in self.all_config_symbols} - - # Find hash modules by name. - hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') - # Find elliptic curve enabling macros by name. - curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z') - # Find key exchange enabling macros by name. - key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') - - # Find cipher key types - cipher_key_types = {symbol - for key_type, symbol in key_types.items() - for alg in cipher_algs - if key_type.can_do(alg)} - - # Get cipher modes - cipher_chaining_symbols = {algs[cipher_alg] for cipher_alg in cipher_algs} - - # Find block padding mode enabling macros by name. - cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') - - self.domains = { - # Cipher key types - 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), - - # XTS is not yet supported via the PSA API. - # See https://github.com/Mbed-TLS/mbedtls/issues/6384 - 'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols, - build_and_test, - exclude=r'PSA_WANT_ALG_XTS'), - - 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, - build_and_test), - # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test), - # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, - # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used - # across various modules, but it depends on either SHA256 or SHA512. - # As a consequence an "exclusive" test of anything other than SHA256 - # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible. - 'hashes': DualDomain(hash_symbols, build_and_test, - exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ - '|MBEDTLS_SHA224_' \ - '|MBEDTLS_SHA384_' \ - '|MBEDTLS_SHA3_'), - # Key exchange types. - 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), - 'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECP_C', - 'MBEDTLS_PKCS1_V21', - 'MBEDTLS_PKCS1_V15', - 'MBEDTLS_RSA_C', - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], - build_and_test), - } - self.jobs = {} - for domain in self.domains.values(): - for job in domain.jobs: - self.jobs[job.name] = job - - def get_jobs(self, name): - """Return the list of jobs identified by the given name. -A name can either be the name of a domain or the name of one specific job.""" - if name in self.domains: - return sorted(self.domains[name].jobs, key=lambda job: job.name) - else: - return [self.jobs[name]] - -def run(options, job, conf, colors=NO_COLORS): - """Run the specified job (a Job instance).""" - subprocess.check_call([options.make_command, 'clean']) - job.announce(colors, None) - if not job.configure(conf, colors): - job.announce(colors, False) - return False - conf.write() - success = job.test(options) - job.announce(colors, success) - return success - -def run_tests(options, domain_data, conf): - """Run the desired jobs. -domain_data should be a DomainData instance that describes the available -domains and jobs. -Run the jobs listed in options.tasks.""" - colors = Colors(options) - jobs = [] - failures = [] - successes = [] - for name in options.tasks: - jobs += domain_data.get_jobs(name) - conf.backup() - try: - for job in jobs: - success = run(options, job, conf, colors=colors) - if not success: - if options.keep_going: - failures.append(job.name) - else: - return False - else: - successes.append(job.name) - conf.restore() - except: - # Restore the configuration, except in stop-on-error mode if there - # was an error, where we leave the failing configuration up for - # developer convenience. - if options.keep_going: - conf.restore() - raise - if successes: - log_line('{} passed'.format(' '.join(successes)), color=colors.bold_green) - if failures: - log_line('{} FAILED'.format(' '.join(failures)), color=colors.bold_red) - return False - else: - return True - -def main(): - try: - parser = argparse.ArgumentParser( - formatter_class=argparse.RawDescriptionHelpFormatter, - description= - "Test Mbed TLS with a subset of algorithms.\n\n" - "Example usage:\n" - r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA256_C""\n" - "./tests/scripts/depends.py MBEDTLS_AES_C hashes\n" - "./tests/scripts/depends.py cipher_id cipher_chaining\n") - parser.add_argument('--color', metavar='WHEN', - help='Colorize the output (always/auto/never)', - choices=['always', 'auto', 'never'], default='auto') - parser.add_argument('-c', '--config', metavar='FILE', - help='Configuration file to modify', - default=config.MbedTLSConfigFile.default_path[0]) - parser.add_argument('-r', '--crypto-config', metavar='FILE', - help='Crypto configuration file to modify', - default=config.CryptoConfigFile.default_path[0]) - parser.add_argument('-C', '--directory', metavar='DIR', - help='Change to this directory before anything else', - default='.') - parser.add_argument('-k', '--keep-going', - help='Try all configurations even if some fail (default)', - action='store_true', dest='keep_going', default=True) - parser.add_argument('-e', '--no-keep-going', - help='Stop as soon as a configuration fails', - action='store_false', dest='keep_going') - parser.add_argument('--list-jobs', - help='List supported jobs and exit', - action='append_const', dest='list', const='jobs') - parser.add_argument('--list-domains', - help='List supported domains and exit', - action='append_const', dest='list', const='domains') - parser.add_argument('--make-command', metavar='CMD', - help='Command to run instead of make (e.g. gmake)', - action='store', default='make') - parser.add_argument('tasks', metavar='TASKS', nargs='*', - help='The domain(s) or job(s) to test (default: all).', - default=True) - options = parser.parse_args() - os.chdir(options.directory) - conf = config.CombinedConfig(config.MbedTLSConfigFile(options.config), - config.CryptoConfigFile(options.crypto_config)) - domain_data = DomainData(options, conf) - - if options.tasks is True: - options.tasks = sorted(domain_data.domains.keys()) - if options.list: - for arg in options.list: - for domain_name in sorted(getattr(domain_data, arg).keys()): - print(domain_name) - sys.exit(0) - else: - sys.exit(0 if run_tests(options, domain_data, conf) else 1) - except Exception: # pylint: disable=broad-except - traceback.print_exc() - sys.exit(3) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl deleted file mode 100755 index ec5e5d891..000000000 --- a/tests/scripts/gen_ctr_drbg.pl +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST CTR_DRBG.rsp validation file -# Only uses AES-256-CTR cases that use a Derivation function -# and concats nonce and personalization for initialization. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - my $line = ; - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - next if ($line !~ /^\[AES-256 use df/); - - my $PredictionResistanceStr = get_suite_val("PredictionResistance"); - my $PredictionResistance = 0; - $PredictionResistance = 1 if ($PredictionResistanceStr eq 'True'); - my $EntropyInputLen = get_suite_val("EntropyInputLen"); - my $NonceLen = get_suite_val("NonceLen"); - my $PersonalizationStringLen = get_suite_val("PersonalizationStringLen"); - my $AdditionalInputLen = get_suite_val("AdditionalInputLen"); - - for ($cnt = 0; $cnt < 15; $cnt++) - { - my $Count = get_val("COUNT"); - my $EntropyInput = get_val("EntropyInput"); - my $Nonce = get_val("Nonce"); - my $PersonalizationString = get_val("PersonalizationString"); - my $AdditionalInput1 = get_val("AdditionalInput"); - my $EntropyInputPR1 = get_val("EntropyInputPR") if ($PredictionResistance == 1); - my $EntropyInputReseed = get_val("EntropyInputReseed") if ($PredictionResistance == 0); - my $AdditionalInputReseed = get_val("AdditionalInputReseed") if ($PredictionResistance == 0); - my $AdditionalInput2 = get_val("AdditionalInput"); - my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1); - my $ReturnedBits = get_val("ReturnedBits"); - - if ($PredictionResistance == 1) - { - print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); - print("ctr_drbg_validate_pr"); - print(":\"$Nonce$PersonalizationString\""); - print(":\"$EntropyInput$EntropyInputPR1$EntropyInputPR2\""); - print(":\"$AdditionalInput1\""); - print(":\"$AdditionalInput2\""); - print(":\"$ReturnedBits\""); - print("\n\n"); - } - else - { - print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); - print("ctr_drbg_validate_nopr"); - print(":\"$Nonce$PersonalizationString\""); - print(":\"$EntropyInput$EntropyInputReseed\""); - print(":\"$AdditionalInput1\""); - print(":\"$AdditionalInputReseed\""); - print(":\"$AdditionalInput2\""); - print(":\"$ReturnedBits\""); - print("\n\n"); - } - } -} -close(TEST_DATA); diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl deleted file mode 100755 index 30d45c307..000000000 --- a/tests/scripts/gen_gcm_decrypt.pl +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST gcmDecryptxxx.rsp validation files -# Only first 3 of every set used for compile time saving -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if ($line !~ /^\[/); - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - last; - } - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -sub get_val_or_fail($) -{ - my $name = shift; - my $val = "FAIL"; - my $line; - - while($line = ) - { - next if($line !~ /=/ && $line !~ /FAIL/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/) if ($line =~ /=/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - my $key_len = get_suite_val("Keylen"); - next if ($key_len !~ /\d+/); - my $iv_len = get_suite_val("IVlen"); - my $pt_len = get_suite_val("PTlen"); - my $add_len = get_suite_val("AADlen"); - my $tag_len = get_suite_val("Taglen"); - - for ($cnt = 0; $cnt < 3; $cnt++) - { - my $Count = get_val("Count"); - my $key = get_val("Key"); - my $iv = get_val("IV"); - my $ct = get_val("CT"); - my $add = get_val("AAD"); - my $tag = get_val("Tag"); - my $pt = get_val_or_fail("PT"); - - print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n"); - print("gcm_decrypt_and_verify"); - print(":\"$key\""); - print(":\"$ct\""); - print(":\"$iv\""); - print(":\"$add\""); - print(":$tag_len"); - print(":\"$tag\""); - print(":\"$pt\""); - print(":0"); - print("\n\n"); - } -} - -print("GCM Selftest\n"); -print("gcm_selftest:\n\n"); - -close(TEST_DATA); diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl deleted file mode 100755 index b4f08494c..000000000 --- a/tests/scripts/gen_gcm_encrypt.pl +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST gcmEncryptIntIVxxx.rsp validation files -# Only first 3 of every set used for compile time saving -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if ($line !~ /^\[/); - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - last; - } - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - my $key_len = get_suite_val("Keylen"); - next if ($key_len !~ /\d+/); - my $iv_len = get_suite_val("IVlen"); - my $pt_len = get_suite_val("PTlen"); - my $add_len = get_suite_val("AADlen"); - my $tag_len = get_suite_val("Taglen"); - - for ($cnt = 0; $cnt < 3; $cnt++) - { - my $Count = get_val("Count"); - my $key = get_val("Key"); - my $pt = get_val("PT"); - my $add = get_val("AAD"); - my $iv = get_val("IV"); - my $ct = get_val("CT"); - my $tag = get_val("Tag"); - - print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n"); - print("gcm_encrypt_and_tag"); - print(":\"$key\""); - print(":\"$pt\""); - print(":\"$iv\""); - print(":\"$add\""); - print(":\"$ct\""); - print(":$tag_len"); - print(":\"$tag\""); - print(":0"); - print("\n\n"); - } -} - -print("GCM Selftest\n"); -print("gcm_selftest:\n\n"); - -close(TEST_DATA); diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl deleted file mode 100755 index fe2d3f5d3..000000000 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_val($$) -{ - my $str = shift; - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if($line !~ /^# $str/); - last; - } - - while(my $line = ) - { - last if($line eq "\r\n"); - $val .= $line; - } - - $val =~ s/[ \r\n]//g; - - return $val; -} - -my $state = 0; -my $val_n = ""; -my $val_e = ""; -my $val_p = ""; -my $val_q = ""; -my $mod = 0; -my $cnt = 1; -while (my $line = ) -{ - next if ($line !~ /^# Example/); - - ( $mod ) = ($line =~ /A (\d+)/); - $val_n = get_val("RSA modulus n", "N"); - $val_e = get_val("RSA public exponent e", "E"); - $val_p = get_val("Prime p", "P"); - $val_q = get_val("Prime q", "Q"); - - for(my $i = 1; $i <= 6; $i++) - { - my $val_m = get_val("Message to be", "M"); - my $val_salt = get_val("Salt", "Salt"); - my $val_sig = get_val("Signature", "Sig"); - - print("RSASSA-PSS Signature Example ${cnt}_${i}\n"); - print("pkcs1_rsassa_pss_sign:$mod:16:\"$val_p\":16:\"$val_q\":16:\"$val_n\":16:\"$val_e\":SIG_RSA_SHA1:MBEDTLS_MD_SHA1"); - print(":\"$val_m\""); - print(":\"$val_salt\""); - print(":\"$val_sig\":0"); - print("\n\n"); - - print("RSASSA-PSS Signature Example ${cnt}_${i} (verify)\n"); - print("pkcs1_rsassa_pss_verify:$mod:16:\"$val_n\":16:\"$val_e\":SIG_RSA_SHA1:MBEDTLS_MD_SHA1"); - print(":\"$val_m\""); - print(":\"$val_salt\""); - print(":\"$val_sig\":0"); - print("\n\n"); - } - $cnt++; -} -close(TEST_DATA); diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh deleted file mode 100755 index d4ef0f3af..000000000 --- a/tests/scripts/generate-afl-tests.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh - -# This script splits the data test files containing the test cases into -# individual files (one test case per file) suitable for use with afl -# (American Fuzzy Lop). http://lcamtuf.coredump.cx/afl/ -# -# Usage: generate-afl-tests.sh -# - should be the path to one of the test suite files -# such as 'test_suite_rsa.data' -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# Abort on errors -set -e - -if [ -z $1 ] -then - echo " [!] No test file specified" >&2 - echo "Usage: $0 " >&2 - exit 1 -fi - -SRC_FILEPATH=$(dirname $1)/$(basename $1) -TESTSUITE=$(basename $1 .data) - -THIS_DIR=$(basename $PWD) - -if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; -then :; -else - echo " [!] Must be run from Mbed TLS tests directory" >&2 - exit 1 -fi - -DEST_TESTCASE_DIR=$TESTSUITE-afl-tests -DEST_OUTPUT_DIR=$TESTSUITE-afl-out - -echo " [+] Creating output directories" >&2 - -if [ -e $DEST_OUTPUT_DIR/* ]; -then : - echo " [!] Test output files already exist." >&2 - exit 1 -else - mkdir -p $DEST_OUTPUT_DIR -fi - -if [ -e $DEST_TESTCASE_DIR/* ]; -then : - echo " [!] Test output files already exist." >&2 -else - mkdir -p $DEST_TESTCASE_DIR -fi - -echo " [+] Creating test cases" >&2 -cd $DEST_TESTCASE_DIR - -split -p '^\s*$' ../$SRC_FILEPATH - -for f in *; -do - # Strip out any blank lines (no trim on OS X) - sed '/^\s*$/d' $f >testcase_$f - rm $f -done - -cd .. - -echo " [+] Test cases in $DEST_TESTCASE_DIR" >&2 - diff --git a/tests/scripts/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py deleted file mode 100755 index 9af4dd3b6..000000000 --- a/tests/scripts/generate_server9_bad_saltlen.py +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/env python3 -"""Generate server9-bad-saltlen.crt - -Generate a certificate signed with RSA-PSS, with an incorrect salt length. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import subprocess -import argparse -from asn1crypto import pem, x509, core #type: ignore #pylint: disable=import-error - -OPENSSL_RSA_PSS_CERT_COMMAND = r''' -openssl x509 -req -CA {ca_name}.crt -CAkey {ca_name}.key -set_serial 24 {ca_password} \ - {openssl_extfile} -days 3650 -outform DER -in {csr} \ - -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{anounce_saltlen} \ - -sigopt rsa_mgf1_md:sha256 -''' -SIG_OPT = \ - r'-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{saltlen} -sigopt rsa_mgf1_md:sha256' -OPENSSL_RSA_PSS_DGST_COMMAND = r'''openssl dgst -sign {ca_name}.key {ca_password} \ - -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{actual_saltlen} \ - -sigopt rsa_mgf1_md:sha256''' - - -def auto_int(x): - return int(x, 0) - - -def build_argparser(parser): - """Build argument parser""" - parser.description = __doc__ - parser.add_argument('--ca-name', type=str, required=True, - help='Basename of CA files') - parser.add_argument('--ca-password', type=str, - required=True, help='CA key file password') - parser.add_argument('--csr', type=str, required=True, - help='CSR file for generating certificate') - parser.add_argument('--openssl-extfile', type=str, - required=True, help='X905 v3 extension config file') - parser.add_argument('--anounce_saltlen', type=auto_int, - required=True, help='Announced salt length') - parser.add_argument('--actual_saltlen', type=auto_int, - required=True, help='Actual salt length') - parser.add_argument('--output', type=str, required=True) - - -def main(): - parser = argparse.ArgumentParser() - build_argparser(parser) - args = parser.parse_args() - - return generate(**vars(args)) - -def generate(**kwargs): - """Generate different salt length certificate file.""" - ca_password = kwargs.get('ca_password', '') - if ca_password: - kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format( - **kwargs) - else: - kwargs['ca_password'] = '' - extfile = kwargs.get('openssl_extfile', '') - if extfile: - kwargs['openssl_extfile'] = '-extfile {openssl_extfile}'.format( - **kwargs) - else: - kwargs['openssl_extfile'] = '' - - cmd = OPENSSL_RSA_PSS_CERT_COMMAND.format(**kwargs) - der_bytes = subprocess.check_output(cmd, shell=True) - target_certificate = x509.Certificate.load(der_bytes) - - cmd = OPENSSL_RSA_PSS_DGST_COMMAND.format(**kwargs) - #pylint: disable=unexpected-keyword-arg - der_bytes = subprocess.check_output(cmd, - input=target_certificate['tbs_certificate'].dump(), - shell=True) - - with open(kwargs.get('output'), 'wb') as f: - target_certificate['signature_value'] = core.OctetBitString(der_bytes) - f.write(pem.armor('CERTIFICATE', target_certificate.dump())) - - -if __name__ == '__main__': - main() diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh deleted file mode 100755 index 4ccac236e..000000000 --- a/tests/scripts/list-identifiers.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# -# Create a file named identifiers containing identifiers from internal header -# files, based on the --internal flag. -# Outputs the line count of the file to stdout. -# A very thin wrapper around list_internal_identifiers.py for backwards -# compatibility. -# Must be run from Mbed TLS root. -# -# Usage: list-identifiers.sh [ -i | --internal ] -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -if [ -d include/mbedtls ]; then :; else - echo "$0: Must be run from Mbed TLS root" >&2 - exit 1 -fi - -INTERNAL="" - -until [ -z "${1-}" ] -do - case "$1" in - -i|--internal) - INTERNAL="1" - ;; - *) - # print error - echo "Unknown argument: '$1'" - exit 1 - ;; - esac - shift -done - -if [ $INTERNAL ] -then - tests/scripts/list_internal_identifiers.py - wc -l identifiers -else - cat <&2 - echo "Usage: $0 ..." >&2 - exit 1 -fi - -for pc in "$@"; do - printf "testing package config file: ${pc} ... " - pkg-config --validate "${pc}" - version="$(pkg-config --modversion "${pc}")" - test -n "$version" - cflags="$(pkg-config --cflags "${pc}")" - test -n "$cflags" - libs="$(pkg-config --libs "${pc}")" - test -n "$libs" - printf "passed\n" -done - -exit 0 diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py deleted file mode 100755 index d835ba7c9..000000000 --- a/tests/scripts/psa_collect_statuses.py +++ /dev/null @@ -1,128 +0,0 @@ -#!/usr/bin/env python3 -"""Describe the test coverage of PSA functions in terms of return statuses. - -1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG -2. Run psa_collect_statuses.py - -The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each -function/status combination appears only once. - -This script must be run from the top of an Mbed TLS source tree. -The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is -only supported with make (as opposed to CMake or other build methods). -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import os -import subprocess -import sys - -DEFAULT_STATUS_LOG_FILE = 'tests/statuses.log' -DEFAULT_PSA_CONSTANT_NAMES = 'tf-psa-crypto/programs/psa/psa_constant_names' - -class Statuses: - """Information about observed return statues of API functions.""" - - def __init__(self): - self.functions = {} - self.codes = set() - self.status_names = {} - - def collect_log(self, log_file_name): - """Read logs from RECORD_PSA_STATUS_COVERAGE_LOG. - - Read logs produced by running Mbed TLS test suites built with - -DRECORD_PSA_STATUS_COVERAGE_LOG. - """ - with open(log_file_name) as log: - for line in log: - value, function, tail = line.split(':', 2) - if function not in self.functions: - self.functions[function] = {} - fdata = self.functions[function] - if value not in self.functions[function]: - fdata[value] = [] - fdata[value].append(tail) - self.codes.add(int(value)) - - def get_constant_names(self, psa_constant_names): - """Run psa_constant_names to obtain names for observed numerical values.""" - values = [str(value) for value in self.codes] - cmd = [psa_constant_names, 'status'] + values - output = subprocess.check_output(cmd).decode('ascii') - for value, name in zip(values, output.rstrip().split('\n')): - self.status_names[value] = name - - def report(self): - """Report observed return values for each function. - - The report is a series of line of the form "psa_foo PSA_ERROR_XXX". - """ - for function in sorted(self.functions.keys()): - fdata = self.functions[function] - names = [self.status_names[value] for value in fdata.keys()] - for name in sorted(names): - sys.stdout.write('{} {}\n'.format(function, name)) - -def collect_status_logs(options): - """Build and run unit tests and report observed function return statuses. - - Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the - test suites and display information about observed return statuses. - """ - rebuilt = False - if not options.use_existing_log and os.path.exists(options.log_file): - os.remove(options.log_file) - if not os.path.exists(options.log_file): - if options.clean_before: - subprocess.check_call(['make', 'clean'], - cwd='tests', - stdout=sys.stderr) - with open(os.devnull, 'w') as devnull: - make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'], - stdout=devnull, stderr=devnull) - if make_q_ret != 0: - subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], - stdout=sys.stderr) - rebuilt = True - subprocess.check_call(['make', 'test'], - stdout=sys.stderr) - data = Statuses() - data.collect_log(options.log_file) - data.get_constant_names(options.psa_constant_names) - if rebuilt and options.clean_after: - subprocess.check_call(['make', 'clean'], - cwd='tests', - stdout=sys.stderr) - return data - -def main(): - parser = argparse.ArgumentParser(description=globals()['__doc__']) - parser.add_argument('--clean-after', - action='store_true', - help='Run "make clean" after rebuilding') - parser.add_argument('--clean-before', - action='store_true', - help='Run "make clean" before regenerating the log file)') - parser.add_argument('--log-file', metavar='FILE', - default=DEFAULT_STATUS_LOG_FILE, - help='Log file location (default: {})'.format( - DEFAULT_STATUS_LOG_FILE - )) - parser.add_argument('--psa-constant-names', metavar='PROGRAM', - default=DEFAULT_PSA_CONSTANT_NAMES, - help='Path to psa_constant_names (default: {})'.format( - DEFAULT_PSA_CONSTANT_NAMES - )) - parser.add_argument('--use-existing-log', '-e', - action='store_true', - help='Don\'t regenerate the log file if it exists') - options = parser.parse_args() - data = collect_status_logs(options) - data.report() - -if __name__ == '__main__': - main() diff --git a/tests/scripts/run-metatests.sh b/tests/scripts/run-metatests.sh deleted file mode 100755 index 22a302c62..000000000 --- a/tests/scripts/run-metatests.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh - -help () { - cat <&2 "$0: FATAL: programs/test/metatest not found" - exit 120 -fi - -LIST_ONLY= -while getopts hl OPTLET; do - case $OPTLET in - h) help; exit;; - l) LIST_ONLY=1;; - \?) help >&2; exit 120;; - esac -done -shift $((OPTIND - 1)) - -list_matches () { - while read name platform junk; do - for pattern in "$@"; do - case $platform in - $pattern) echo "$name"; break;; - esac - done - done -} - -count=0 -errors=0 -run_metatest () { - ret=0 - "$METATEST_PROGRAM" "$1" || ret=$? - if [ $ret -eq 0 ]; then - echo >&2 "$0: Unexpected success: $1" - errors=$((errors + 1)) - fi - count=$((count + 1)) -} - -# Don't pipe the output of metatest so that if it fails, this script exits -# immediately with a failure status. -full_list=$("$METATEST_PROGRAM" list) -matching_list=$(printf '%s\n' "$full_list" | list_matches "$@") - -if [ -n "$LIST_ONLY" ]; then - printf '%s\n' $matching_list - exit -fi - -for name in $matching_list; do - run_metatest "$name" -done - -if [ $errors -eq 0 ]; then - echo "Ran $count metatests, all good." - exit 0 -else - echo "Ran $count metatests, $errors unexpected successes." - exit 1 -fi diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl deleted file mode 100755 index e01d44f6e..000000000 --- a/tests/scripts/run-test-suites.pl +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/env perl - -# run-test-suites.pl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -=head1 SYNOPSIS - -Execute all the test suites and print a summary of the results. - - run-test-suites.pl [[-v|--verbose] [VERBOSITY]] [--skip=SUITE[...]] - -Options: - - -v|--verbose Print detailed failure information. - -v 2|--verbose=2 Print detailed failure information and summary messages. - -v 3|--verbose=3 Print detailed information about every test case. - --skip=SUITE[,SUITE...] - Skip the specified SUITE(s). This option can be used - multiple times. - -=cut - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -use Cwd qw(getcwd); -use Getopt::Long qw(:config auto_help gnu_compat); -use Pod::Usage; - -my $verbose = 0; -my @skip_patterns = (); -GetOptions( - 'skip=s' => \@skip_patterns, - 'verbose|v:1' => \$verbose, - ) or die; - -# All test suites = executable files with a .datax file. -my @suites = (); -my @test_dirs = qw(../tf-psa-crypto/tests .); -for my $data_file (map {glob "$_/test_suite_*.datax"} @test_dirs) { - (my $base = $data_file) =~ s/\.datax$//; - push @suites, $base if -x $base; - push @suites, "$base.exe" if -e "$base.exe"; -} -die "$0: no test suite found\n" unless @suites; - -# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" -# but not "test_suite_foobar". -my $skip_re = - ( '\Atest_suite_(' . - join('|', map { - s/[ ,;]/|/g; # allow any of " ,;|" as separators - s/\./\./g; # "." in the input means ".", not "any character" - $_ - } @skip_patterns) . - ')(\z|\.)' ); - -# in case test suites are linked dynamically -$ENV{'LD_LIBRARY_PATH'} = getcwd() . "/../library"; -$ENV{'DYLD_LIBRARY_PATH'} = $ENV{'LD_LIBRARY_PATH'}; # For macOS - -my $prefix = $^O eq "MSWin32" ? '' : './'; - -my (@failed_suites, $total_tests_run, $failed, $suite_cases_passed, - $suite_cases_failed, $suite_cases_skipped, $total_cases_passed, - $total_cases_failed, $total_cases_skipped ); -my $suites_skipped = 0; - -sub pad_print_center { - my( $width, $padchar, $string ) = @_; - my $padlen = ( $width - length( $string ) - 2 ) / 2; - print $padchar x( $padlen ), " $string ", $padchar x( $padlen ), "\n"; -} - -for my $suite_path (@suites) -{ - my ($dir, $suite) = ('.', $suite_path); - if ($suite =~ m!(.*)/([^/]*)!) { - $dir = $1; - $suite = $2; - } - print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " "; - if( $suite =~ /$skip_re/o ) { - print "SKIP\n"; - ++$suites_skipped; - next; - } - - my $command = "cd $dir && $prefix$suite"; - if( $verbose ) { - $command .= ' -v'; - } - my $result = `$command`; - - $suite_cases_passed = () = $result =~ /.. PASS/g; - $suite_cases_failed = () = $result =~ /.. FAILED/g; - $suite_cases_skipped = () = $result =~ /.. ----/g; - - if( $? == 0 ) { - print "PASS\n"; - if( $verbose > 2 ) { - pad_print_center( 72, '-', "Begin $suite" ); - print $result; - pad_print_center( 72, '-', "End $suite" ); - } - } else { - push @failed_suites, $suite; - print "FAIL\n"; - if( $verbose ) { - pad_print_center( 72, '-', "Begin $suite" ); - print $result; - pad_print_center( 72, '-', "End $suite" ); - } - } - - my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/; - $total_tests_run += $tests - $skipped; - - if( $verbose > 1 ) { - print "(test cases passed:", $suite_cases_passed, - " failed:", $suite_cases_failed, - " skipped:", $suite_cases_skipped, - " of total:", ($suite_cases_passed + $suite_cases_failed + - $suite_cases_skipped), - ")\n" - } - - $total_cases_passed += $suite_cases_passed; - $total_cases_failed += $suite_cases_failed; - $total_cases_skipped += $suite_cases_skipped; -} - -print "-" x 72, "\n"; -print @failed_suites ? "FAILED" : "PASSED"; -printf( " (%d suites, %d tests run%s)\n", - scalar(@suites) - $suites_skipped, - $total_tests_run, - $suites_skipped ? ", $suites_skipped suites skipped" : "" ); - -if( $verbose && @failed_suites ) { - # the output can be very long, so provide a summary of which suites failed - print " failed suites : @failed_suites\n"; -} - -if( $verbose > 1 ) { - print " test cases passed :", $total_cases_passed, "\n"; - print " failed :", $total_cases_failed, "\n"; - print " skipped :", $total_cases_skipped, "\n"; - print " of tests executed :", ( $total_cases_passed + $total_cases_failed ), - "\n"; - print " of available tests :", - ( $total_cases_passed + $total_cases_failed + $total_cases_skipped ), - "\n"; - if( $suites_skipped != 0 ) { - print "Note: $suites_skipped suites were skipped.\n"; - } -} - -exit( @failed_suites ? 1 : 0 ); - diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py deleted file mode 100755 index f9a810014..000000000 --- a/tests/scripts/run_demos.py +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env python3 -"""Run the Mbed TLS demo scripts. -""" -import argparse -import glob -import subprocess -import sys - -def run_demo(demo, quiet=False): - """Run the specified demo script. Return True if it succeeds.""" - args = {} - if quiet: - args['stdout'] = subprocess.DEVNULL - args['stderr'] = subprocess.DEVNULL - returncode = subprocess.call([demo], **args) - return returncode == 0 - -def run_demos(demos, quiet=False): - """Run the specified demos and print summary information about failures. - - Return True if all demos passed and False if a demo fails. - """ - failures = [] - for demo in demos: - if not quiet: - print('#### {} ####'.format(demo)) - success = run_demo(demo, quiet=quiet) - if not success: - failures.append(demo) - if not quiet: - print('{}: FAIL'.format(demo)) - if quiet: - print('{}: {}'.format(demo, 'PASS' if success else 'FAIL')) - else: - print('') - successes = len(demos) - len(failures) - print('{}/{} demos passed'.format(successes, len(demos))) - if failures and not quiet: - print('Failures:', *failures) - return not failures - -def run_all_demos(quiet=False): - """Run all the available demos. - - Return True if all demos passed and False if a demo fails. - """ - mbedtls_demos = glob.glob('programs/*/*_demo.sh') - tf_psa_crypto_demos = glob.glob('tf-psa-crypto/programs/*/*_demo.sh') - all_demos = mbedtls_demos + tf_psa_crypto_demos - if not all_demos: - # Keep the message on one line. pylint: disable=line-too-long - raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.') - return run_demos(all_demos, quiet=quiet) - -def main(): - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument('--quiet', '-q', - action='store_true', - help="suppress the output of demos") - options = parser.parse_args() - success = run_all_demos(quiet=options.quiet) - sys.exit(0 if success else 1) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py deleted file mode 100644 index ce2afcfc3..000000000 --- a/tests/scripts/scripts_path.py +++ /dev/null @@ -1,20 +0,0 @@ -"""Add our Python library directory to the module search path. - -Usage: - - import scripts_path # pylint: disable=unused-import -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import os -import sys - -sys.path.append(os.path.join(os.path.dirname(__file__), - os.path.pardir, os.path.pardir, - 'scripts')) -sys.path.append(os.path.join(os.path.dirname(__file__), - os.path.pardir, os.path.pardir, - 'framework', 'scripts')) diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py deleted file mode 100755 index f68dfcb72..000000000 --- a/tests/scripts/set_psa_test_dependencies.py +++ /dev/null @@ -1,284 +0,0 @@ -#!/usr/bin/env python3 - -"""Edit test cases to use PSA dependencies instead of classic dependencies. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import re -import sys - -CLASSIC_DEPENDENCIES = frozenset([ - # This list is manually filtered from mbedtls_config.h. - - # Mbed TLS feature support. - # Only features that affect what can be done are listed here. - # Options that control optimizations or alternative implementations - # are omitted. - 'MBEDTLS_CIPHER_MODE_CBC', - 'MBEDTLS_CIPHER_MODE_CFB', - 'MBEDTLS_CIPHER_MODE_CTR', - 'MBEDTLS_CIPHER_MODE_OFB', - 'MBEDTLS_CIPHER_MODE_XTS', - 'MBEDTLS_CIPHER_NULL_CIPHER', - 'MBEDTLS_CIPHER_PADDING_PKCS7', - 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS', - 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', - 'MBEDTLS_CIPHER_PADDING_ZEROS', - #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP224R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP224K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP512R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_CURVE25519_ENABLED', - #curve#'MBEDTLS_ECP_DP_CURVE448_ENABLED', - 'MBEDTLS_ECDSA_DETERMINISTIC', - #'MBEDTLS_GENPRIME', #needed for RSA key generation - 'MBEDTLS_PKCS1_V15', - 'MBEDTLS_PKCS1_V21', - - # Mbed TLS modules. - # Only modules that provide cryptographic mechanisms are listed here. - # Platform, data formatting, X.509 or TLS modules are omitted. - 'MBEDTLS_AES_C', - 'MBEDTLS_BIGNUM_C', - 'MBEDTLS_CAMELLIA_C', - 'MBEDTLS_ARIA_C', - 'MBEDTLS_CCM_C', - 'MBEDTLS_CHACHA20_C', - 'MBEDTLS_CHACHAPOLY_C', - 'MBEDTLS_CMAC_C', - 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_DES_C', - 'MBEDTLS_DHM_C', - 'MBEDTLS_ECDH_C', - 'MBEDTLS_ECDSA_C', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_ECP_C', - 'MBEDTLS_ENTROPY_C', - 'MBEDTLS_GCM_C', - 'MBEDTLS_HKDF_C', - 'MBEDTLS_HMAC_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_MD5_C', - 'MBEDTLS_PKCS5_C', - 'MBEDTLS_PKCS12_C', - 'MBEDTLS_POLY1305_C', - 'MBEDTLS_RIPEMD160_C', - 'MBEDTLS_RSA_C', - 'MBEDTLS_SHA1_C', - 'MBEDTLS_SHA256_C', - 'MBEDTLS_SHA512_C', -]) - -def is_classic_dependency(dep): - """Whether dep is a classic dependency that PSA test cases should not use.""" - if dep.startswith('!'): - dep = dep[1:] - return dep in CLASSIC_DEPENDENCIES - -def is_systematic_dependency(dep): - """Whether dep is a PSA dependency which is determined systematically.""" - if dep.startswith('PSA_WANT_ECC_'): - return False - return dep.startswith('PSA_WANT_') - -WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([ - 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # only a modifier - 'PSA_ALG_ANY_HASH', # only meaningful in policies - 'PSA_ALG_KEY_AGREEMENT', # only a way to combine algorithms - 'PSA_ALG_TRUNCATED_MAC', # only a modifier - 'PSA_KEY_TYPE_NONE', # not a real key type - 'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise - 'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise - 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', #only a modifier - 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', #only a modifier -]) - -SPECIAL_SYSTEMATIC_DEPENDENCIES = { - 'PSA_ALG_ECDSA_ANY': frozenset(['PSA_WANT_ALG_ECDSA']), - 'PSA_ALG_RSA_PKCS1V15_SIGN_RAW': frozenset(['PSA_WANT_ALG_RSA_PKCS1V15_SIGN']), -} - -def dependencies_of_symbol(symbol): - """Return the dependencies for a symbol that designates a cryptographic mechanism.""" - if symbol in WITHOUT_SYSTEMATIC_DEPENDENCIES: - return frozenset() - if symbol in SPECIAL_SYSTEMATIC_DEPENDENCIES: - return SPECIAL_SYSTEMATIC_DEPENDENCIES[symbol] - if symbol.startswith('PSA_ALG_CATEGORY_') or \ - symbol.startswith('PSA_KEY_TYPE_CATEGORY_'): - # Categories are used in test data when an unsupported but plausible - # mechanism number needed. They have no associated dependency. - return frozenset() - return {symbol.replace('_', '_WANT_', 1)} - -def systematic_dependencies(file_name, function_name, arguments): - """List the systematically determined dependency for a test case.""" - deps = set() - - # Run key policy negative tests even if the algorithm to attempt performing - # is not supported but in the case where the test is to check an - # incompatibility between a requested algorithm for a cryptographic - # operation and a key policy. In the latter, we want to filter out the - # cases # where PSA_ERROR_NOT_SUPPORTED is returned instead of - # PSA_ERROR_NOT_PERMITTED. - if function_name.endswith('_key_policy') and \ - arguments[-1].startswith('PSA_ERROR_') and \ - arguments[-1] != ('PSA_ERROR_NOT_PERMITTED'): - arguments[-2] = '' - if function_name == 'copy_fail' and \ - arguments[-1].startswith('PSA_ERROR_'): - arguments[-2] = '' - arguments[-3] = '' - - # Storage format tests that only look at how the file is structured and - # don't care about the format of the key material don't depend on any - # cryptographic mechanisms. - if os.path.basename(file_name) == 'test_suite_psa_crypto_persistent_key.data' and \ - function_name in {'format_storage_data_check', - 'parse_storage_data_check'}: - return [] - - for arg in arguments: - for symbol in re.findall(r'PSA_(?:ALG|KEY_TYPE)_\w+', arg): - deps.update(dependencies_of_symbol(symbol)) - return sorted(deps) - -def updated_dependencies(file_name, function_name, arguments, dependencies): - """Rework the list of dependencies into PSA_WANT_xxx. - - Remove classic crypto dependencies such as MBEDTLS_RSA_C, - MBEDTLS_PKCS1_V15, etc. - - Add systematic PSA_WANT_xxx dependencies based on the called function and - its arguments, replacing existing PSA_WANT_xxx dependencies. - """ - automatic = systematic_dependencies(file_name, function_name, arguments) - manual = [dep for dep in dependencies - if not (is_systematic_dependency(dep) or - is_classic_dependency(dep))] - return automatic + manual - -def keep_manual_dependencies(file_name, function_name, arguments): - #pylint: disable=unused-argument - """Declare test functions with unusual dependencies here.""" - # If there are no arguments, we can't do any useful work. Assume that if - # there are dependencies, they are warranted. - if not arguments: - return True - # When PSA_ERROR_NOT_SUPPORTED is expected, usually, at least one of the - # constants mentioned in the test should not be supported. It isn't - # possible to determine which one in a systematic way. So let the programmer - # decide. - if arguments[-1] == 'PSA_ERROR_NOT_SUPPORTED': - return True - return False - -def process_data_stanza(stanza, file_name, test_case_number): - """Update PSA crypto dependencies in one Mbed TLS test case. - - stanza is the test case text (including the description, the dependencies, - the line with the function and arguments, and optionally comments). Return - a new stanza with an updated dependency line, preserving everything else - (description, comments, arguments, etc.). - """ - if not stanza.lstrip('\n'): - # Just blank lines - return stanza - # Expect 2 or 3 non-comment lines: description, optional dependencies, - # function-and-arguments. - content_matches = list(re.finditer(r'^[\t ]*([^\t #].*)$', stanza, re.M)) - if len(content_matches) < 2: - raise Exception('Not enough content lines in paragraph {} in {}' - .format(test_case_number, file_name)) - if len(content_matches) > 3: - raise Exception('Too many content lines in paragraph {} in {}' - .format(test_case_number, file_name)) - arguments = content_matches[-1].group(0).split(':') - function_name = arguments.pop(0) - if keep_manual_dependencies(file_name, function_name, arguments): - return stanza - if len(content_matches) == 2: - # Insert a line for the dependencies. If it turns out that there are - # no dependencies, we'll remove that empty line below. - dependencies_location = content_matches[-1].start() - text_before = stanza[:dependencies_location] - text_after = '\n' + stanza[dependencies_location:] - old_dependencies = [] - dependencies_leader = 'depends_on:' - else: - dependencies_match = content_matches[-2] - text_before = stanza[:dependencies_match.start()] - text_after = stanza[dependencies_match.end():] - old_dependencies = dependencies_match.group(0).split(':') - dependencies_leader = old_dependencies.pop(0) + ':' - if dependencies_leader != 'depends_on:': - raise Exception('Next-to-last line does not start with "depends_on:"' - ' in paragraph {} in {}' - .format(test_case_number, file_name)) - new_dependencies = updated_dependencies(file_name, function_name, arguments, - old_dependencies) - if new_dependencies: - stanza = (text_before + - dependencies_leader + ':'.join(new_dependencies) + - text_after) - else: - # The dependencies have become empty. Remove the depends_on: line. - assert text_after[0] == '\n' - stanza = text_before + text_after[1:] - return stanza - -def process_data_file(file_name, old_content): - """Update PSA crypto dependencies in an Mbed TLS test suite data file. - - Process old_content (the old content of the file) and return the new content. - """ - old_stanzas = old_content.split('\n\n') - new_stanzas = [process_data_stanza(stanza, file_name, n) - for n, stanza in enumerate(old_stanzas, start=1)] - return '\n\n'.join(new_stanzas) - -def update_file(file_name, old_content, new_content): - """Update the given file with the given new content. - - Replace the existing file. The previous version is renamed to *.bak. - Don't modify the file if the content was unchanged. - """ - if new_content == old_content: - return - backup = file_name + '.bak' - tmp = file_name + '.tmp' - with open(tmp, 'w', encoding='utf-8') as new_file: - new_file.write(new_content) - os.replace(file_name, backup) - os.replace(tmp, file_name) - -def process_file(file_name): - """Update PSA crypto dependencies in an Mbed TLS test suite data file. - - Replace the existing file. The previous version is renamed to *.bak. - Don't modify the file if the content was unchanged. - """ - old_content = open(file_name, encoding='utf-8').read() - if file_name.endswith('.data'): - new_content = process_data_file(file_name, old_content) - else: - raise Exception('File type not recognized: {}' - .format(file_name)) - update_file(file_name, old_content, new_content) - -def main(args): - for file_name in args: - process_file(file_name) - -if __name__ == '__main__': - main(sys.argv[1:]) diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py deleted file mode 100755 index e500b3362..000000000 --- a/tests/scripts/test_config_script.py +++ /dev/null @@ -1,175 +0,0 @@ -#!/usr/bin/env python3 - -"""Test helper for the Mbed TLS configuration file tool - -Run config.py with various parameters and write the results to files. - -This is a harness to help regression testing, not a functional tester. -Sample usage: - - test_config_script.py -d old - ## Modify config.py and/or mbedtls_config.h ## - test_config_script.py -d new - diff -ru old new -""" - -## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -## - -import argparse -import glob -import os -import re -import shutil -import subprocess - -OUTPUT_FILE_PREFIX = 'config-' - -def output_file_name(directory, stem, extension): - return os.path.join(directory, - '{}{}.{}'.format(OUTPUT_FILE_PREFIX, - stem, extension)) - -def cleanup_directory(directory): - """Remove old output files.""" - for extension in []: - pattern = output_file_name(directory, '*', extension) - filenames = glob.glob(pattern) - for filename in filenames: - os.remove(filename) - -def prepare_directory(directory): - """Create the output directory if it doesn't exist yet. - - If there are old output files, remove them. - """ - if os.path.exists(directory): - cleanup_directory(directory) - else: - os.makedirs(directory) - -def guess_presets_from_help(help_text): - """Figure out what presets the script supports. - - help_text should be the output from running the script with --help. - """ - # Try the output format from config.py - hits = re.findall(r'\{([-\w,]+)\}', help_text) - for hit in hits: - words = set(hit.split(',')) - if 'get' in words and 'set' in words and 'unset' in words: - words.remove('get') - words.remove('set') - words.remove('unset') - return words - # Try the output format from config.pl - hits = re.findall(r'\n +([-\w]+) +- ', help_text) - if hits: - return hits - raise Exception("Unable to figure out supported presets. Pass the '-p' option.") - -def list_presets(options): - """Return the list of presets to test. - - The list is taken from the command line if present, otherwise it is - extracted from running the config script with --help. - """ - if options.presets: - return re.split(r'[ ,]+', options.presets) - else: - help_text = subprocess.run([options.script, '--help'], - check=False, # config.pl --help returns 255 - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT).stdout - return guess_presets_from_help(help_text.decode('ascii')) - -def run_one(options, args, stem_prefix='', input_file=None): - """Run the config script with the given arguments. - - Take the original content from input_file if specified, defaulting - to options.input_file if input_file is None. - - Write the following files, where xxx contains stem_prefix followed by - a filename-friendly encoding of args: - * config-xxx.h: modified file. - * config-xxx.out: standard output. - * config-xxx.err: standard output. - * config-xxx.status: exit code. - - Return ("xxx+", "path/to/config-xxx.h") which can be used as - stem_prefix and input_file to call this function again with new args. - """ - if input_file is None: - input_file = options.input_file - stem = stem_prefix + '-'.join(args) - data_filename = output_file_name(options.output_directory, stem, 'h') - stdout_filename = output_file_name(options.output_directory, stem, 'out') - stderr_filename = output_file_name(options.output_directory, stem, 'err') - status_filename = output_file_name(options.output_directory, stem, 'status') - shutil.copy(input_file, data_filename) - # Pass only the file basename, not the full path, to avoid getting the - # directory name in error messages, which would make comparisons - # between output directories more difficult. - cmd = [os.path.abspath(options.script), - '-f', os.path.basename(data_filename)] - with open(stdout_filename, 'wb') as out: - with open(stderr_filename, 'wb') as err: - status = subprocess.call(cmd + args, - cwd=options.output_directory, - stdin=subprocess.DEVNULL, - stdout=out, stderr=err) - with open(status_filename, 'w') as status_file: - status_file.write('{}\n'.format(status)) - return stem + "+", data_filename - -### A list of symbols to test with. -### This script currently tests what happens when you change a symbol from -### having a value to not having a value or vice versa. This is not -### necessarily useful behavior, and we may not consider it a bug if -### config.py stops handling that case correctly. -TEST_SYMBOLS = [ - 'CUSTOM_SYMBOL', # does not exist - 'MBEDTLS_AES_C', # set, no value - 'MBEDTLS_MPI_MAX_SIZE', # unset, has a value - 'MBEDTLS_NO_UDBL_DIVISION', # unset, in "System support" - 'MBEDTLS_PLATFORM_ZEROIZE_ALT', # unset, in "Customisation configuration options" -] - -def run_all(options): - """Run all the command lines to test.""" - presets = list_presets(options) - for preset in presets: - run_one(options, [preset]) - for symbol in TEST_SYMBOLS: - run_one(options, ['get', symbol]) - (stem, filename) = run_one(options, ['set', symbol]) - run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename) - run_one(options, ['--force', 'set', symbol]) - (stem, filename) = run_one(options, ['set', symbol, 'value']) - run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename) - run_one(options, ['--force', 'set', symbol, 'value']) - run_one(options, ['unset', symbol]) - -def main(): - """Command line entry point.""" - parser = argparse.ArgumentParser(description=__doc__, - formatter_class=argparse.RawDescriptionHelpFormatter) - parser.add_argument('-d', metavar='DIR', - dest='output_directory', required=True, - help="""Output directory.""") - parser.add_argument('-f', metavar='FILE', - dest='input_file', default='include/mbedtls/mbedtls_config.h', - help="""Config file (default: %(default)s).""") - parser.add_argument('-p', metavar='PRESET,...', - dest='presets', - help="""Presets to test (default: guessed from --help).""") - parser.add_argument('-s', metavar='FILE', - dest='script', default='scripts/config.py', - help="""Configuration script (default: %(default)s).""") - options = parser.parse_args() - prepare_directory(options.output_directory) - run_all(options) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py deleted file mode 100755 index 7c09afc19..000000000 --- a/tests/scripts/test_psa_compliance.py +++ /dev/null @@ -1,172 +0,0 @@ -#!/usr/bin/env python3 -"""Run the PSA Crypto API compliance test suite. -Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, -then compile and run the test suite. The clone is stored at /psa-arch-tests. -Known defects in either the test suite or mbedtls / TF-PSA-Crypto - identified by their test -number - are ignored, while unexpected failures AND successes are reported as errors, to help -keep the list of known defects as up to date as possible. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import os -import re -import shutil -import subprocess -import sys -from typing import List - -#pylint: disable=unused-import -import scripts_path -from mbedtls_framework import build_tree - -# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / -# TF-PSA-Crypto (or the test suite). -# The test numbers correspond to the numbers used by the console output of the test suite. -# Test number 2xx corresponds to the files in the folder -# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx -EXPECTED_FAILURES = {} # type: dict - -PSA_ARCH_TESTS_REPO = 'https://github.com/ARM-software/psa-arch-tests.git' -PSA_ARCH_TESTS_REF = 'v23.06_API1.5_ADAC_EAC' - -#pylint: disable=too-many-branches,too-many-statements,too-many-locals -def main(library_build_dir: str): - root_dir = os.getcwd() - - in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - - crypto_name = build_tree.crypto_library_filename(root_dir) - - # Temporary, while the crypto library is still located in the library - # directory. This will not be the case anymore when it will be built by - # the TF-PSA-Crypto build system. - if in_tf_psa_crypto_repo: - library_subdir = build_tree.crypto_core_directory(root_dir, relative=True) - else: - library_subdir = 'library' - - crypto_lib_filename = (library_build_dir + '/' + - library_subdir + '/' + - 'lib' + crypto_name + '.a') - - if not os.path.exists(crypto_lib_filename): - #pylint: disable=bad-continuation - subprocess.check_call([ - 'cmake', '.', - '-GUnix Makefiles', - '-B' + library_build_dir - ]) - subprocess.check_call(['cmake', '--build', library_build_dir, - '--target', crypto_name]) - - psa_arch_tests_dir = 'psa-arch-tests' - os.makedirs(psa_arch_tests_dir, exist_ok=True) - try: - os.chdir(psa_arch_tests_dir) - - # Reuse existing local clone - subprocess.check_call(['git', 'init']) - subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF]) - subprocess.check_call(['git', 'checkout', 'FETCH_HEAD']) - - build_dir = 'api-tests/build' - try: - shutil.rmtree(build_dir) - except FileNotFoundError: - pass - os.mkdir(build_dir) - os.chdir(build_dir) - - # Temporary while the PSA compliance test suite is still run as part - # of Mbed TLS testing. When it is not the case anymore, the second case - # can be removed. - if in_tf_psa_crypto_repo: - extra_includes = ';{}/drivers/builtin/include'.format(root_dir) - elif os.path.isdir(os.path.join(root_dir, 'tf-psa-crypto')): - extra_includes = ';{}/tf-psa-crypto/include'.format(root_dir) + \ - (';{}/tf-psa-crypto/drivers/builtin/include'.format(root_dir)) - - #pylint: disable=bad-continuation - subprocess.check_call([ - 'cmake', '..', - '-GUnix Makefiles', - '-DTARGET=tgt_dev_apis_stdc', - '-DTOOLCHAIN=HOST_GCC', - '-DSUITE=CRYPTO', - '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir, - crypto_lib_filename), - ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir) - ]) - subprocess.check_call(['cmake', '--build', '.']) - - proc = subprocess.Popen(['./psa-arch-tests-crypto'], - bufsize=1, stdout=subprocess.PIPE, universal_newlines=True) - - test_re = re.compile( - '^TEST: (?P[0-9]*)|' - '^TEST RESULT: (?PFAILED|PASSED)' - ) - test = -1 - unexpected_successes = set(EXPECTED_FAILURES) - expected_failures = [] # type: List[int] - unexpected_failures = [] # type: List[int] - if proc.stdout is None: - return 1 - - for line in proc.stdout: - print(line, end='') - match = test_re.match(line) - if match is not None: - groupdict = match.groupdict() - test_num = groupdict['test_num'] - if test_num is not None: - test = int(test_num) - elif groupdict['test_result'] == 'FAILED': - try: - unexpected_successes.remove(test) - expected_failures.append(test) - print('Expected failure, ignoring') - except KeyError: - unexpected_failures.append(test) - print('ERROR: Unexpected failure') - elif test in unexpected_successes: - print('ERROR: Unexpected success') - proc.wait() - - print() - print('***** test_psa_compliance.py report ******') - print() - print('Expected failures:', ', '.join(str(i) for i in expected_failures)) - print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures)) - print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes))) - print() - if unexpected_successes or unexpected_failures: - if unexpected_successes: - print('Unexpected successes encountered.') - print('Please remove the corresponding tests from ' - 'EXPECTED_FAILURES in tests/scripts/compliance_test.py') - print() - print('FAILED') - return 1 - else: - print('SUCCESS') - return 0 - finally: - os.chdir(root_dir) - -if __name__ == '__main__': - BUILD_DIR = 'out_of_source_build' - - # pylint: disable=invalid-name - parser = argparse.ArgumentParser() - parser.add_argument('--build-dir', nargs=1, - help='path to Mbed TLS / TF-PSA-Crypto build directory') - args = parser.parse_args() - - if args.build_dir is not None: - BUILD_DIR = args.build_dir[0] - - sys.exit(main(BUILD_DIR)) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py deleted file mode 100755 index e697d1755..000000000 --- a/tests/scripts/test_psa_constant_names.py +++ /dev/null @@ -1,194 +0,0 @@ -#!/usr/bin/env python3 -"""Test the program psa_constant_names. -Gather constant names from header files and test cases. Compile a C program -to print out their numerical values, feed these numerical values to -psa_constant_names, and check that the output is the original name. -Return 0 if all test cases pass, 1 if the output was not always as expected, -or 1 (with a Python backtrace) if there was an operational error. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -from collections import namedtuple -import os -import re -import subprocess -import sys -from typing import Iterable, List, Optional, Tuple - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import c_build_helper -from mbedtls_framework.macro_collector import InputsForTest, PSAMacroEnumerator -from mbedtls_framework import typing_util - -def gather_inputs(headers: Iterable[str], - test_suites: Iterable[str], - inputs_class=InputsForTest) -> PSAMacroEnumerator: - """Read the list of inputs to test psa_constant_names with.""" - inputs = inputs_class() - for header in headers: - inputs.parse_header(header) - for test_cases in test_suites: - inputs.parse_test_cases(test_cases) - inputs.add_numerical_values() - inputs.gather_arguments() - return inputs - -def run_c(type_word: str, - expressions: Iterable[str], - include_path: Optional[str] = None, - keep_c: bool = False) -> List[str]: - """Generate and run a program to print out numerical values of C expressions.""" - if type_word == 'status': - cast_to = 'long' - printf_format = '%ld' - else: - cast_to = 'unsigned long' - printf_format = '0x%08lx' - return c_build_helper.get_c_expression_values( - cast_to, printf_format, - expressions, - caller='test_psa_constant_names.py for {} values'.format(type_word), - file_label=type_word, - header='#include ', - include_path=include_path, - keep_c=keep_c - ) - -NORMALIZE_STRIP_RE = re.compile(r'\s+') -def normalize(expr: str) -> str: - """Normalize the C expression so as not to care about trivial differences. - - Currently "trivial differences" means whitespace. - """ - return re.sub(NORMALIZE_STRIP_RE, '', expr) - -ALG_TRUNCATED_TO_SELF_RE = \ - re.compile(r'PSA_ALG_AEAD_WITH_SHORTENED_TAG\(' - r'PSA_ALG_(?:CCM|CHACHA20_POLY1305|GCM)' - r', *16\)\Z') - -def is_simplifiable(expr: str) -> bool: - """Determine whether an expression is simplifiable. - - Simplifiable expressions can't be output in their input form, since - the output will be the simple form. Therefore they must be excluded - from testing. - """ - if ALG_TRUNCATED_TO_SELF_RE.match(expr): - return True - return False - -def collect_values(inputs: InputsForTest, - type_word: str, - include_path: Optional[str] = None, - keep_c: bool = False) -> Tuple[List[str], List[str]]: - """Generate expressions using known macro names and calculate their values. - - Return a list of pairs of (expr, value) where expr is an expression and - value is a string representation of its integer value. - """ - names = inputs.get_names(type_word) - expressions = sorted(expr - for expr in inputs.generate_expressions(names) - if not is_simplifiable(expr)) - values = run_c(type_word, expressions, - include_path=include_path, keep_c=keep_c) - return expressions, values - -class Tests: - """An object representing tests and their results.""" - - Error = namedtuple('Error', - ['type', 'expression', 'value', 'output']) - - def __init__(self, options) -> None: - self.options = options - self.count = 0 - self.errors = [] #type: List[Tests.Error] - - def run_one(self, inputs: InputsForTest, type_word: str) -> None: - """Test psa_constant_names for the specified type. - - Run the program on the names for this type. - Use the inputs to figure out what arguments to pass to macros that - take arguments. - """ - expressions, values = collect_values(inputs, type_word, - include_path=self.options.include, - keep_c=self.options.keep_c) - output_bytes = subprocess.check_output([self.options.program, - type_word] + values) - output = output_bytes.decode('ascii') - outputs = output.strip().split('\n') - self.count += len(expressions) - for expr, value, output in zip(expressions, values, outputs): - if self.options.show: - sys.stdout.write('{} {}\t{}\n'.format(type_word, value, output)) - if normalize(expr) != normalize(output): - self.errors.append(self.Error(type=type_word, - expression=expr, - value=value, - output=output)) - - def run_all(self, inputs: InputsForTest) -> None: - """Run psa_constant_names on all the gathered inputs.""" - for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group', - 'key_type', 'key_usage']: - self.run_one(inputs, type_word) - - def report(self, out: typing_util.Writable) -> None: - """Describe each case where the output is not as expected. - - Write the errors to ``out``. - Also write a total. - """ - for error in self.errors: - out.write('For {} "{}", got "{}" (value: {})\n' - .format(error.type, error.expression, - error.output, error.value)) - out.write('{} test cases'.format(self.count)) - if self.errors: - out.write(', {} FAIL\n'.format(len(self.errors))) - else: - out.write(' PASS\n') - -HEADERS = ['psa/crypto.h', 'psa/crypto_extra.h', 'psa/crypto_values.h'] -TEST_SUITES = ['tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data'] - -def main(): - parser = argparse.ArgumentParser(description=globals()['__doc__']) - parser.add_argument('--include', '-I', - action='append', default=['tf-psa-crypto/include', - 'tf-psa-crypto/drivers/builtin/include', - 'tf-psa-crypto/drivers/everest/include', - 'include'], - help='Directory for header files') - parser.add_argument('--keep-c', - action='store_true', dest='keep_c', default=False, - help='Keep the intermediate C file') - parser.add_argument('--no-keep-c', - action='store_false', dest='keep_c', - help='Don\'t keep the intermediate C file (default)') - parser.add_argument('--program', - default='tf-psa-crypto/programs/psa/psa_constant_names', - help='Program to test') - parser.add_argument('--show', - action='store_true', - help='Show tested values on stdout') - parser.add_argument('--no-show', - action='store_false', dest='show', - help='Don\'t show tested values (default)') - options = parser.parse_args() - headers = [os.path.join(options.include[0], h) for h in HEADERS] - inputs = gather_inputs(headers, TEST_SUITES) - tests = Tests(options) - tests.run_all(inputs) - tests.report(sys.stdout) - if tests.errors: - sys.exit(1) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb deleted file mode 100644 index 57f771f56..000000000 --- a/tests/scripts/test_zeroize.gdb +++ /dev/null @@ -1,64 +0,0 @@ -# test_zeroize.gdb -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Run a test using the debugger to check that the mbedtls_platform_zeroize() -# function in platform_util.h is not being optimized out by the compiler. To do -# so, the script loads the test program at programs/test/zeroize.c and sets a -# breakpoint at the last return statement in main(). When the breakpoint is -# hit, the debugger manually checks the contents to be zeroized and checks that -# it is actually cleared. -# -# The mbedtls_platform_zeroize() test is debugger driven because there does not -# seem to be a mechanism to reliably check whether the zeroize calls are being -# eliminated by compiler optimizations from within the compiled program. The -# problem is that a compiler would typically remove what it considers to be -# "unnecessary" assignments as part of redundant code elimination. To identify -# such code, the compilar will create some form dependency graph between -# reads and writes to variables (among other situations). It will then use this -# data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_platform_zeroize(), an -# intelligent compiler could determine that this function clears a block of -# memory that is not accessed later in the program, so removing the call to -# mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_platform_zeroize() to check whether -# the block of memory was correctly zeroed would force the compiler to not -# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then -# the compiler potentially has a bug. -# -# Note: This test requires that the test program is compiled with -g3. - -set confirm off - -file ./programs/test/zeroize - -search GDB_BREAK_HERE -break $_ - -set args ./programs/test/zeroize.c -run - -set $i = 0 -set $len = sizeof(buf) -set $buf = buf - -while $i < $len - if $buf[$i++] != 0 - echo The buffer at was not zeroized\n - quit 1 - end -end - -echo The buffer was correctly zeroized\n - -continue - -if $_exitcode != 0 - echo The program did not terminate correctly\n - quit 1 -end - -quit 0 diff --git a/tests/src/certs.c b/tests/src/certs.c deleted file mode 100644 index bacc84675..000000000 --- a/tests/src/certs.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * X.509 test certificates - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "common.h" - -#include - -#include "mbedtls/build_info.h" - -#include "mbedtls/pk.h" - -#include "test_certs.h" - -/* - * - * Test certificates and keys as C variables - * - */ - -/* - * CA - */ - -const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM; -const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM; -const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM; -const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM; -const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM; -const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM; -const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER; -const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER; -const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] = - TEST_CA_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = - TEST_CA_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof(mbedtls_test_ca_crt_ec_pem); -const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof(mbedtls_test_ca_key_ec_pem); -const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof(mbedtls_test_ca_pwd_ec_pem) - 1; -const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof(mbedtls_test_ca_key_rsa_pem); -const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1_pem); -const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256_pem); - -const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof(mbedtls_test_ca_crt_ec_der); -const size_t mbedtls_test_ca_key_ec_der_len = - sizeof(mbedtls_test_ca_key_ec_der); -const size_t mbedtls_test_ca_pwd_ec_der_len = 0; -const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof(mbedtls_test_ca_key_rsa_der); -const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; -const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1_der); -const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256_der); - -/* - * Server - */ - -const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM; -const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM; -const char mbedtls_test_srv_pwd_ec_pem[] = ""; -const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM; -const char mbedtls_test_srv_pwd_rsa_pem[] = ""; -const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM; -const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER; -const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER; -const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] = - TEST_SRV_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = - TEST_SRV_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof(mbedtls_test_srv_crt_ec_pem); -const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof(mbedtls_test_srv_key_ec_pem); -const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof(mbedtls_test_srv_pwd_ec_pem) - 1; -const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof(mbedtls_test_srv_key_rsa_pem); -const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1; -const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1_pem); -const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256_pem); - -const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof(mbedtls_test_srv_crt_ec_der); -const size_t mbedtls_test_srv_key_ec_der_len = - sizeof(mbedtls_test_srv_key_ec_der); -const size_t mbedtls_test_srv_pwd_ec_der_len = 0; -const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof(mbedtls_test_srv_key_rsa_der); -const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; -const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1_der); -const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256_der); - -/* - * Client - */ - -const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM; -const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM; -const char mbedtls_test_cli_pwd_ec_pem[] = ""; -const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM; -const char mbedtls_test_cli_pwd_rsa_pem[] = ""; -const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM; - -const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER; -const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER; -const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; -const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; - -const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof(mbedtls_test_cli_crt_ec_pem); -const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof(mbedtls_test_cli_key_ec_pem); -const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof(mbedtls_test_cli_pwd_ec_pem) - 1; -const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof(mbedtls_test_cli_key_rsa_pem); -const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1; -const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof(mbedtls_test_cli_crt_rsa_pem); - -const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof(mbedtls_test_cli_crt_ec_der); -const size_t mbedtls_test_cli_key_ec_der_len = - sizeof(mbedtls_test_cli_key_ec_der); -const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof(mbedtls_test_cli_key_rsa_der); -const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof(mbedtls_test_cli_crt_rsa_der); - -/* - * - * Definitions of test CRTs without specification of all parameters, choosing - * them automatically according to the config. For example, mbedtls_test_ca_crt - * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}. - * - */ - -/* - * Dispatch between PEM and DER according to config - */ - -#if defined(MBEDTLS_PEM_PARSE_C) - -/* PEM encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM -#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM -#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM - -/* PEM encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM - -/* PEM encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM - -#else /* MBEDTLS_PEM_PARSE_C */ - -/* DER encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER -#define TEST_CA_PWD_RSA "" -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER -#define TEST_CA_PWD_EC "" -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER - -/* DER encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER - -/* DER encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER - -#endif /* MBEDTLS_PEM_PARSE_C */ - -const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA; -const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA; -const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; -const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC; -const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC; -const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC; - -const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA; -const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA; -const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256; -const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1; -const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC; -const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC; -const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC; - -const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA; -const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA; -const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA; -const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC; -const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; -const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; - -const size_t mbedtls_test_ca_key_rsa_len = - sizeof(mbedtls_test_ca_key_rsa); -const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof(mbedtls_test_ca_pwd_rsa) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256); -const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1); -const size_t mbedtls_test_ca_key_ec_len = - sizeof(mbedtls_test_ca_key_ec); -const size_t mbedtls_test_ca_pwd_ec_len = - sizeof(mbedtls_test_ca_pwd_ec) - 1; -const size_t mbedtls_test_ca_crt_ec_len = - sizeof(mbedtls_test_ca_crt_ec); - -const size_t mbedtls_test_srv_key_rsa_len = - sizeof(mbedtls_test_srv_key_rsa); -const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof(mbedtls_test_srv_pwd_rsa) -1; -const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256); -const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1); -const size_t mbedtls_test_srv_key_ec_len = - sizeof(mbedtls_test_srv_key_ec); -const size_t mbedtls_test_srv_pwd_ec_len = - sizeof(mbedtls_test_srv_pwd_ec) - 1; -const size_t mbedtls_test_srv_crt_ec_len = - sizeof(mbedtls_test_srv_crt_ec); - -const size_t mbedtls_test_cli_key_rsa_len = - sizeof(mbedtls_test_cli_key_rsa); -const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof(mbedtls_test_cli_pwd_rsa) - 1; -const size_t mbedtls_test_cli_crt_rsa_len = - sizeof(mbedtls_test_cli_crt_rsa); -const size_t mbedtls_test_cli_key_ec_len = - sizeof(mbedtls_test_cli_key_ec); -const size_t mbedtls_test_cli_pwd_ec_len = - sizeof(mbedtls_test_cli_pwd_ec) - 1; -const size_t mbedtls_test_cli_crt_ec_len = - sizeof(mbedtls_test_cli_crt_ec); - -/* - * Dispatch between SHA-1 and SHA-256 - */ - -#if defined(PSA_WANT_ALG_SHA_256) -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 -#else -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* PSA_WANT_ALG_SHA_256 */ - -const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; -const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; - -const size_t mbedtls_test_ca_crt_rsa_len = - sizeof(mbedtls_test_ca_crt_rsa); -const size_t mbedtls_test_srv_crt_rsa_len = - sizeof(mbedtls_test_srv_crt_rsa); - -/* - * Dispatch between RSA and EC - */ - -#if defined(MBEDTLS_RSA_C) - -#define TEST_CA_KEY TEST_CA_KEY_RSA -#define TEST_CA_PWD TEST_CA_PWD_RSA -#define TEST_CA_CRT TEST_CA_CRT_RSA - -#define TEST_SRV_KEY TEST_SRV_KEY_RSA -#define TEST_SRV_PWD TEST_SRV_PWD_RSA -#define TEST_SRV_CRT TEST_SRV_CRT_RSA - -#define TEST_CLI_KEY TEST_CLI_KEY_RSA -#define TEST_CLI_PWD TEST_CLI_PWD_RSA -#define TEST_CLI_CRT TEST_CLI_CRT_RSA - -#else /* no RSA, so assume ECDSA */ - -#define TEST_CA_KEY TEST_CA_KEY_EC -#define TEST_CA_PWD TEST_CA_PWD_EC -#define TEST_CA_CRT TEST_CA_CRT_EC - -#define TEST_SRV_KEY TEST_SRV_KEY_EC -#define TEST_SRV_PWD TEST_SRV_PWD_EC -#define TEST_SRV_CRT TEST_SRV_CRT_EC - -#define TEST_CLI_KEY TEST_CLI_KEY_EC -#define TEST_CLI_PWD TEST_CLI_PWD_EC -#define TEST_CLI_CRT TEST_CLI_CRT_EC -#endif /* MBEDTLS_RSA_C */ - -/* API stability forces us to declare - * mbedtls_test_{ca|srv|cli}_{key|pwd|crt} - * as pointers. */ -static const char test_ca_key[] = TEST_CA_KEY; -static const char test_ca_pwd[] = TEST_CA_PWD; -static const char test_ca_crt[] = TEST_CA_CRT; - -static const char test_srv_key[] = TEST_SRV_KEY; -static const char test_srv_pwd[] = TEST_SRV_PWD; -static const char test_srv_crt[] = TEST_SRV_CRT; - -static const char test_cli_key[] = TEST_CLI_KEY; -static const char test_cli_pwd[] = TEST_CLI_PWD; -static const char test_cli_crt[] = TEST_CLI_CRT; - -const char *mbedtls_test_ca_key = test_ca_key; -const char *mbedtls_test_ca_pwd = test_ca_pwd; -const char *mbedtls_test_ca_crt = test_ca_crt; - -const char *mbedtls_test_srv_key = test_srv_key; -const char *mbedtls_test_srv_pwd = test_srv_pwd; -const char *mbedtls_test_srv_crt = test_srv_crt; - -const char *mbedtls_test_cli_key = test_cli_key; -const char *mbedtls_test_cli_pwd = test_cli_pwd; -const char *mbedtls_test_cli_crt = test_cli_crt; - -const size_t mbedtls_test_ca_key_len = - sizeof(test_ca_key); -const size_t mbedtls_test_ca_pwd_len = - sizeof(test_ca_pwd) - 1; -const size_t mbedtls_test_ca_crt_len = - sizeof(test_ca_crt); - -const size_t mbedtls_test_srv_key_len = - sizeof(test_srv_key); -const size_t mbedtls_test_srv_pwd_len = - sizeof(test_srv_pwd) - 1; -const size_t mbedtls_test_srv_crt_len = - sizeof(test_srv_crt); - -const size_t mbedtls_test_cli_key_len = - sizeof(test_cli_key); -const size_t mbedtls_test_cli_pwd_len = - sizeof(test_cli_pwd) - 1; -const size_t mbedtls_test_cli_crt_len = - sizeof(test_cli_crt); - -/* - * - * Lists of certificates - * - */ - -/* List of CAs in PEM or DER, depending on config */ -const char *mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_1) - mbedtls_test_ca_crt_rsa_sha1, -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - mbedtls_test_ca_crt_rsa_sha256, -#endif -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - mbedtls_test_ca_crt_ec, -#endif - NULL -}; -const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_1) - sizeof(mbedtls_test_ca_crt_rsa_sha1), -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - sizeof(mbedtls_test_ca_crt_rsa_sha256), -#endif -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - sizeof(mbedtls_test_ca_crt_ec), -#endif - 0 -}; - -/* List of all available CA certificates in DER format */ -const unsigned char *mbedtls_test_cas_der[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - mbedtls_test_ca_crt_ec_der, -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - NULL -}; - -const size_t mbedtls_test_cas_der_len[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - sizeof(mbedtls_test_ca_crt_rsa_sha256_der), -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - sizeof(mbedtls_test_ca_crt_rsa_sha1_der), -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - sizeof(mbedtls_test_ca_crt_ec_der), -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - 0 -}; - -/* Concatenation of all available CA certificates in PEM format */ -#if defined(MBEDTLS_PEM_PARSE_C) -const char mbedtls_test_cas_pem[] = -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - TEST_CA_CRT_RSA_SHA256_PEM -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - TEST_CA_CRT_RSA_SHA1_PEM -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - TEST_CA_CRT_EC_PEM -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - ""; -const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); -#endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c deleted file mode 100644 index 44e07efb6..000000000 --- a/tests/src/test_helpers/ssl_helpers.c +++ /dev/null @@ -1,2578 +0,0 @@ -/** \file ssl_helpers.c - * - * \brief Helper functions to set up a TLS connection. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_SSL_TLS_C) -int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) -{ - (void) p_rng; - for (size_t i = 0; i < output_len; i++) { - output[i] = rand(); - } - - return 0; -} - -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) -{ - mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; - - (void) level; - (void) line; - (void) file; - - if (NULL != p && - NULL != p->pattern && - NULL != strstr(str, p->pattern)) { - p->counter++; - } -} - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - static int rng_seed = 0xBEEF; - - srand(rng_seed); - rng_seed += 0xD0; -#endif - - memset(opts, 0, sizeof(*opts)); - - opts->cipher = ""; - opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; - opts->cli_msg_len = 100; - opts->srv_msg_len = 100; - opts->expected_cli_fragments = 1; - opts->expected_srv_fragments = 1; - opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->resize_buffers = 1; - opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - opts->max_early_data_size = -1; -#if defined(MBEDTLS_SSL_CACHE_C) - TEST_CALLOC(opts->cache, 1); - mbedtls_ssl_cache_init(opts->cache); -#if defined(MBEDTLS_HAVE_TIME) - TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), - MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT); -#endif -exit: - return; -#endif -} - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(opts->cache); - mbedtls_free(opts->cache); -#else - (void) opts; -#endif -} - -#if defined(MBEDTLS_TEST_HOOKS) -static void set_chk_buf_ptr_args( - mbedtls_ssl_chk_buf_ptr_args *args, - unsigned char *cur, unsigned char *end, size_t need) -{ - args->cur = cur; - args->end = end; - args->need = need; -} - -static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) -{ - memset(args, 0, sizeof(*args)); -} -#endif /* MBEDTLS_TEST_HOOKS */ - -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) -{ - memset(buf, 0, sizeof(*buf)); -} - -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity) -{ - buf->buffer = (unsigned char *) mbedtls_calloc(capacity, - sizeof(unsigned char)); - if (NULL == buf->buffer) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - buf->capacity = capacity; - - return 0; -} - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) -{ - if (buf->buffer != NULL) { - mbedtls_free(buf->buffer); - } - - memset(buf, 0, sizeof(*buf)); -} - -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - /* Reduce input_len to a number that fits in the buffer. */ - if ((buf->content_length + input_len) > buf->capacity) { - input_len = buf->capacity - buf->content_length; - } - - if (input == NULL) { - return (input_len == 0) ? 0 : -1; - } - - /* Check if the buffer has not come full circle and free space is not in - * the middle */ - if (buf->start + buf->content_length < buf->capacity) { - - /* Calculate the number of bytes that need to be placed at lower memory - * address */ - if (buf->start + buf->content_length + input_len - > buf->capacity) { - overflow = (buf->start + buf->content_length + input_len) - % buf->capacity; - } - - memcpy(buf->buffer + buf->start + buf->content_length, input, - input_len - overflow); - memcpy(buf->buffer, input + input_len - overflow, overflow); - - } else { - /* The buffer has come full circle and free space is in the middle */ - memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, - input, input_len); - } - - buf->content_length += input_len; - return (input_len > INT_MAX) ? INT_MAX : (int) input_len; -} - -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - if (output == NULL && output_len == 0) { - return 0; - } - - if (buf->content_length < output_len) { - output_len = buf->content_length; - } - - /* Calculate the number of bytes that need to be drawn from lower memory - * address */ - if (buf->start + output_len > buf->capacity) { - overflow = (buf->start + output_len) % buf->capacity; - } - - if (output != NULL) { - memcpy(output, buf->buffer + buf->start, output_len - overflow); - memcpy(output + output_len - overflow, buf->buffer, overflow); - } - - buf->content_length -= output_len; - buf->start = (buf->start + output_len) % buf->capacity; - - return (output_len > INT_MAX) ? INT_MAX : (int) output_len; -} - -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity) -{ - queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); - if (NULL == queue->messages) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; - queue->pos = 0; - queue->num = 0; - - return 0; -} - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue) -{ - if (queue == NULL) { - return; - } - - if (queue->messages != NULL) { - mbedtls_free(queue->messages); - } - - memset(queue, 0, sizeof(*queue)); -} - -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len) -{ - int place; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - place = (queue->pos + queue->num) % queue->capacity; - queue->messages[place] = len; - queue->num++; - return (len > INT_MAX) ? INT_MAX : (int) len; -} - -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len) -{ - size_t message_length; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - message_length = queue->messages[queue->pos]; - queue->messages[queue->pos] = 0; - queue->num--; - queue->pos++; - queue->pos %= queue->capacity; - if (queue->pos < 0) { - queue->pos += queue->capacity; - } - - return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : - (message_length > buf_len) ? (int) buf_len : (int) message_length; -} - -/* - * Take a peek on the info about the next message length from the queue. - * This will be the oldest inserted message length(fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval 0, if the peek was successful. - * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is - * too small to fit the message. In this case the \p msg_len will be - * set to the full message length so that the - * caller knows what portion of the message can be dropped. - */ -static int test_ssl_message_queue_peek_info( - mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) -{ - if (queue == NULL || msg_len == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - *msg_len = queue->messages[queue->pos]; - return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; -} - -void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) -{ - memset(socket, 0, sizeof(*socket)); -} - -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) -{ - if (socket == NULL) { - return; - } - - if (socket->input != NULL) { - mbedtls_test_ssl_buffer_free(socket->input); - mbedtls_free(socket->input); - } - - if (socket->output != NULL) { - mbedtls_test_ssl_buffer_free(socket->output); - mbedtls_free(socket->output); - } - - if (socket->peer != NULL) { - memset(socket->peer, 0, sizeof(*socket->peer)); - } - - memset(socket, 0, sizeof(*socket)); -} - -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) -{ - int ret = -1; - - peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer1->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { - goto exit; - } - - peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer2->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { - goto exit; - } - - peer1->peer = peer2; - peer2->peer = peer1; - peer1->input = peer2->output; - peer2->input = peer1->output; - - peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; - ret = 0; - -exit: - - if (ret != 0) { - mbedtls_test_mock_socket_close(peer1); - mbedtls_test_mock_socket_close(peer2); - } - - return ret; -} - -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->output->capacity == socket->output->content_length) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->input->content_length == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx) -{ - ctx->queue_input = NULL; - ctx->queue_output = NULL; - ctx->socket = NULL; -} - -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) -{ - int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); - if (ret != 0) { - return ret; - } - ctx->queue_input = queue_input; - ctx->queue_output = queue_output; - ctx->socket = socket; - mbedtls_test_mock_socket_init(socket); - - return 0; -} - -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_test_ssl_message_queue_free(ctx->queue_input); - mbedtls_test_mock_socket_close(ctx->socket); - memset(ctx, 0, sizeof(*ctx)); -} - -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - - if (context == NULL || context->socket == NULL - || context->queue_output == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_output; - socket = context->socket; - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { - return MBEDTLS_TEST_ERROR_SEND_FAILED; - } - - return mbedtls_test_ssl_message_queue_push_info(queue, len); -} - -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - size_t drop_len = 0; - size_t msg_len; - int ret; - - if (context == NULL || context->socket == NULL - || context->queue_input == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_input; - socket = context->socket; - - /* Peek first, so that in case of a socket error the data remains in - * the queue. */ - ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Calculate how much to drop */ - drop_len = msg_len - buf_len; - - /* Set the requested message len to be buffer length */ - msg_len = buf_len; - } else if (ret != 0) { - return ret; - } - - if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { - return MBEDTLS_TEST_ERROR_RECV_FAILED; - } - - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != - (int) drop_len) { - /* Inconsistent state - part of the message was read, - * and a part couldn't. Not much we can do here, but it should not - * happen in test environment, unless forced manually. */ - } - } - ret = mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - if (ret < 0) { - return ret; - } - - return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Deinitializes certificates from endpoint represented by \p ep. - */ -static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) -{ - mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); - if (cert != NULL) { - if (cert->ca_cert != NULL) { - mbedtls_x509_crt_free(cert->ca_cert); - mbedtls_free(cert->ca_cert); - cert->ca_cert = NULL; - } - if (cert->cert != NULL) { - mbedtls_x509_crt_free(cert->cert); - mbedtls_free(cert->cert); - cert->cert = NULL; - } - if (cert->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(cert->pkey->priv_id); - } -#endif - mbedtls_pk_free(cert->pkey); - mbedtls_free(cert->pkey); - cert->pkey = NULL; - } - } -} - -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage) -{ - int i = 0; - int ret = -1; - mbedtls_test_ssl_endpoint_certificate *cert = NULL; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert = &(ep->cert); - TEST_CALLOC(cert->ca_cert, 1); - TEST_CALLOC(cert->cert, 1); - TEST_CALLOC(cert->pkey, 1); - - mbedtls_x509_crt_init(cert->ca_cert); - mbedtls_x509_crt_init(cert->cert); - mbedtls_pk_init(cert->pkey); - - /* Load the trusted CA */ - - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der( - cert->ca_cert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - TEST_ASSERT(ret == 0); - } - - /* Load own certificate and private key */ - - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } - } else { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } else { - ret = mbedtls_x509_crt_parse( - cert->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_pk_parse_key( - cert->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0); - } - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (opaque_alg != 0) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, - &key_attr), 0); - /* Then manually usage, alg and alg2 as requested by the test. */ - psa_set_key_usage_flags(&key_attr, opaque_usage); - psa_set_key_algorithm(&key_attr, opaque_alg); - if (opaque_alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); - } - TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); - mbedtls_pk_free(cert->pkey); - mbedtls_pk_init(cert->pkey); - TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); - } -#else - (void) opaque_alg; - (void) opaque_alg2; - (void) opaque_usage; -#endif - - mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - TEST_ASSERT(ep->conf.key_cert != NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_ASSERT(ret == 0); - TEST_ASSERT(ep->conf.key_cert == NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); - TEST_ASSERT(ret == 0); - -exit: - if (ret != 0) { - test_ssl_endpoint_certificate_free(ep); - } - - return ret; -} - -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue) -{ - int ret = -1; - uintptr_t user_data_n; - - if (dtls_context != NULL && - (input_queue == NULL || output_queue == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - - } - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(ep, 0, sizeof(*ep)); - - ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; - - mbedtls_ssl_init(&(ep->ssl)); - mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); - - (void) mbedtls_test_rnd_std_rand(NULL, - (void *) &user_data_n, - sizeof(user_data_n)); - mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); - mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - - if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); - } else { - mbedtls_test_mock_socket_init(&(ep->socket)); - } - - /* Non-blocking callbacks without timeout */ - if (dtls_context != NULL) { - mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - (dtls_context != NULL) ? - MBEDTLS_SSL_TRANSPORT_DATAGRAM : - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - TEST_ASSERT(ret == 0); - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&(ep->conf), - options->client_min_version); - } - - if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&(ep->conf), - options->client_max_version); - } - } else { - if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&(ep->conf), - options->server_min_version); - } - - if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&(ep->conf), - options->server_max_version); - } - } - - if (options->group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); - } - - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && - (options->max_early_data_size >= 0)) { - mbedtls_ssl_conf_max_early_data_size(&(ep->conf), - options->max_early_data_size); - } -#endif -#if defined(MBEDTLS_SSL_ALPN) - /* check that alpn_list contains at least one valid entry */ - if (options->alpn_list[0] != NULL) { - mbedtls_ssl_conf_alpn_protocols(&(ep->conf), options->alpn_list); - } -#endif -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { - mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); - } -#endif - - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_ASSERT(ret == 0); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { - mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); - } -#endif - -#if defined(MBEDTLS_DEBUG_C) -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && - options->srv_log_fun != NULL) { - mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, - options->srv_log_obj); - } -#endif -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && - options->cli_log_fun != NULL) { - mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, - options->cli_log_obj); - } -#endif -#endif /* MBEDTLS_DEBUG_C */ - - ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, - options->opaque_alg, - options->opaque_alg2, - options->opaque_usage); - TEST_ASSERT(ret == 0); - - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); - mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); - mbedtls_ssl_set_user_data_p(&ep->ssl, ep); - -exit: - return ret; -} - -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) -{ - test_ssl_endpoint_certificate_free(ep); - - mbedtls_ssl_free(&(ep->ssl)); - mbedtls_ssl_config_free(&(ep->conf)); - - if (context != NULL) { - mbedtls_test_message_socket_close(context); - } else { - mbedtls_test_mock_socket_close(&(ep->socket)); - } -} - -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) -{ - enum { BUFFSIZE = 1024 }; - int max_steps = 1000; - int ret = 0; - - if (ssl == NULL || second_ssl == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Perform communication via connected sockets */ - while ((ssl->state != state) && (--max_steps >= 0)) { - /* If /p second_ssl ends the handshake procedure before /p ssl then - * there is no need to call the next step */ - if (!mbedtls_ssl_is_handshake_over(second_ssl)) { - ret = mbedtls_ssl_handshake_step(second_ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - /* We only care about the \p ssl state and returns, so we call it last, - * to leave the iteration as soon as the state is as expected. */ - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - return (max_steps >= 0) ? ret : -1; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Write application data. Increase write counter if necessary. - */ -static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *written, - const int expected_fragments) -{ - int ret; - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); - } - - ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); - if (ret > 0) { - *written += ret; - } - - if (expected_fragments == 0) { - /* Used for DTLS and the message size larger than MFL. In that case - * the message can not be fragmented and the library should return - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ - return ret; - } else if (expected_fragments == 1) { - /* Used for TLS/DTLS and the message size lower than MFL */ - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - /* Used for TLS and the message size larger than MFL */ - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Read application data and increase read counter and fragments counter - * if necessary. - */ -static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *read, int *fragments, - const int expected_fragments) -{ - int ret; - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); - } - - ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); - if (ret > 0) { - (*fragments)++; - *read += ret; - } - - if (expected_fragments == 0) { - TEST_ASSERT(ret == 0); - } else if (expected_fragments == 1) { - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - forced_ciphersuite[1] = 0; - - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); - - if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; - } - if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; - } - - mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); - -exit: - return; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_SSL_SRV_C) -static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - size_t part_len; - - status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, - transform->psa_alg); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_set_iv(&cipher_op, iv, iv_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, - &part_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *olen += part_len; - return 0; -#else - return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - iv, iv_len, input, ilen, output, olen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && - PSA_WANT_KEY_TYPE_AES */ - -static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, - mbedtls_cipher_mode_t *cipher_mode, - size_t *key_bits, size_t *iv_len) -{ - switch (cipher_type) { - case MBEDTLS_CIPHER_AES_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_AES_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_ARIA_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_ARIA_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - - case MBEDTLS_CIPHER_AES_128_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_192_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_256_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 256; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_192_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_AES_128_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_192_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_256_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 256; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_192_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_CHACHA20_POLY1305: - *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_NULL: - *cipher_mode = MBEDTLS_MODE_STREAM; - *key_bits = 0; - *iv_len = 0; - break; - - default: - *cipher_mode = MBEDTLS_MODE_NONE; - *key_bits = 0; - *iv_len = 0; - } -} - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len) -{ - mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; - size_t key_bits = 0; - int ret = 0; - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - mbedtls_cipher_info_t const *cipher_info; -#endif - - size_t keylen, maclen, ivlen = 0; - unsigned char *key0 = NULL, *key1 = NULL; - unsigned char *md0 = NULL, *md1 = NULL; - unsigned char iv_enc[16], iv_dec[16]; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid0[SSL_CID_LEN_MIN]; - unsigned char cid1[SSL_CID_LEN_MIN]; - - mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); - mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); -#else - ((void) cid0_len); - ((void) cid1_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - maclen = 0; - mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, - &cipher_mode, &key_bits, &ivlen); - - /* Pick keys */ - keylen = key_bits / 8; - /* Allocate `keylen + 1` bytes to ensure that we get - * a non-NULL pointers from `mbedtls_calloc` even if - * `keylen == 0` in the case of the NULL cipher. */ - CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); - CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); - memset(key0, 0x1, keylen); - memset(key1, 0x2, keylen); - -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); - - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - - /* Setup MAC contexts */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (cipher_mode == MBEDTLS_MODE_CBC || - cipher_mode == MBEDTLS_MODE_STREAM) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); - CHK(md_info != NULL); -#endif - maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); - CHK(maclen != 0); - /* Pick hash keys */ - CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); - CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); - memset(md0, 0x5, maclen); - memset(md1, 0x6, maclen); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_md_psa_alg_from_type(hash_id); - - CHK(alg != 0); - - t_out->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_in->psa_mac_enc) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_out->psa_mac_enc) == PSA_SUCCESS); - - if (cipher_mode == MBEDTLS_MODE_STREAM || - etm == MBEDTLS_SSL_ETM_DISABLED) { - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - } else { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - } - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_in->psa_mac_dec) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_out->psa_mac_dec) == PSA_SUCCESS); -#else - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); -#endif - } -#else - ((void) hash_id); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - - /* Pick IV's (regardless of whether they - * are being used by the transform). */ - memset(iv_enc, 0x3, sizeof(iv_enc)); - memset(iv_dec, 0x4, sizeof(iv_dec)); - - /* - * Setup transforms - */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - t_out->encrypt_then_mac = etm; - t_in->encrypt_then_mac = etm; -#else - ((void) etm); -#endif - - t_out->tls_version = tls_version; - t_in->tls_version = tls_version; - t_out->ivlen = ivlen; - t_in->ivlen = ivlen; - - switch (cipher_mode) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { - t_out->fixed_ivlen = 4; - t_in->fixed_ivlen = 4; - } - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_CHACHAPOLY: - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_STREAM: - case MBEDTLS_MODE_CBC: - t_out->fixed_ivlen = 0; /* redundant, must be 0 */ - t_in->fixed_ivlen = 0; /* redundant, must be 0 */ - t_out->taglen = 0; - t_in->taglen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->maclen = maclen; - t_in->maclen = maclen; - break; - default: - ret = 1; - goto cleanup; - } - break; - default: - ret = 1; - goto cleanup; - break; - } - - /* Setup IV's */ - - memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); - memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Add CID */ - memcpy(&t_in->in_cid, cid0, cid0_len); - memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = (uint8_t) cid0_len; - t_in->out_cid_len = (uint8_t) cid1_len; - memcpy(&t_out->in_cid, cid1, cid1_len); - memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = (uint8_t) cid1_len; - t_out->out_cid_len = (uint8_t) cid0_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - status = mbedtls_ssl_cipher_to_psa(cipher_type, - t_in->taglen, - &alg, - &key_type, - &key_bits); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - t_in->psa_alg = alg; - t_out->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -cleanup: - - mbedtls_free(key0); - mbedtls_free(key1); - - mbedtls_free(md0); - mbedtls_free(md1); - - return ret; -} - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, - mbedtls_ssl_transform *transform_out) -{ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#endif - - /* Serialized version of record header for MAC purposes */ - unsigned char add_data[13]; - memcpy(add_data, record->ctr, 8); - add_data[8] = record->type; - add_data[9] = record->ver[0]; - add_data[10] = record->ver[1]; - add_data[11] = (record->data_len >> 8) & 0xff; - add_data[12] = (record->data_len >> 0) & 0xff; - - /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t sign_mac_length = 0; - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, - transform_out->psa_mac_enc, - transform_out->psa_mac_alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[PSA_HASH_MAX_SIZE]; - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; - TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); -#endif - memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); - record->data_len += transform_out->maclen; - - return 0; - -exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_abort(&operation); -#endif - return -1; -} -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type, - const char *crt_file) -{ - (void) ticket_len; - -#if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_time(NULL) - 42; -#endif - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - - TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || - endpoint_type == MBEDTLS_SSL_IS_SERVER); - - session->endpoint = endpoint_type; - session->ciphersuite = 0xabcd; - session->id_len = sizeof(session->id); - memset(session->id, 66, session->id_len); - memset(session->master, 17, sizeof(session->master)); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) - if (crt_file != NULL && strlen(crt_file) != 0) { - mbedtls_x509_crt tmp_crt; - int ret; - - mbedtls_x509_crt_init(&tmp_crt); - ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); - if (ret != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Move temporary CRT. */ - session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); - if (session->peer_cert == NULL) { - return -1; - } - *session->peer_cert = tmp_crt; - memset(&tmp_crt, 0, sizeof(tmp_crt)); -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Calculate digest of temporary CRT. */ - session->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (session->peer_cert_digest == NULL) { - return -1; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); - size_t hash_size = 0; - psa_status_t status = psa_hash_compute( - psa_alg, tmp_crt.raw.p, - tmp_crt.raw.len, - session->peer_cert_digest, - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, - &hash_size); - ret = PSA_TO_MBEDTLS_ERR(status); -#else - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if (ret != 0) { - return ret; - } - session->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - session->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_x509_crt_free(&tmp_crt); - } -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - (void) crt_file; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - session->verify_result = 0xdeadbeef; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } - session->ticket_len = ticket_len; - session->ticket_lifetime = 86401; -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->ticket_creation_time = mbedtls_ms_time() - 42; - } -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - session->mfl_code = 1; -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - session->encrypt_then_mac = 1; -#endif - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type) -{ - ((void) ticket_len); - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; - session->ciphersuite = 0xabcd; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - session->ticket_age_add = 0x87654321; - session->ticket_flags = 0x7; - session->resumption_key_len = 32; - memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); - if (ret != 0) { - return -1; - } -#endif -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation_time = mbedtls_ms_time() - 42; -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_reception_time = mbedtls_ms_time() - 40; -#endif - session->ticket_lifetime = 0xfedcba98; - - session->ticket_len = ticket_len; - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - char hostname[] = "hostname example"; - session->hostname = mbedtls_calloc(1, sizeof(hostname)); - if (session->hostname == NULL) { - return -1; - } - memcpy(session->hostname, hostname, sizeof(hostname)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - session->max_early_data_size = 0x87654321; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - session->record_size_limit = 2048; -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -int mbedtls_test_ssl_exchange_data( - mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) -{ - unsigned char *msg_buf_1 = malloc(msg_len_1); - unsigned char *msg_buf_2 = malloc(msg_len_2); - unsigned char *in_buf_1 = malloc(msg_len_2); - unsigned char *in_buf_2 = malloc(msg_len_1); - int msg_type, ret = -1; - - /* Perform this test with two message types. At first use a message - * consisting of only 0x00 for the client and only 0xFF for the server. - * At the second time use message with generated data */ - for (msg_type = 0; msg_type < 2; msg_type++) { - int written_1 = 0; - int written_2 = 0; - int read_1 = 0; - int read_2 = 0; - int fragments_1 = 0; - int fragments_2 = 0; - - if (msg_type == 0) { - memset(msg_buf_1, 0x00, msg_len_1); - memset(msg_buf_2, 0xff, msg_len_2); - } else { - int i, j = 0; - for (i = 0; i < msg_len_1; i++) { - msg_buf_1[i] = j++ & 0xFF; - } - for (i = 0; i < msg_len_2; i++) { - msg_buf_2[i] = (j -= 5) & 0xFF; - } - } - - while (read_1 < msg_len_2 || read_2 < msg_len_1) { - /* ssl_1 sending */ - if (msg_len_1 > written_1) { - ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, - msg_len_1, &written_1, - expected_fragments_1); - if (expected_fragments_1 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_1 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_2 sending */ - if (msg_len_2 > written_2) { - ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, - msg_len_2, &written_2, - expected_fragments_2); - if (expected_fragments_2 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_2 = 0; - } else { - TEST_ASSERT(ret == 0); - } - } - - /* ssl_1 reading */ - if (read_1 < msg_len_2) { - ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, - msg_len_2, &read_1, - &fragments_2, - expected_fragments_2); - TEST_ASSERT(ret == 0); - } - - /* ssl_2 reading */ - if (read_2 < msg_len_1) { - ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, - msg_len_1, &read_2, - &fragments_1, - expected_fragments_1); - TEST_ASSERT(ret == 0); - } - } - - ret = -1; - TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_ASSERT(fragments_1 == expected_fragments_1); - TEST_ASSERT(fragments_2 == expected_fragments_2); - } - - ret = 0; - -exit: - free(msg_buf_1); - free(in_buf_1); - free(msg_buf_2); - free(in_buf_2); - - return ret; -} - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints - * must be initialized and connected beforehand. - * - * \retval 0 on success, otherwise error code. - */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - (defined(MBEDTLS_SSL_RENEGOTIATION) || \ - defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) -static int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) -{ - return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - (MBEDTLS_SSL_RENEGOTIATION || - MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int check_ssl_version( - mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *ssl) -{ - const char *version_string = mbedtls_ssl_get_version(ssl); - mbedtls_ssl_protocol_version version_number = - mbedtls_ssl_get_version_number(ssl); - - TEST_EQUAL(ssl->tls_version, expected_negotiated_version); - - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_EQUAL(version_string[0], 'D'); - ++version_string; - } - - switch (expected_negotiated_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); - TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); - break; - - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); - break; - - default: - TEST_FAIL( - "Version check not implemented for this protocol version"); - } - - return 1; - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options) -{ - /* forced_ciphersuite needs to last until the end of the handshake */ - int forced_ciphersuite[2]; - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int ret = -1; -#endif - int expected_handshake_result = options->expected_handshake_result; - - MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - } -#endif - - /* Client side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, &client_context, - &client_queue, - &server_queue) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL) == 0); - } - - if (strlen(options->cipher) > 0) { - set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); - } - - /* Server side */ - if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, &server_context, - &server_queue, - &client_queue) == 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL) == 0); - } - - mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) - == 0); -#else - TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - TEST_ASSERT(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client.conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - - if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { - expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) - == expected_handshake_result); - - if (expected_handshake_result != 0) { - /* Connection will have failed by this point, skip to cleanup */ - goto exit; - } - - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); - - /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), - &(client.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), - 0); - - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); - /* Check that both sides have negotiated the expected version. */ - mbedtls_test_set_step(0); - if (!check_ssl_version(options->expected_negotiated_version, - &client.ssl)) { - goto exit; - } - - mbedtls_test_set_step(1); - if (!check_ssl_version(options->expected_negotiated_version, - &server.ssl)) { - goto exit; - } - - if (options->expected_ciphersuite != 0) { - TEST_EQUAL(server.ssl.session->ciphersuite, - options->expected_ciphersuite); - } - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* A server, when using DTLS, might delay a buffer resize to happen - * after it receives a message, so we force it. */ - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (options->serialize == 1) { - TEST_ASSERT(options->dtls == 1); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, - 0, &context_buf_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, - context_buf_len, - &context_buf_len) - == 0); - - mbedtls_ssl_free(&(server.ssl)); - mbedtls_ssl_init(&(server.ssl)); - - TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); - - mbedtls_ssl_set_bio(&(server.ssl), &server_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - - mbedtls_ssl_set_user_data_p(&server.ssl, &server); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, - context_buf_len) == 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); - } - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - /* Start test with renegotiation */ - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client.ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); - -exit: - mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? &server_context : NULL); -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(0); - } -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_free(context_buf); - } -#endif - MD_OR_USE_PSA_DONE(); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_test_tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) -{ -/* - * The definition of the tweaks assume that the certificate list contains only - * one certificate. - */ - -/* - * struct { - * opaque cert_data<1..2^24-1>; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - */ - unsigned char *p_certificate_request_context_len = buf; - size_t certificate_request_context_len = buf[0]; - - unsigned char *p_certificate_list_len = - buf + 1 + certificate_request_context_len; - unsigned char *certificate_list = p_certificate_list_len + 3; - size_t certificate_list_len = - MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); - - unsigned char *p_cert_data_len = certificate_list; - unsigned char *cert_data = p_cert_data_len + 3; - size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); - - unsigned char *p_extensions_len = cert_data + cert_data_len; - unsigned char *extensions = p_extensions_len + 2; - size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); - - *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; - - switch (tweak) { - case 1: - /* Failure when checking if the certificate request context length - * and certificate list length can be read - */ - *end = buf + 3; - set_chk_buf_ptr_args(args, buf, *end, 4); - break; - - case 2: - /* Invalid certificate request context length. - */ - *p_certificate_request_context_len = - (unsigned char) certificate_request_context_len + 1; - reset_chk_buf_ptr_args(args); - break; - - case 3: - /* Failure when checking if certificate_list data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, certificate_list, *end, - certificate_list_len + 1); - break; - - case 4: - /* Failure when checking if the cert_data length can be read. */ - MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); - break; - - case 5: - /* Failure when checking if cert_data data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, - p_cert_data_len, 0); - set_chk_buf_ptr_args(args, cert_data, - certificate_list + certificate_list_len, - certificate_list_len - 3 + 1); - break; - - case 6: - /* Failure when checking if the extensions length can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args( - args, p_extensions_len, - certificate_list + certificate_list_len - extensions_len - 1, 2); - break; - - case 7: - /* Failure when checking if extensions data can be read. */ - MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); - - set_chk_buf_ptr_args( - args, extensions, - certificate_list + certificate_list_len, extensions_len + 1); - break; - - default: - return -1; - } - - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ - -/* - * Functions for tests based on tickets. Implementations of the - * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. - * Basically same implementations as in ticket.c without the encryption. That - * way we can tweak easily tickets characteristics to simulate misbehaving - * peers. - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_test_ticket_write( - void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *lifetime) -{ - int ret; - ((void) p_ticket); - - if ((ret = mbedtls_ssl_session_save(session, start, end - start, - tlen)) != 0) { - return ret; - } - - /* Maximum ticket lifetime as defined in RFC 8446 */ - *lifetime = 7 * 24 * 3600; - - return 0; -} - -int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len) -{ - ((void) p_ticket); - - return mbedtls_ssl_session_load(session, buf, len); -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_get_tls13_ticket( - mbedtls_test_handshake_test_options *client_options, - mbedtls_test_handshake_test_options *server_options, - mbedtls_ssl_session *session) -{ - int ret = -1; - unsigned char buf[64]; - mbedtls_test_ssl_endpoint client_ep, server_ep; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); - TEST_EQUAL(ret, 0); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - - return ret; -} -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh deleted file mode 100755 index 1c4fae729..000000000 --- a/tests/ssl-opt.sh +++ /dev/null @@ -1,14198 +0,0 @@ -#!/bin/sh - -# ssl-opt.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Executes tests to prove various TLS/SSL options and extensions. -# -# The goal is not to cover every ciphersuite/version, but instead to cover -# specific options (max fragment length, truncated hmac, etc) or procedures -# (session resumption from cache or ticket, renego, etc). -# -# The tests assume a build with default options, with exceptions expressed -# with a dependency. The tests focus on functionality and do not consider -# performance. -# - -set -u - -# Limit the size of each log to 10 GiB, in case of failures with this script -# where it may output seemingly unlimited length error logs. -ulimit -f 20971520 - -ORIGINAL_PWD=$PWD -if ! cd "$(dirname "$0")"; then - exit 125 -fi - -DATA_FILES_PATH=../framework/data_files - -# default values, can be overridden by the environment -: ${P_SRV:=../programs/ssl/ssl_server2} -: ${P_CLI:=../programs/ssl/ssl_client2} -: ${P_PXY:=../programs/test/udp_proxy} -: ${P_QUERY:=../programs/test/query_compile_time_config} -: ${OPENSSL:=openssl} -: ${GNUTLS_CLI:=gnutls-cli} -: ${GNUTLS_SERV:=gnutls-serv} -: ${PERL:=perl} - -# The OPENSSL variable used to be OPENSSL_CMD for historical reasons. -# To help the migration, error out if the old variable is set, -# but only if it has a different value than the new one. -if [ "${OPENSSL_CMD+set}" = set ]; then - # the variable is set, we can now check its value - if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then - echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 - exit 125 - fi -fi - -guess_config_name() { - if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then - echo "default" - else - echo "unknown" - fi -} -: ${MBEDTLS_TEST_OUTCOME_FILE=} -: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} -: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} -: ${EARLY_DATA_INPUT:="$DATA_FILES_PATH/tls13_early_data.txt"} - -O_SRV="$OPENSSL s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" -O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client" -G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" -G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" - -# alternative versions of OpenSSL and GnuTLS (no default path) - -# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well. -if [ -z "${OPENSSL_NEXT:-}" ]; then - case $($OPENSSL version) in - OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;; - OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;; - esac -fi - -# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well. -if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then - case $($GNUTLS_CLI --version) in - gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; - gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; - gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; - esac -fi - -# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well. -if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then - case $($GNUTLS_SERV --version) in - gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; - gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; - gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; - esac -fi - -if [ -n "${OPENSSL_NEXT:-}" ]; then - O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" - O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" - O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " - O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" - O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" -else - O_NEXT_SRV=false - O_NEXT_SRV_NO_CERT=false - O_NEXT_SRV_EARLY_DATA=false - O_NEXT_CLI_NO_CERT=false - O_NEXT_CLI=false -fi - -if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then - G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" - G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV" -else - G_NEXT_SRV=false - G_NEXT_SRV_NO_CERT=false -fi - -if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then - G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" - G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" -else - G_NEXT_CLI=false - G_NEXT_CLI_NO_CERT=false -fi - -TESTS=0 -FAILS=0 -SKIPS=0 - -CONFIG_H='../include/mbedtls/mbedtls_config.h' - -MEMCHECK=0 -FILTER='.*' -EXCLUDE='^$' - -SHOW_TEST_NUMBER=0 -LIST_TESTS=0 -RUN_TEST_NUMBER='' -RUN_TEST_SUITE='' - -MIN_TESTS=1 -PRESERVE_LOGS=0 - -# Pick a "unique" server port in the range 10000-19999, and a proxy -# port which is this plus 10000. Each port number may be independently -# overridden by a command line option. -SRV_PORT=$(($$ % 10000 + 10000)) -PXY_PORT=$((SRV_PORT + 10000)) - -print_usage() { - echo "Usage: $0 [options]" - printf " -h|--help\tPrint this help.\n" - printf " -m|--memcheck\tCheck memory leaks and errors.\n" - printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" - printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" - printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" - printf " -s|--show-numbers\tShow test numbers in front of test names\n" - printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" - printf " --list-test-cases\tList all potential test cases (No Execution)\n" - printf " --min \tMinimum number of non-skipped tests (default 1)\n" - printf " --outcome-file\tFile where test outcomes are written\n" - printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" - printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" - printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" - printf " --seed \tInteger seed value to use for this test run\n" - printf " --test-suite\tOnly matching test suites are executed\n" - printf " \t(comma-separated, e.g. 'ssl-opt,tls13-compat')\n\n" -} - -get_options() { - while [ $# -gt 0 ]; do - case "$1" in - -f|--filter) - shift; FILTER=$1 - ;; - -e|--exclude) - shift; EXCLUDE=$1 - ;; - -m|--memcheck) - MEMCHECK=1 - ;; - -n|--number) - shift; RUN_TEST_NUMBER=$1 - ;; - -s|--show-numbers) - SHOW_TEST_NUMBER=1 - ;; - -l|--list-test-cases) - LIST_TESTS=1 - ;; - -p|--preserve-logs) - PRESERVE_LOGS=1 - ;; - --min) - shift; MIN_TESTS=$1 - ;; - --outcome-file) - shift; MBEDTLS_TEST_OUTCOME_FILE=$1 - ;; - --port) - shift; SRV_PORT=$1 - ;; - --proxy-port) - shift; PXY_PORT=$1 - ;; - --seed) - shift; SEED="$1" - ;; - --test-suite) - shift; RUN_TEST_SUITE="$1" - ;; - -h|--help) - print_usage - exit 0 - ;; - *) - echo "Unknown argument: '$1'" - print_usage - exit 1 - ;; - esac - shift - done -} - -get_options "$@" - -# Read boolean configuration options from mbedtls_config.h for easy and quick -# testing. Skip non-boolean options (with something other than spaces -# and a comment after "#define SYMBOL"). The variable contains a -# space-separated list of symbols. The list should always be -# terminated by a single whitespace character, otherwise the last entry -# will not get matched by the parsing regex. -if [ "$LIST_TESTS" -eq 0 ];then - CONFIGS_ENABLED=" $(echo `$P_QUERY -l` ) " -else - P_QUERY=":" - CONFIGS_ENABLED="" -fi -# Skip next test; use this macro to skip tests which are legitimate -# in theory and expected to be re-introduced at some point, but -# aren't expected to succeed at the moment due to problems outside -# our control (such as bugs in other TLS implementations). -skip_next_test() { - SKIP_NEXT="YES" -} - -# Check if the required configuration ($1) is enabled -is_config_enabled() -{ - case $CONFIGS_ENABLED in - *" $1"[\ =]*) return 0;; - *) return 1;; - esac -} - -# skip next test if the flag is not enabled in mbedtls_config.h -requires_config_enabled() { - case $CONFIGS_ENABLED in - *" $1"[\ =]*) :;; - *) SKIP_NEXT="YES";; - esac -} - -# skip next test if the flag is enabled in mbedtls_config.h -requires_config_disabled() { - case $CONFIGS_ENABLED in - *" $1"[\ =]*) SKIP_NEXT="YES";; - esac -} - -requires_all_configs_enabled() { - for x in "$@"; do - if ! is_config_enabled "$x"; then - SKIP_NEXT="YES" - return - fi - done -} - -requires_all_configs_disabled() { - for x in "$@"; do - if is_config_enabled "$x"; then - SKIP_NEXT="YES" - return - fi - done -} - -requires_any_configs_enabled() { - for x in "$@"; do - if is_config_enabled "$x"; then - return - fi - done - SKIP_NEXT="YES" -} - -requires_any_configs_disabled() { - for x in "$@"; do - if ! is_config_enabled "$x"; then - return - fi - done - SKIP_NEXT="YES" -} - -TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" - -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" - -TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - -requires_certificate_authentication () { - if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 - then - # TLS 1.3 is negotiated by default, so check whether it supports - # certificate-based authentication. - requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - else # Only TLS 1.2 is enabled. - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - fi -} - -get_config_value_or_default() { - # This function uses the query_config command line option to query the - # required Mbed TLS compile time configuration from the ssl_server2 - # program. The command will always return a success value if the - # configuration is defined and the value will be printed to stdout. - # - # Note that if the configuration is not defined or is defined to nothing, - # the output of this function will be an empty string. - if [ "$LIST_TESTS" -eq 0 ];then - ${P_SRV} "query_config=${1}" - else - echo "1" - fi - -} - -requires_config_value_at_least() { - VAL="$( get_config_value_or_default "$1" )" - if [ -z "$VAL" ]; then - # Should never happen - echo "Mbed TLS configuration $1 is not defined" - exit 1 - elif [ "$VAL" -lt "$2" ]; then - SKIP_NEXT="YES" - fi -} - -requires_config_value_at_most() { - VAL=$( get_config_value_or_default "$1" ) - if [ -z "$VAL" ]; then - # Should never happen - echo "Mbed TLS configuration $1 is not defined" - exit 1 - elif [ "$VAL" -gt "$2" ]; then - SKIP_NEXT="YES" - fi -} - -requires_config_value_equals() { - VAL=$( get_config_value_or_default "$1" ) - if [ -z "$VAL" ]; then - # Should never happen - echo "Mbed TLS configuration $1 is not defined" - exit 1 - elif [ "$VAL" -ne "$2" ]; then - SKIP_NEXT="YES" - fi -} - -# Require Mbed TLS to support the given protocol version. -# -# Inputs: -# * $1: protocol version in mbedtls syntax (argument to force_version=) -requires_protocol_version() { - # Support for DTLS is detected separately in detect_dtls(). - case "$1" in - tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; - tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;; - *) echo "Unknown required protocol version: $1"; exit 1;; - esac -} - -# Space-separated list of ciphersuites supported by this build of -# Mbed TLS. -P_CIPHERSUITES="" -if [ "$LIST_TESTS" -eq 0 ]; then - P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null | - grep 'TLS-\|TLS1-3' | - tr -s ' \n' ' ')" - - if [ -z "${P_CIPHERSUITES# }" ]; then - echo >&2 "$0: fatal error: no cipher suites found!" - exit 125 - fi -fi - -requires_ciphersuite_enabled() { - case $P_CIPHERSUITES in - *" $1 "*) :;; - *) SKIP_NEXT="YES";; - esac -} - -requires_cipher_enabled() { - KEY_TYPE=$1 - MODE=${2:-} - case "$KEY_TYPE" in - CHACHA20) - requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 - requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20 - ;; - *) - requires_config_enabled PSA_WANT_ALG_${MODE} - requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE} - ;; - esac -} - -# Automatically detect required features based on command line parameters. -# Parameters are: -# - $1 = command line (call to a TLS client or server program) -# - $2 = client/server -# - $3 = TLS version (TLS12 or TLS13) -# - $4 = Use an external tool without ECDH support -# - $5 = run test options -detect_required_features() { - CMD_LINE=$1 - ROLE=$2 - TLS_VERSION=$3 - EXT_WO_ECDH=$4 - TEST_OPTIONS=${5:-} - - case "$CMD_LINE" in - *\ force_version=*) - tmp="${CMD_LINE##*\ force_version=}" - tmp="${tmp%%[!-0-9A-Z_a-z]*}" - requires_protocol_version "$tmp";; - esac - - case "$CMD_LINE" in - *\ force_ciphersuite=*) - tmp="${CMD_LINE##*\ force_ciphersuite=}" - tmp="${tmp%%[!-0-9A-Z_a-z]*}" - requires_ciphersuite_enabled "$tmp";; - esac - - case " $CMD_LINE " in - *[-_\ =]tickets=[^0]*) - requires_config_enabled MBEDTLS_SSL_TICKET_C;; - esac - case " $CMD_LINE " in - *[-_\ =]alpn=*) - requires_config_enabled MBEDTLS_SSL_ALPN;; - esac - - case " $CMD_LINE " in - *\ auth_mode=*|*[-_\ =]crt[_=]*) - # The test case involves certificates (crt), or a relevant - # aspect of it is the (certificate-based) authentication mode. - requires_certificate_authentication;; - esac - - case " $CMD_LINE " in - *"programs/ssl/dtls_client "*|\ - *"programs/ssl/ssl_client1 "*) - requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_ENTROPY_C - requires_config_enabled MBEDTLS_PEM_PARSE_C - requires_config_enabled MBEDTLS_SSL_CLI_C - requires_certificate_authentication - ;; - *"programs/ssl/dtls_server "*|\ - *"programs/ssl/ssl_fork_server "*|\ - *"programs/ssl/ssl_pthread_server "*|\ - *"programs/ssl/ssl_server "*) - requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_ENTROPY_C - requires_config_enabled MBEDTLS_PEM_PARSE_C - requires_config_enabled MBEDTLS_SSL_SRV_C - requires_certificate_authentication - # The actual minimum depends on the configuration since it's - # mostly about the certificate size. - # In config-suite-b.h, for the test certificates (server5.crt), - # 1024 is not enough. - requires_config_value_at_least MBEDTLS_SSL_OUT_CONTENT_LEN 2000 - ;; - esac - - case " $CMD_LINE " in - *"programs/ssl/ssl_pthread_server "*) - requires_config_enabled MBEDTLS_THREADING_PTHREAD;; - esac - - case "$CMD_LINE" in - *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK - */server5*|\ - */server7*|\ - */dir-maxpath*) - requires_certificate_authentication - if [ "$TLS_VERSION" = "TLS13" ]; then - # In case of TLS13 the support for ECDSA is enough - requires_pk_alg "ECDSA" - else - # For TLS12 requirements are different between server and client - if [ "$ROLE" = "server" ]; then - # If the server uses "server5*" certificates, then an ECDSA based - # key exchange is required. However gnutls also does not - # support ECDH, so this limit the choice to ECDHE-ECDSA - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - fi - elif [ "$ROLE" = "client" ]; then - # On the client side it is enough to have any certificate - # based authentication together with support for ECDSA. - # Of course the GnuTLS limitation mentioned above applies - # also here. - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - fi - requires_pk_alg "ECDSA" - fi - fi - ;; - esac - - case "$CMD_LINE" in - *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK - */server1*|\ - */server2*|\ - */server7*) - requires_certificate_authentication - # Certificates with an RSA key. The algorithm requirement is - # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, - # PSS signature}. We can't easily tell which subset works, and - # we aren't currently running ssl-opt.sh in configurations - # where partial RSA support is a problem, so generically, we - # just require RSA and it works out for our tests so far. - requires_config_enabled "MBEDTLS_RSA_C" - esac - - unset tmp -} - -adapt_cmd_for_psk () { - case "$2" in - *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; - *openssl*) s='-psk 73776f726466697368';; - *gnutls-cli*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; - *gnutls-serv*) s='--pskpasswd=../framework/data_files/simplepass.psk';; - *) s='psk=73776f726466697368';; - esac - eval $1='"$2 $s"' - unset s -} - -# maybe_adapt_for_psk [RUN_TEST_OPTION...] -# If running in a PSK-only build, maybe adapt the test to use a pre-shared key. -# -# If not running in a PSK-only build, do nothing. -# If the test looks like it doesn't use a pre-shared key but can run with a -# pre-shared key, pass a pre-shared key. If the test looks like it can't run -# with a pre-shared key, skip it. If the test looks like it's already using -# a pre-shared key, do nothing. -# -# This code does not consider builds with ECDHE-PSK. -# -# Inputs: -# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. -# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges). -# * "$@": options passed to run_test. -# -# Outputs: -# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments. -# * $SKIP_NEXT: set to YES if the test can't run with PSK. -maybe_adapt_for_psk() { - if [ "$PSK_ONLY" != "YES" ]; then - return - fi - if [ "$SKIP_NEXT" = "YES" ]; then - return - fi - case "$CLI_CMD $SRV_CMD" in - *[-_\ =]psk*|*[-_\ =]PSK*) - return;; - *force_ciphersuite*) - # The test case forces a non-PSK cipher suite. In some cases, a - # PSK cipher suite could be substituted, but we're not ready for - # that yet. - SKIP_NEXT="YES" - return;; - *\ auth_mode=*|*[-_\ =]crt[_=]*) - # The test case involves certificates. PSK won't do. - SKIP_NEXT="YES" - return;; - esac - adapt_cmd_for_psk CLI_CMD "$CLI_CMD" - adapt_cmd_for_psk SRV_CMD "$SRV_CMD" -} - -# PSK_PRESENT="YES" if at least one protocol versions supports at least -# one PSK key exchange mode. -PSK_PRESENT="NO" -# PSK_ONLY="YES" if all the available key exchange modes are PSK-based -# (pure-PSK or PSK-ephemeral, possibly both). -PSK_ONLY="" -for c in $CONFIGS_ENABLED; do - case $c in - MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_KEY_EXCHANGE_*_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; - esac -done -# At this stage, $PSK_ONLY is empty if we haven't detected a non-PSK -# key exchange, i.e. if we're in a PSK-only build or a build with no -# key exchanges at all. We avoid triggering PSK-only adaptation code in -# the edge case of no key exchanges. -: ${PSK_ONLY:=$PSK_PRESENT} -unset c - -HAS_ALG_MD5="NO" -HAS_ALG_SHA_1="NO" -HAS_ALG_SHA_224="NO" -HAS_ALG_SHA_256="NO" -HAS_ALG_SHA_384="NO" -HAS_ALG_SHA_512="NO" - -check_for_hash_alg() -{ - CURR_ALG="INVALID"; - CURR_ALG=PSA_WANT_ALG_${1} - - case $CONFIGS_ENABLED in - *" $CURR_ALG"[\ =]*) - return 0 - ;; - *) :;; - esac - return 1 -} - -populate_enabled_hash_algs() -{ - for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512 MD5; do - if check_for_hash_alg "$hash_alg"; then - hash_alg_variable=HAS_ALG_${hash_alg} - eval ${hash_alg_variable}=YES - fi - done -} - -# skip next test if the given hash alg is not supported -requires_hash_alg() { - HASH_DEFINE="Invalid" - HAS_HASH_ALG="NO" - case $1 in - MD5):;; - SHA_1):;; - SHA_224):;; - SHA_256):;; - SHA_384):;; - SHA_512):;; - *) - echo "Unsupported hash alg - $1" - exit 1 - ;; - esac - - HASH_DEFINE=HAS_ALG_${1} - eval "HAS_HASH_ALG=\${${HASH_DEFINE}}" - if [ "$HAS_HASH_ALG" = "NO" ] - then - SKIP_NEXT="YES" - fi -} - -# Skip next test if the given pk alg is not enabled -requires_pk_alg() { - case $1 in - ECDSA) - requires_config_enabled PSA_WANT_ALG_ECDSA - ;; - *) - echo "Unknown/unimplemented case $1 in requires_pk_alg" - exit 1 - ;; - esac -} - -# skip next test if OpenSSL doesn't support FALLBACK_SCSV -requires_openssl_with_fallback_scsv() { - if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then - if $OPENSSL s_client -help 2>&1 | grep fallback_scsv >/dev/null - then - OPENSSL_HAS_FBSCSV="YES" - else - OPENSSL_HAS_FBSCSV="NO" - fi - fi - if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value -requires_max_content_len() { - requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 - requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 -} - -# skip next test if GnuTLS isn't available -requires_gnutls() { - if [ -z "${GNUTLS_AVAILABLE:-}" ]; then - if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then - GNUTLS_AVAILABLE="YES" - else - GNUTLS_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if GnuTLS-next isn't available -requires_gnutls_next() { - if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then - if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then - GNUTLS_NEXT_AVAILABLE="YES" - else - GNUTLS_NEXT_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -requires_openssl_next() { - if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then - if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then - OPENSSL_NEXT_AVAILABLE="YES" - else - OPENSSL_NEXT_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if openssl version is lower than 3.0 -requires_openssl_3_x() { - requires_openssl_next - if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then - OPENSSL_3_X_AVAILABLE="NO" - fi - if [ -z "${OPENSSL_3_X_AVAILABLE:-}" ]; then - if $OPENSSL_NEXT version 2>&1 | grep "OpenSSL 3." >/dev/null - then - OPENSSL_3_X_AVAILABLE="YES" - else - OPENSSL_3_X_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if openssl does not support ffdh keys -requires_openssl_tls1_3_with_ffdh() { - requires_openssl_3_x -} - -# skip next test if openssl cannot handle ephemeral key exchange -requires_openssl_tls1_3_with_compatible_ephemeral() { - requires_openssl_next - - if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then - requires_openssl_tls1_3_with_ffdh - fi -} - -# skip next test if tls1_3 is not available -requires_openssl_tls1_3() { - requires_openssl_next - if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then - OPENSSL_TLS1_3_AVAILABLE="NO" - fi - if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then - if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null - then - OPENSSL_TLS1_3_AVAILABLE="YES" - else - OPENSSL_TLS1_3_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# OpenSSL servers forbid client renegotiation by default since OpenSSL 3.0. -# Older versions always allow it and have no command-line option. -OPENSSL_S_SERVER_CLIENT_RENEGOTIATION= -case $($OPENSSL s_server -help 2>&1) in - *-client_renegotiation*) - OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;; -esac - -# skip next test if tls1_3 is not available -requires_gnutls_tls1_3() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_TLS1_3_AVAILABLE="NO" - fi - if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then - if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null - then - GNUTLS_TLS1_3_AVAILABLE="YES" - else - GNUTLS_TLS1_3_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# Check %NO_TICKETS option -requires_gnutls_next_no_ticket() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_NO_TICKETS_AVAILABLE="NO" - fi - if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then - if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null - then - GNUTLS_NO_TICKETS_AVAILABLE="YES" - else - GNUTLS_NO_TICKETS_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# Check %DISABLE_TLS13_COMPAT_MODE option -requires_gnutls_next_disable_tls13_compat() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" - fi - if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then - if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null - then - GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES" - else - GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if GnuTLS does not support the record size limit extension -requires_gnutls_record_size_limit() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO" - else - GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES" - fi - if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if IPv6 isn't available on this host -requires_ipv6() { - if [ -z "${HAS_IPV6:-}" ]; then - $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & - SRV_PID=$! - sleep 1 - kill $SRV_PID >/dev/null 2>&1 - if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then - HAS_IPV6="NO" - else - HAS_IPV6="YES" - fi - rm -r $SRV_OUT - fi - - if [ "$HAS_IPV6" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if it's i686 or uname is not available -requires_not_i686() { - if [ -z "${IS_I686:-}" ]; then - IS_I686="YES" - if which "uname" >/dev/null 2>&1; then - if [ -z "$(uname -a | grep i686)" ]; then - IS_I686="NO" - fi - fi - fi - if [ "$IS_I686" = "YES" ]; then - SKIP_NEXT="YES" - fi -} - -MAX_CONTENT_LEN=16384 -MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) -MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) -if [ "$LIST_TESTS" -eq 0 ];then - # Calculate the input & output maximum content lengths set in the config - - # Calculate the maximum content length that fits both - if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then - MAX_CONTENT_LEN="$MAX_IN_LEN" - fi - if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then - MAX_CONTENT_LEN="$MAX_OUT_LEN" - fi -fi -# skip the next test if the SSL output buffer is less than 16KB -requires_full_size_output_buffer() { - if [ "$MAX_OUT_LEN" -ne 16384 ]; then - SKIP_NEXT="YES" - fi -} - -# Skip the next test if called by all.sh in a component with MSan -# (which we also call MemSan) or Valgrind. -not_with_msan_or_valgrind() { - case "_${MBEDTLS_TEST_CONFIGURATION:-}_" in - *_msan_*|*_memsan_*|*_valgrind_*) SKIP_NEXT="YES";; - esac -} - -# skip the next test if valgrind is in use -not_with_valgrind() { - if [ "$MEMCHECK" -gt 0 ]; then - SKIP_NEXT="YES" - fi -} - -# skip the next test if valgrind is NOT in use -only_with_valgrind() { - if [ "$MEMCHECK" -eq 0 ]; then - SKIP_NEXT="YES" - fi -} - -# multiply the client timeout delay by the given factor for the next test -client_needs_more_time() { - CLI_DELAY_FACTOR=$1 -} - -# wait for the given seconds after the client finished in the next test -server_needs_more_time() { - SRV_DELAY_SECONDS=$1 -} - -# print_name -print_name() { - TESTS=$(( $TESTS + 1 )) - LINE="" - - if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then - LINE="$TESTS " - fi - - LINE="$LINE$1" - - printf "%s " "$LINE" - LEN=$(( 72 - `echo "$LINE" | wc -c` )) - for i in `seq 1 $LEN`; do printf '.'; done - printf ' ' - -} - -# record_outcome [] -# The test name must be in $NAME. -# Use $TEST_SUITE_NAME as the test suite name if set. -record_outcome() { - echo "$1" - if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then - printf '%s;%s;%s;%s;%s;%s\n' \ - "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ - "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \ - "$1" "${2-}" \ - >>"$MBEDTLS_TEST_OUTCOME_FILE" - fi -} -unset TEST_SUITE_NAME - -# True if the presence of the given pattern in a log definitely indicates -# that the test has failed. False if the presence is inconclusive. -# -# Inputs: -# * $1: pattern found in the logs -# * $TIMES_LEFT: >0 if retrying is an option -# -# Outputs: -# * $outcome: set to a retry reason if the pattern is inconclusive, -# unchanged otherwise. -# * Return value: 1 if the pattern is inconclusive, -# 0 if the failure is definitive. -log_pattern_presence_is_conclusive() { - # If we've run out of attempts, then don't retry no matter what. - if [ $TIMES_LEFT -eq 0 ]; then - return 0 - fi - case $1 in - "resend") - # An undesired resend may have been caused by the OS dropping or - # delaying a packet at an inopportune time. - outcome="RETRY(resend)" - return 1;; - esac -} - -# fail -fail() { - record_outcome "FAIL" "$1" - echo " ! $1" - - mv $SRV_OUT o-srv-${TESTS}.log - mv $CLI_OUT o-cli-${TESTS}.log - if [ -n "$PXY_CMD" ]; then - mv $PXY_OUT o-pxy-${TESTS}.log - fi - echo " ! outputs saved to o-XXX-${TESTS}.log" - - if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then - echo " ! server output:" - cat o-srv-${TESTS}.log - echo " ! ========================================================" - echo " ! client output:" - cat o-cli-${TESTS}.log - if [ -n "$PXY_CMD" ]; then - echo " ! ========================================================" - echo " ! proxy output:" - cat o-pxy-${TESTS}.log - fi - echo "" - fi - - FAILS=$(( $FAILS + 1 )) -} - -# is_polar -is_polar() { - case "$1" in - *ssl_client2*) true;; - *ssl_server2*) true;; - *) false;; - esac -} - -# openssl s_server doesn't have -www with DTLS -check_osrv_dtls() { - case "$SRV_CMD" in - *s_server*-dtls*) - NEEDS_INPUT=1 - SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; - *) NEEDS_INPUT=0;; - esac -} - -# provide input to commands that need it -provide_input() { - if [ $NEEDS_INPUT -eq 0 ]; then - return - fi - - while true; do - echo "HTTP/1.0 200 OK" - sleep 1 - done -} - -# has_mem_err -has_mem_err() { - if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && - grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null - then - return 1 # false: does not have errors - else - return 0 # true: has errors - fi -} - -# Wait for process $2 named $3 to be listening on port $1. Print error to $4. -if type lsof >/dev/null 2>/dev/null; then - wait_app_start() { - newline=' -' - START_TIME=$(date +%s) - if [ "$DTLS" -eq 1 ]; then - proto=UDP - else - proto=TCP - fi - # Make a tight loop, server normally takes less than 1s to start. - while true; do - SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t) - # When we use a proxy, it will be listening on the same port we - # are checking for as well as the server and lsof will list both. - case ${newline}${SERVER_PIDS}${newline} in - *${newline}${2}${newline}*) break;; - esac - if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "$3 START TIMEOUT" - echo "$3 START TIMEOUT" >> $4 - break - fi - # Linux and *BSD support decimal arguments to sleep. On other - # OSes this may be a tight loop. - sleep 0.1 2>/dev/null || true - done - } -else - echo "Warning: lsof not available, wait_app_start = sleep" - wait_app_start() { - sleep "$START_DELAY" - } -fi - -# Wait for server process $2 to be listening on port $1. -wait_server_start() { - wait_app_start $1 $2 "SERVER" $SRV_OUT -} - -# Wait for proxy process $2 to be listening on port $1. -wait_proxy_start() { - wait_app_start $1 $2 "PROXY" $PXY_OUT -} - -# Given the client or server debug output, parse the unix timestamp that is -# included in the first 4 bytes of the random bytes and check that it's within -# acceptable bounds -check_server_hello_time() { - # Extract the time from the debug (lvl 3) output of the client - SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" - # Get the Unix timestamp for now - CUR_TIME=$(date +'%s') - THRESHOLD_IN_SECS=300 - - # Check if the ServerHello time was printed - if [ -z "$SERVER_HELLO_TIME" ]; then - return 1 - fi - - # Check the time in ServerHello is within acceptable bounds - if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minutes before now - return 1 - elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minutes later than now - return 1 - else - return 0 - fi -} - -# Get handshake memory usage from server or client output and put it into the variable specified by the first argument -handshake_memory_get() { - OUTPUT_VARIABLE="$1" - OUTPUT_FILE="$2" - - # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112" - MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1) - - # Check if memory usage was read - if [ -z "$MEM_USAGE" ]; then - echo "Error: Can not read the value of handshake memory usage" - return 1 - else - eval "$OUTPUT_VARIABLE=$MEM_USAGE" - return 0 - fi -} - -# Get handshake memory usage from server or client output and check if this value -# is not higher than the maximum given by the first argument -handshake_memory_check() { - MAX_MEMORY="$1" - OUTPUT_FILE="$2" - - # Get memory usage - if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then - return 1 - fi - - # Check if memory usage is below max value - if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then - echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \ - "but should be below $MAX_MEMORY bytes" - return 1 - else - return 0 - fi -} - -# wait for client to terminate and set CLI_EXIT -# must be called right after starting the client -wait_client_done() { - CLI_PID=$! - - CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) - CLI_DELAY_FACTOR=1 - - ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & - DOG_PID=$! - - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to CLI_OUT - wait $CLI_PID >> $CLI_OUT 2>&1 - CLI_EXIT=$? - - kill $DOG_PID >/dev/null 2>&1 - wait $DOG_PID >> $CLI_OUT 2>&1 - - echo "EXIT: $CLI_EXIT" >> $CLI_OUT - - sleep $SRV_DELAY_SECONDS - SRV_DELAY_SECONDS=0 -} - -# check if the given command uses dtls and sets global variable DTLS -detect_dtls() { - case "$1" in - *dtls=1*|*-dtls*|*-u*|*/dtls_*) DTLS=1;; - *) DTLS=0;; - esac -} - -# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS -is_gnutls() { - case "$1" in - *gnutls-cli*) - CMD_IS_GNUTLS=1 - ;; - *gnutls-serv*) - CMD_IS_GNUTLS=1 - ;; - *) - CMD_IS_GNUTLS=0 - ;; - esac -} - -# Some external tools (gnutls or openssl) might not have support for static ECDH -# and this limit the tests that can be run with them. This function checks server -# and client command lines, given as input, to verify if the current test -# is using one of these tools. -use_ext_tool_without_ecdh_support() { - case "$1" in - *$GNUTLS_SERV*|\ - *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - case "$2" in - *$GNUTLS_CLI*|\ - *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - echo "no" -} - -# Generate random psk_list argument for ssl_server2 -get_srv_psk_list () -{ - case $(( TESTS % 3 )) in - 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; - 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; - 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; - esac -} - -# Determine what calc_verify trace is to be expected, if any. -# -# calc_verify is only called for two things: to calculate the -# extended master secret, and to process client authentication. -# -# Warning: the current implementation assumes that extended_ms is not -# disabled on the client or on the server. -# -# Inputs: -# * $1: the value of the server auth_mode parameter. -# 'required' if client authentication is expected, -# 'none' or absent if not. -# * $CONFIGS_ENABLED -# -# Outputs: -# * $maybe_calc_verify: set to a trace expected in the debug logs -set_maybe_calc_verify() { - maybe_calc_verify= - case $CONFIGS_ENABLED in - *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; - *) - case ${1-} in - ''|none) return;; - required) :;; - *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; - esac - esac - maybe_calc_verify="PSA calc verify" -} - -# Compare file content -# Usage: find_in_both pattern file1 file2 -# extract from file1 the first line matching the pattern -# check in file2 that the same line can be found -find_in_both() { - srv_pattern=$(grep -m 1 "$1" "$2"); - if [ -z "$srv_pattern" ]; then - return 1; - fi - - if grep "$srv_pattern" $3 >/dev/null; then : - return 0; - else - return 1; - fi -} - -SKIP_HANDSHAKE_CHECK="NO" -skip_handshake_stage_check() { - SKIP_HANDSHAKE_CHECK="YES" -} - -# Analyze the commands that will be used in a test. -# -# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass -# extra arguments or go through wrappers. -# -# Inputs: -# * $@: supplemental options to run_test() (after the mandatory arguments). -# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands. -# * $DTLS: 1 if DTLS, otherwise 0. -# -# Outputs: -# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked. -analyze_test_commands() { - # If the test uses DTLS, does not force a specific port, and does not - # specify a custom proxy, add a simple proxy. - # It provides timing info that's useful to debug failures. - if [ "$DTLS" -eq 1 ] && - [ "$THIS_SRV_PORT" = "$SRV_PORT" ] && - [ -z "$PXY_CMD" ] - then - PXY_CMD="$P_PXY" - case " $SRV_CMD " in - *' server_addr=::1 '*) - PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; - esac - fi - - # update CMD_IS_GNUTLS variable - is_gnutls "$SRV_CMD" - - # if the server uses gnutls but doesn't set priority, explicitly - # set the default priority - if [ "$CMD_IS_GNUTLS" -eq 1 ]; then - case "$SRV_CMD" in - *--priority*) :;; - *) SRV_CMD="$SRV_CMD --priority=NORMAL";; - esac - fi - - # update CMD_IS_GNUTLS variable - is_gnutls "$CLI_CMD" - - # if the client uses gnutls but doesn't set priority, explicitly - # set the default priority - if [ "$CMD_IS_GNUTLS" -eq 1 ]; then - case "$CLI_CMD" in - *--priority*) :;; - *) CLI_CMD="$CLI_CMD --priority=NORMAL";; - esac - fi - - # fix client port - if [ -n "$PXY_CMD" ]; then - CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) - else - CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$THIS_SRV_PORT/g ) - fi - - # If the test forces a specific port and the server is OpenSSL or - # GnuTLS, override its port specification. - if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then - case "$SRV_CMD" in - "$G_SRV"*|"$G_NEXT_SRV"*) - SRV_CMD=$( - printf %s "$SRV_CMD " | - sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /" - );; - "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";; - esac - fi - - # prepend valgrind to our commands if active - if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SRV_CMD"; then - SRV_CMD="valgrind --leak-check=full $SRV_CMD" - fi - if is_polar "$CLI_CMD"; then - CLI_CMD="valgrind --leak-check=full $CLI_CMD" - fi - fi -} - -# Check for failure conditions after a test case. -# -# Inputs from run_test: -# * positional parameters: test options (see run_test documentation) -# * $CLI_EXIT: client return code -# * $CLI_EXPECT: expected client return code -# * $SRV_RET: server return code -# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs -# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed -# -# Outputs: -# * $outcome: one of PASS/RETRY*/FAIL -check_test_failure() { - outcome=FAIL - - if [ $TIMES_LEFT -gt 0 ] && - grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null - then - outcome="RETRY(client-timeout)" - return - fi - - # check if the client and server went at least to the handshake stage - # (useful to avoid tests with only negative assertions and non-zero - # expected client exit to incorrectly succeed in case of catastrophic - # failure) - if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] - then - if is_polar "$SRV_CMD"; then - if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; - else - fail "server or client failed to reach handshake stage" - return - fi - fi - if is_polar "$CLI_CMD"; then - if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; - else - fail "server or client failed to reach handshake stage" - return - fi - fi - fi - - SKIP_HANDSHAKE_CHECK="NO" - # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't - # exit with status 0 when interrupted by a signal, and we don't really - # care anyway), in case e.g. the server reports a memory leak. - if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then - fail "Server exited with status $SRV_RET" - return - fi - - # check client exit code - if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ - \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] - then - fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" - return - fi - - # check other assertions - # lines beginning with == are added by valgrind, ignore them - # lines with 'Serious error when reading debug info', are valgrind issues as well - while [ $# -gt 0 ] - do - case $1 in - "-s") - if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the Server output" - return - fi - ;; - - "-c") - if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the Client output" - return - fi - ;; - - "-S") - if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - if log_pattern_presence_is_conclusive "$2"; then - fail "pattern '$2' MUST NOT be present in the Server output" - fi - return - fi - ;; - - "-C") - if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - if log_pattern_presence_is_conclusive "$2"; then - fail "pattern '$2' MUST NOT be present in the Client output" - fi - return - fi - ;; - - # The filtering in the following two options (-u and -U) do the following - # - ignore valgrind output - # - filter out everything but lines right after the pattern occurrences - # - keep one of each non-unique line - # - count how many lines remain - # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 - # if there were no duplicates. - "-U") - if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then - fail "lines following pattern '$2' must be unique in Server output" - return - fi - ;; - - "-u") - if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then - fail "lines following pattern '$2' must be unique in Client output" - return - fi - ;; - "-F") - if ! $2 "$SRV_OUT"; then - fail "function call to '$2' failed on Server output" - return - fi - ;; - "-f") - if ! $2 "$CLI_OUT"; then - fail "function call to '$2' failed on Client output" - return - fi - ;; - "-g") - if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then - fail "function call to '$2' failed on Server and Client output" - return - fi - ;; - - *) - echo "Unknown test: $1" >&2 - exit 1 - esac - shift 2 - done - - # check valgrind's results - if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then - fail "Server has memory errors" - return - fi - if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then - fail "Client has memory errors" - return - fi - fi - - # if we're here, everything is ok - outcome=PASS -} - -# Run the current test case: start the server and if applicable the proxy, run -# the client, wait for all processes to finish or time out. -# -# Inputs: -# * $NAME: test case name -# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run -# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs -# -# Outputs: -# * $CLI_EXIT: client return code -# * $SRV_RET: server return code -do_run_test_once() { - # run the commands - if [ -n "$PXY_CMD" ]; then - printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT - $PXY_CMD >> $PXY_OUT 2>&1 & - PXY_PID=$! - wait_proxy_start "$PXY_PORT" "$PXY_PID" - fi - - check_osrv_dtls - printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT - provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & - SRV_PID=$! - wait_server_start "$THIS_SRV_PORT" "$SRV_PID" - - printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT - # The client must be a subprocess of the script in order for killing it to - # work properly, that's why the ampersand is placed inside the eval command, - # not at the end of the line: the latter approach will spawn eval as a - # subprocess, and the $CLI_CMD as a grandchild. - eval "$CLI_CMD &" >> $CLI_OUT 2>&1 - wait_client_done - - sleep 0.05 - - # terminate the server (and the proxy) - kill $SRV_PID - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to SRV_OUT - wait $SRV_PID >> $SRV_OUT 2>&1 - SRV_RET=$? - - if [ -n "$PXY_CMD" ]; then - kill $PXY_PID >/dev/null 2>&1 - wait $PXY_PID >> $PXY_OUT 2>&1 - fi -} - -# Detect if the current test is going to use TLS 1.3 or TLS 1.2. -# $1 and $2 contain the server and client command lines, respectively. -# -# Note: this function only provides some guess about TLS version by simply -# looking at the server/client command lines. Even though this works -# for the sake of tests' filtering (especially in conjunction with the -# detect_required_features() function), it does NOT guarantee that the -# result is accurate. It does not check other conditions, such as: -# - we can force a ciphersuite which contains "WITH" in its name, meaning -# that we are going to use TLS 1.2 -# - etc etc -get_tls_version() { - # First check if the version is forced on an Mbed TLS peer - case $1 in - *tls12*) - echo "TLS12" - return;; - *tls13*) - echo "TLS13" - return;; - esac - case $2 in - *tls12*) - echo "TLS12" - return;; - *tls13*) - echo "TLS13" - return;; - esac - # Second check if the version is forced on an OpenSSL or GnuTLS peer - case $1 in - tls1_2*) - echo "TLS12" - return;; - *tls1_3) - echo "TLS13" - return;; - esac - case $2 in - *tls1_2) - echo "TLS12" - return;; - *tls1_3) - echo "TLS13" - return;; - esac - # Third if the version is not forced, if TLS 1.3 is enabled then the test - # is aimed to run a TLS 1.3 handshake. - if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 - then - echo "TLS13" - else - echo "TLS12" - fi -} - -# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] -# Options: -s pattern pattern that must be present in server output -# -c pattern pattern that must be present in client output -# -u pattern lines after pattern must be unique in client output -# -f call shell function on client output -# -S pattern pattern that must be absent in server output -# -C pattern pattern that must be absent in client output -# -U pattern lines after pattern must be unique in server output -# -F call shell function on server output -# -g call shell function on server and client output -run_test() { - NAME="$1" - shift 1 - - if is_excluded "$NAME"; then - SKIP_NEXT="NO" - # There was no request to run the test, so don't record its outcome. - return - fi - - if [ "$LIST_TESTS" -gt 0 ]; then - printf "%s\n" "${TEST_SUITE_NAME:-ssl-opt};$NAME" - return - fi - - # Use ssl-opt as default test suite name. Also see record_outcome function - if is_excluded_test_suite "${TEST_SUITE_NAME:-ssl-opt}"; then - # Do not skip next test and skip current test. - SKIP_NEXT="NO" - return - fi - - print_name "$NAME" - - # Do we only run numbered tests? - if [ -n "$RUN_TEST_NUMBER" ]; then - case ",$RUN_TEST_NUMBER," in - *",$TESTS,"*) :;; - *) SKIP_NEXT="YES";; - esac - fi - - # Does this test specify a proxy? - if [ "X$1" = "X-p" ]; then - PXY_CMD="$2" - shift 2 - else - PXY_CMD="" - fi - - # Does this test force a specific port? - if [ "$1" = "-P" ]; then - THIS_SRV_PORT="$2" - shift 2 - else - THIS_SRV_PORT="$SRV_PORT" - fi - - # get commands and client output - SRV_CMD="$1" - CLI_CMD="$2" - CLI_EXPECT="$3" - shift 3 - - # Check if test uses files - case "$SRV_CMD $CLI_CMD" in - *$DATA_FILES_PATH/*) - requires_config_enabled MBEDTLS_FS_IO;; - esac - - # Check if the test uses DTLS. - detect_dtls "$SRV_CMD" - if [ "$DTLS" -eq 1 ]; then - requires_config_enabled MBEDTLS_SSL_PROTO_DTLS - fi - - # Check if we are trying to use an external tool which does not support ECDH - EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") - - # Guess the TLS version which is going to be used. - # Note that this detection is wrong in some cases, which causes unduly - # skipped test cases in builds with TLS 1.3 but not TLS 1.2. - # https://github.com/Mbed-TLS/mbedtls/issues/9560 - if [ "$EXT_WO_ECDH" = "no" ]; then - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - else - TLS_VERSION="TLS12" - fi - - # If we're in a PSK-only build and the test can be adapted to PSK, do that. - maybe_adapt_for_psk "$@" - - # If the client or server requires certain features that can be detected - # from their command-line arguments, check whether they're enabled. - detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" - detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" - - # should we skip? - if [ "X$SKIP_NEXT" = "XYES" ]; then - SKIP_NEXT="NO" - record_outcome "SKIP" - SKIPS=$(( $SKIPS + 1 )) - return - fi - - analyze_test_commands "$@" - - # One regular run and two retries - TIMES_LEFT=3 - while [ $TIMES_LEFT -gt 0 ]; do - TIMES_LEFT=$(( $TIMES_LEFT - 1 )) - - do_run_test_once - - check_test_failure "$@" - case $outcome in - PASS) break;; - RETRY*) printf "$outcome ";; - FAIL) return;; - esac - done - - # If we get this far, the test case passed. - record_outcome "PASS" - if [ "$PRESERVE_LOGS" -gt 0 ]; then - mv $SRV_OUT o-srv-${TESTS}.log - mv $CLI_OUT o-cli-${TESTS}.log - if [ -n "$PXY_CMD" ]; then - mv $PXY_OUT o-pxy-${TESTS}.log - fi - fi - - rm -f $SRV_OUT $CLI_OUT $PXY_OUT -} - -run_test_psa() { - set_maybe_calc_verify none - run_test "PSA-supported ciphersuite: $1" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 force_ciphersuite=$1" \ - 0 \ - -c "$maybe_calc_verify" \ - -c "calc PSA finished" \ - -s "$maybe_calc_verify" \ - -s "calc PSA finished" \ - -s "Protocol is TLSv1.2" \ - -c "Perform PSA-based ECDH computation."\ - -c "Perform PSA-based computation of digest of ServerKeyExchange" \ - -S "error" \ - -C "error" - unset maybe_calc_verify -} - -run_test_psa_force_curve() { - set_maybe_calc_verify none - run_test "PSA - ECDH with $1" \ - "$P_SRV debug_level=4 force_version=tls12 groups=$1" \ - "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \ - 0 \ - -c "$maybe_calc_verify" \ - -c "calc PSA finished" \ - -s "$maybe_calc_verify" \ - -s "calc PSA finished" \ - -s "Protocol is TLSv1.2" \ - -c "Perform PSA-based ECDH computation."\ - -c "Perform PSA-based computation of digest of ServerKeyExchange" \ - -S "error" \ - -C "error" - unset maybe_calc_verify -} - -# Test that the server's memory usage after a handshake is reduced when a client specifies -# a maximum fragment length. -# first argument ($1) is MFL for SSL client -# second argument ($2) is memory usage for SSL client with default MFL (16k) -run_test_memory_after_handshake_with_mfl() -{ - # The test passes if the difference is around 2*(16k-MFL) - MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))" - - # Leave some margin for robustness - MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))" - - run_test "Handshake memory usage (MFL $1)" \ - "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ - "$P_CLI debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ - 0 \ - -F "handshake_memory_check $MEMORY_USAGE_LIMIT" -} - - -# Test that the server's memory usage after a handshake is reduced when a client specifies -# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes -run_tests_memory_after_handshake() -{ - # all tests in this sequence requires the same configuration (see requires_config_enabled()) - SKIP_THIS_TESTS="$SKIP_NEXT" - - # first test with default MFU is to get reference memory usage - MEMORY_USAGE_MFL_16K=0 - run_test "Handshake memory usage initial (MFL 16384 - default)" \ - "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ - "$P_CLI debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ - 0 \ - -F "handshake_memory_get MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" -} - -cleanup() { - rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION - rm -f context_srv.txt - rm -f context_cli.txt - test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 - test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 - test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 - test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 - exit 1 -} - -# -# MAIN -# - -# Make the outcome file path relative to the original directory, not -# to .../tests -case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) - MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" - ;; -esac - -populate_enabled_hash_algs - -# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell -# patterns rather than regular expressions, use a case statement instead -# of calling grep. To keep the optimizer simple, it is incomplete and only -# detects simple cases: plain substring, everything, nothing. -# -# As an exception, the character '.' is treated as an ordinary character -# if it is the only special character in the string. This is because it's -# rare to need "any one character", but needing a literal '.' is common -# (e.g. '-f "DTLS 1.2"'). -need_grep= -case "$FILTER" in - '^$') simple_filter=;; - '.*') simple_filter='*';; - *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep - need_grep=1;; - *) # No regexp or shell-pattern special character - simple_filter="*$FILTER*";; -esac -case "$EXCLUDE" in - '^$') simple_exclude=;; - '.*') simple_exclude='*';; - *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep - need_grep=1;; - *) # No regexp or shell-pattern special character - simple_exclude="*$EXCLUDE*";; -esac -if [ -n "$need_grep" ]; then - is_excluded () { - ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" - } -else - is_excluded () { - case "$1" in - $simple_exclude) true;; - $simple_filter) false;; - *) true;; - esac - } -fi - -# Filter tests according to TEST_SUITE_NAME -is_excluded_test_suite () { - if [ -n "$RUN_TEST_SUITE" ] - then - case ",$RUN_TEST_SUITE," in - *",$1,"*) false;; - *) true;; - esac - else - false - fi - -} - - -if [ "$LIST_TESTS" -eq 0 ];then - - # sanity checks, avoid an avalanche of errors - P_SRV_BIN="${P_SRV%%[ ]*}" - P_CLI_BIN="${P_CLI%%[ ]*}" - P_PXY_BIN="${P_PXY%%[ ]*}" - if [ ! -x "$P_SRV_BIN" ]; then - echo "Command '$P_SRV_BIN' is not an executable file" - exit 1 - fi - if [ ! -x "$P_CLI_BIN" ]; then - echo "Command '$P_CLI_BIN' is not an executable file" - exit 1 - fi - if [ ! -x "$P_PXY_BIN" ]; then - echo "Command '$P_PXY_BIN' is not an executable file" - exit 1 - fi - if [ "$MEMCHECK" -gt 0 ]; then - if which valgrind >/dev/null 2>&1; then :; else - echo "Memcheck not possible. Valgrind not found" - exit 1 - fi - fi - if which $OPENSSL >/dev/null 2>&1; then :; else - echo "Command '$OPENSSL' not found" - exit 1 - fi - - # used by watchdog - MAIN_PID="$$" - - # We use somewhat arbitrary delays for tests: - # - how long do we wait for the server to start (when lsof not available)? - # - how long do we allow for the client to finish? - # (not to check performance, just to avoid waiting indefinitely) - # Things are slower with valgrind, so give extra time here. - # - # Note: without lsof, there is a trade-off between the running time of this - # script and the risk of spurious errors because we didn't wait long enough. - # The watchdog delay on the other hand doesn't affect normal running time of - # the script, only the case where a client or server gets stuck. - if [ "$MEMCHECK" -gt 0 ]; then - START_DELAY=6 - DOG_DELAY=60 - else - START_DELAY=2 - DOG_DELAY=20 - fi - - # some particular tests need more time: - # - for the client, we multiply the usual watchdog limit by a factor - # - for the server, we sleep for a number of seconds after the client exits - # see client_need_more_time() and server_needs_more_time() - CLI_DELAY_FACTOR=1 - SRV_DELAY_SECONDS=0 - - # fix commands to use this port, force IPv4 while at it - # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later - # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many - # machines that will resolve to ::1, and we don't want ipv6 here. - P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" - P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" - P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" - O_SRV="$O_SRV -accept $SRV_PORT" - O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" - G_SRV="$G_SRV -p $SRV_PORT" - G_CLI="$G_CLI -p +SRV_PORT" - - # Newer versions of OpenSSL have a syntax to enable all "ciphers", even - # low-security ones. This covers not just cipher suites but also protocol - # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on - # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in - # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find - # a way to discover it from -help, so check the openssl version. - case $($OPENSSL version) in - "OpenSSL 0"*|"OpenSSL 1.0"*) :;; - *) - O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" - O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" - ;; - esac - - if [ -n "${OPENSSL_NEXT:-}" ]; then - O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" - O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" - O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" - O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" - O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" - fi - - if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then - G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" - G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" - fi - - if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then - G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" - G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" - fi - - # Allow SHA-1, because many of our test certificates use it - P_SRV="$P_SRV allow_sha1=1" - P_CLI="$P_CLI allow_sha1=1" - -fi -# Also pick a unique name for intermediate files -SRV_OUT="srv_out.$$" -CLI_OUT="cli_out.$$" -PXY_OUT="pxy_out.$$" -SESSION="session.$$" - -SKIP_NEXT="NO" - -trap cleanup INT TERM HUP - -# Basic test - -# Checks that: -# - things work with all ciphersuites active (used with config-full in all.sh) -# - the expected parameters are selected -requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -requires_hash_alg SHA_512 # "signature_algorithm ext: 6" -requires_any_configs_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED \ - PSA_WANT_ECC_MONTGOMERY_255 -run_test "Default, TLS 1.2" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12" \ - 0 \ - -s "Protocol is TLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ - -s "client hello v3, signature_algorithm ext: 6" \ - -s "ECDHE curve: x25519" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -run_test "Default, DTLS" \ - "$P_SRV dtls=1" \ - "$P_CLI dtls=1" \ - 0 \ - -s "Protocol is DTLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" - -run_test "TLS client auth: required" \ - "$P_SRV auth_mode=required" \ - "$P_CLI" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" - -run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - -c "Key size is 256" - -run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - -c "Key size is 128" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C -requires_hash_alg MD5 -requires_hash_alg SHA_256 -run_test "TLS: password protected client key" \ - "$P_SRV force_version=tls12 auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ - 0 - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C -requires_hash_alg MD5 -requires_hash_alg SHA_256 -run_test "TLS: password protected server key" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ - "$P_CLI force_version=tls12" \ - 0 - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C -requires_hash_alg MD5 -requires_hash_alg SHA_256 -run_test "TLS: password protected server key, two certificates" \ - "$P_SRV force_version=tls12\ - key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key.enc key_pwd2=PolarSSLTest crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI" \ - 0 - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "CA callback on client" \ - "$P_SRV debug_level=3" \ - "$P_CLI ca_callback=1 debug_level=3 " \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "CA callback on server" \ - "$P_SRV auth_mode=required" \ - "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -s "Verifying peer X.509 certificate... ok" \ - -S "error" \ - -C "error" - -# Test using an EC opaque private key for client authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for client authentication: ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -# Test using a RSA opaque private key for client authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for client authentication: ECDHE-RSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for client authentication: DHE-RSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - key_opaque_algs=rsa-sign-pkcs1,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - -# Test using an EC opaque private key for server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDHE-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ - key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdh,none \ - crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ - key_opaque_algs2=ecdsa-sign,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ - key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ - key_opaque_algs2=ecdh,none debug_level=3" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDH-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server2-sha256.crt \ - key_file2=$DATA_FILES_PATH/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: no suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - 1 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ - -c "error" \ - -s "no suitable signature algorithm" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ - -C "error" \ - -S "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ - "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ - 0 \ - -s "key types: Opaque, Opaque" \ - -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -C "error" \ - -S "error" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ - -C "error" \ - -S "error" \ - -# Test using a RSA opaque private key for server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDHE-RSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: DHE-RSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: RSA-" \ - "$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-RSA-" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-RSA-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ - "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -run_test "Opaque keys for server authentication: RSA keys with different algs" \ - "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none \ - crt_file2=$DATA_FILES_PATH/server4.crt \ - key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server4.crt \ - key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - -# Test using an EC opaque private key for client/server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -# Test using a RSA opaque private key for client/server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -run_test "Opaque key for client/server authentication: ECDHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for client/server authentication: DHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "key type: Opaque" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - - -# Test ciphersuites which we expect to be fully supported by PSA Crypto -# and check that we don't fall back to Mbed TLS' internal crypto primitives. -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - -requires_config_enabled PSA_WANT_ECC_SECP_R1_521 -run_test_psa_force_curve "secp521r1" -requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512 -run_test_psa_force_curve "brainpoolP512r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test_psa_force_curve "secp384r1" -requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384 -run_test_psa_force_curve "brainpoolP384r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test_psa_force_curve "secp256r1" -requires_config_enabled PSA_WANT_ECC_SECP_K1_256 -run_test_psa_force_curve "secp256k1" -requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 -run_test_psa_force_curve "brainpoolP256r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_224 -run_test_psa_force_curve "secp224r1" -## SECP224K1 is buggy via the PSA API -## (https://github.com/Mbed-TLS/mbedtls/issues/3541), -## so it is disabled in PSA even when it's enabled in Mbed TLS. -## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but -## dependencies on PSA symbols in ssl-opt.sh are not implemented yet. -#requires_config_enabled PSA_WANT_ECC_SECP_K1_224 -#run_test_psa_force_curve "secp224k1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_192 -run_test_psa_force_curve "secp192r1" -requires_config_enabled PSA_WANT_ECC_SECP_K1_192 -run_test_psa_force_curve "secp192k1" - -# Test current time in ServerHello -requires_config_enabled MBEDTLS_HAVE_TIME -run_test "ServerHello contains gmt_unix_time" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3" \ - 0 \ - -f "check_server_hello_time" \ - -F "check_server_hello_time" - -# Test for uniqueness of IVs in AEAD ciphersuites -run_test "Unique IV in GCM" \ - "$P_SRV exchanges=20 debug_level=4" \ - "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ - 0 \ - -u "IV used" \ - -U "IV used" - -# Test for correctness of sent single supported algorithm -requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: mbedtls client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ - 0 \ - -c "Supported Signature Algorithm found: 04 03" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256 -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: openssl client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ - -key $DATA_FILES_PATH/server6.key" \ - 0 - -# Tests for certificate verification callback -run_test "Configuration-specific CRT verification callback" \ - "$P_SRV debug_level=3" \ - "$P_CLI context_crt_cb=0 debug_level=3" \ - 0 \ - -S "error" \ - -c "Verify requested for " \ - -c "Use configuration-specific verification callback" \ - -C "Use context-specific verification callback" \ - -C "error" - -run_test "Context-specific CRT verification callback" \ - "$P_SRV debug_level=3" \ - "$P_CLI context_crt_cb=1 debug_level=3" \ - 0 \ - -S "error" \ - -c "Verify requested for " \ - -c "Use context-specific verification callback" \ - -C "Use configuration-specific verification callback" \ - -C "error" - -# Tests for SHA-1 support -requires_hash_alg SHA_1 -run_test "SHA-1 forbidden by default in server certificate" \ - "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ - 1 \ - -c "The certificate is signed with an unacceptable hash" - -requires_hash_alg SHA_1 -run_test "SHA-1 explicitly allowed in server certificate" \ - "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_version=tls12 allow_sha1=1" \ - 0 - -run_test "SHA-256 allowed by default in server certificate" \ - "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2-sha256.crt" \ - "$P_CLI force_version=tls12 allow_sha1=0" \ - 0 - -requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C -run_test "SHA-1 forbidden by default in client certificate" \ - "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ - "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ - 1 \ - -s "The certificate is signed with an unacceptable hash" - -requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C -run_test "SHA-1 explicitly allowed in client certificate" \ - "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ - "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ - 0 - -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "SHA-256 allowed by default in client certificate" \ - "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ - "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha256.crt" \ - 0 - -# Tests for datagram packing -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, client and server" \ - "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ - 0 \ - -c "next record in same datagram" \ - -s "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, client only" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ - 0 \ - -s "next record in same datagram" \ - -C "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, server only" \ - "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -S "next record in same datagram" \ - -c "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, neither client nor server" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -S "next record in same datagram" \ - -C "next record in same datagram" - -# Tests for Context serialization - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes, CCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes, GCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, client serializes, with CID" \ - "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes, CCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes, GCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, server serializes, with CID" \ - "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize, CCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize, GCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, both serialize, with CID" \ - "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes, CCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes, GCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, re-init, client serializes, with CID" \ - "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes, CCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes, GCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, re-init, server serializes, with CID" \ - "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize, CCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize, GCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, re-init, both serialize, with CID" \ - "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Saving the serialized context to a file" \ - "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ - "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \ - 0 \ - -s "Save serialized context to a file... ok" \ - -c "Save serialized context to a file... ok" -rm -f context_srv.txt -rm -f context_cli.txt - -# Tests for DTLS Connection ID extension - -# So far, the CID API isn't implemented, so we can't -# grep for output witnessing its use. This needs to be -# changed once the CID extension is implemented. - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli enabled, Srv disabled" \ - "$P_SRV debug_level=3 dtls=1 cid=0" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - 0 \ - -s "Disable use of CID extension." \ - -s "found CID extension" \ - -s "Client sent CID extension, but CID disabled" \ - -c "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -S "server hello, adding CID extension" \ - -C "found CID extension" \ - -S "Copy CIDs into SSL transform" \ - -C "Copy CIDs into SSL transform" \ - -c "Use of Connection ID was rejected by the server" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli disabled, Srv enabled" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=0" \ - 0 \ - -c "Disable use of CID extension." \ - -C "client hello, adding CID extension" \ - -S "found CID extension" \ - -s "Enable use of CID extension." \ - -S "server hello, adding CID extension" \ - -C "found CID extension" \ - -S "Copy CIDs into SSL transform" \ - -C "Copy CIDs into SSL transform" \ - -s "Use of Connection ID was not offered by client" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ - -p "$P_PXY mtu=800" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ - -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=1" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -S "Use of Connection ID has been negotiated" \ - -C "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -S "Use of Connection ID has been negotiated" \ - -C "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -S "Use of Connection ID has been negotiated" \ - -C "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ - -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ - "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ - 0 \ - -S "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ - 0 \ - -S "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ - -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ - 0 \ - -S "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID was not offered by client" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID was not offered by client" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID was rejected by the server" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID was rejected by the server" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the -# tests check that the buffer contents are reallocated when the message is -# larger than the buffer. -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH -requires_max_content_len 513 -run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ - "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ - "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -s "Reallocating in_buf" \ - -s "Reallocating out_buf" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH -requires_max_content_len 1025 -run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ - "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ - "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -s "Reallocating in_buf" \ - -s "Reallocating out_buf" - -# Tests for Encrypt-then-MAC extension - -run_test "Encrypt then MAC: default" \ - "$P_SRV debug_level=3 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ - -s "server hello, adding encrypt then mac extension" \ - -c "found encrypt_then_mac extension" \ - -c "using encrypt then mac" \ - -s "using encrypt then mac" - -run_test "Encrypt then MAC: client enabled, server disabled" \ - "$P_SRV debug_level=3 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - "$P_CLI debug_level=3 etm=1" \ - 0 \ - -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ - -S "server hello, adding encrypt then mac extension" \ - -C "found encrypt_then_mac extension" \ - -C "using encrypt then mac" \ - -S "using encrypt then mac" - -run_test "Encrypt then MAC: client enabled, aead cipher" \ - "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ - "$P_CLI debug_level=3 etm=1" \ - 0 \ - -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ - -S "server hello, adding encrypt then mac extension" \ - -C "found encrypt_then_mac extension" \ - -C "using encrypt then mac" \ - -S "using encrypt then mac" - -run_test "Encrypt then MAC: client disabled, server enabled" \ - "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - "$P_CLI debug_level=3 etm=0" \ - 0 \ - -C "client hello, adding encrypt_then_mac extension" \ - -S "found encrypt then mac extension" \ - -S "server hello, adding encrypt then mac extension" \ - -C "found encrypt_then_mac extension" \ - -C "using encrypt then mac" \ - -S "using encrypt then mac" - -# Tests for Extended Master Secret extension - -requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET -run_test "Extended Master Secret: default" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3" \ - 0 \ - -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ - -s "server hello, adding extended master secret extension" \ - -c "found extended_master_secret extension" \ - -c "session hash for extended master secret" \ - -s "session hash for extended master secret" - -requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET -run_test "Extended Master Secret: client enabled, server disabled" \ - "$P_SRV debug_level=3 extended_ms=0" \ - "$P_CLI force_version=tls12 debug_level=3 extended_ms=1" \ - 0 \ - -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ - -S "server hello, adding extended master secret extension" \ - -C "found extended_master_secret extension" \ - -C "session hash for extended master secret" \ - -S "session hash for extended master secret" - -requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET -run_test "Extended Master Secret: client disabled, server enabled" \ - "$P_SRV force_version=tls12 debug_level=3 extended_ms=1" \ - "$P_CLI debug_level=3 extended_ms=0" \ - 0 \ - -C "client hello, adding extended_master_secret extension" \ - -S "found extended master secret extension" \ - -S "server hello, adding extended master secret extension" \ - -C "found extended_master_secret extension" \ - -C "session hash for extended master secret" \ - -S "session hash for extended master secret" - -# Test sending and receiving empty application data records - -run_test "Encrypt then MAC: empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=1" \ - "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Encrypt then MAC: disabled, empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=0" \ - "$P_CLI auth_mode=none etm=0 request_size=0" \ - 0 \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -run_test "Encrypt then MAC, DTLS: empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ - "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ - 0 \ - -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ - "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ - 0 \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -# Tests for CBC 1/n-1 record splitting - -run_test "CBC Record splitting: TLS 1.2, no splitting" \ - "$P_SRV force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - request_size=123" \ - 0 \ - -s "Read from client: 123 bytes read" \ - -S "Read from client: 1 bytes read" \ - -S "122 bytes read" - -# Tests for Session Tickets - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: basic" \ - "$P_SRV debug_level=3 tickets=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: manual rotation" \ - "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: cache disabled" \ - "$P_SRV debug_level=3 tickets=1 cache_max=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: timeout" \ - "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: session copy" \ - "$P_SRV debug_level=3 tickets=1 cache_max=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: openssl server" \ - "$O_SRV -tls1_2" \ - "$P_CLI debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: openssl client" \ - "$P_SRV force_version=tls12 debug_level=3 tickets=1" \ - "( $O_CLI -sess_out $SESSION; \ - $O_CLI -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" - -requires_cipher_enabled "AES" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-128-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-192-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-128-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-192-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-256-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CAMELLIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CAMELLIA-128-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CAMELLIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CAMELLIA-192-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CAMELLIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CAMELLIA-256-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-128-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-192-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-256-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-128-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-192-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-256-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CHACHA20" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CHACHA20-POLY1305" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -# Tests for Session Tickets with DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: basic" \ - "$P_SRV debug_level=3 dtls=1 tickets=1" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: cache disabled" \ - "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: timeout" \ - "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: session copy" \ - "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: openssl server" \ - "$O_SRV -dtls" \ - "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -c "a session has been resumed" - -# For reasons that aren't fully understood, this test randomly fails with high -# probability with OpenSSL 1.0.2g on the CI, see #5012. -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: openssl client" \ - "$P_SRV dtls=1 debug_level=3 tickets=1" \ - "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ - $O_NEXT_CLI -dtls -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" - -# Tests for Session Resume based on session-ID and cache - -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache: tickets enabled on client" \ - "$P_SRV debug_level=3 tickets=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache: tickets enabled on server" \ - "$P_SRV debug_level=3 tickets=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "client hello, adding session ticket extension" \ - -S "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: cache_max=0" \ - "$P_SRV debug_level=3 tickets=0 cache_max=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: cache_max=1" \ - "$P_SRV debug_level=3 tickets=0 cache_max=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: cache removed" \ - "$P_SRV debug_level=3 tickets=0 cache_remove=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "client hello, adding session ticket extension" \ - -S "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: timeout > delay" \ - "$P_SRV debug_level=3 tickets=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: timeout < delay" \ - "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: no timeout" \ - "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: session copy" \ - "$P_SRV debug_level=3 tickets=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache: openssl client" \ - "$P_SRV force_version=tls12 debug_level=3 tickets=0" \ - "( $O_CLI -sess_out $SESSION; \ - $O_CLI -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: openssl server" \ - "$O_SRV -tls1_2" \ - "$P_CLI debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -c "a session has been resumed" - -# Tests for Session resume and extensions - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Session resume and connection ID" \ - "$P_SRV debug_level=3 cid=1 cid_val=dead dtls=1 tickets=0" \ - "$P_CLI debug_level=3 cid=1 cid_val=beef dtls=1 tickets=0 reconnect=1" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -# Tests for Session Resume based on session-ID and cache, DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache, DTLS: tickets enabled on client" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache, DTLS: tickets enabled on server" \ - "$P_SRV dtls=1 debug_level=3 tickets=1" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -C "client hello, adding session ticket extension" \ - -S "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: cache_max=0" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: cache_max=1" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: timeout > delay" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: timeout < delay" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: no timeout" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: session copy" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -# For reasons that aren't fully understood, this test randomly fails with high -# probability with OpenSSL 1.0.2g on the CI, see #5012. -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache, DTLS: openssl client" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ - $O_NEXT_CLI -dtls -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: openssl server" \ - "$O_SRV -dtls" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -c "a session has been resumed" - -# Tests for Max Fragment Length extension - -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: enabled, default" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" - -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: enabled, default, larger message" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 0 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" \ - -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ - -s "$MAX_CONTENT_LEN bytes read" \ - -s "1 bytes read" - -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length, DTLS: enabled, default, larger message" \ - "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 1 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" \ - -c "fragment larger than.*maximum " - -# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled -# (session fragment length will be 16384 regardless of mbedtls -# content length configuration.) - -requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: disabled, larger message" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 0 \ - -C "Maximum incoming record payload length is 16384" \ - -C "Maximum outgoing record payload length is 16384" \ - -S "Maximum incoming record payload length is 16384" \ - -S "Maximum outgoing record payload length is 16384" \ - -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ - -s "$MAX_CONTENT_LEN bytes read" \ - -s "1 bytes read" - -requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length, DTLS: disabled, larger message" \ - "$P_SRV debug_level=3 dtls=1 force_version=tls12" \ - "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 1 \ - -C "Maximum incoming record payload length is 16384" \ - -C "Maximum outgoing record payload length is 16384" \ - -S "Maximum incoming record payload length is 16384" \ - -S "Maximum outgoing record payload length is 16384" \ - -c "fragment larger than.*maximum " - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: used by client" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 4096" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 1024 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 512, server 1024" \ - "$P_SRV debug_level=3 max_frag_len=1024" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ - 0 \ - -c "Maximum incoming record payload length is 512" \ - -c "Maximum outgoing record payload length is 512" \ - -s "Maximum incoming record payload length is 512" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 512, server 2048" \ - "$P_SRV debug_level=3 max_frag_len=2048" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ - 0 \ - -c "Maximum incoming record payload length is 512" \ - -c "Maximum outgoing record payload length is 512" \ - -s "Maximum incoming record payload length is 512" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 512, server 4096" \ - "$P_SRV debug_level=3 max_frag_len=4096" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ - 0 \ - -c "Maximum incoming record payload length is 512" \ - -c "Maximum outgoing record payload length is 512" \ - -s "Maximum incoming record payload length is 512" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 1024 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 1024, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ - "$P_CLI debug_level=3 max_frag_len=1024" \ - 0 \ - -c "Maximum incoming record payload length is 1024" \ - -c "Maximum outgoing record payload length is 1024" \ - -s "Maximum incoming record payload length is 1024" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 1024, server 2048" \ - "$P_SRV debug_level=3 max_frag_len=2048" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ - 0 \ - -c "Maximum incoming record payload length is 1024" \ - -c "Maximum outgoing record payload length is 1024" \ - -s "Maximum incoming record payload length is 1024" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 1024, server 4096" \ - "$P_SRV debug_level=3 max_frag_len=4096" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ - 0 \ - -c "Maximum incoming record payload length is 1024" \ - -c "Maximum outgoing record payload length is 1024" \ - -s "Maximum incoming record payload length is 1024" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 2048, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ - "$P_CLI debug_level=3 max_frag_len=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 2048, server 1024" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ - "$P_CLI debug_level=3 max_frag_len=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 2048, server 4096" \ - "$P_SRV debug_level=3 max_frag_len=4096" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 4096, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 4096, server 1024" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 4096, server 2048" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: used by server" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is 4096" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: gnutls server" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -c "client hello, adding max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client, message just fits" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "2048 bytes written in 1 fragments" \ - -s "2048 bytes read" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client, larger message" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "2345 bytes written in 2 fragments" \ - -s "2048 bytes read" \ - -s "297 bytes read" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: DTLS client, larger message" \ - "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ - 1 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "fragment larger than.*maximum" - -# Tests for Record Size Limit extension - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ - "$P_SRV debug_level=3 force_version=tls13" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ - 0 \ - -s "RecordSizeLimit: 16385 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 16383" \ - -s "bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \ - "$P_CLI debug_level=4 force_version=tls13" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "EncryptedExtensions: record_size_limit(28) extension received." \ - -c "RecordSizeLimit: 16385 Bytes" \ - -# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the -# maximum record size using gnutls_record_set_max_size() -# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size). -# There is currently a lower limit of 512, caused by gnutls_record_set_max_size() -# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the -# more recent function gnutls_record_set_max_recv_size() -# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size). -# There is currently an upper limit of 4096, caused by the cli arg parser: -# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. -# Thus, these tests are currently limited to the value range 512-4096. -# Also, the value sent in the extension will be one larger than the value -# set at the command line: -# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 - -# Currently test certificates being used do not fit in 513 record size limit -# so for 513 record size limit tests we use preshared key to avoid sending -# the certificate. - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ - psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ - response_size=256" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "256 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ - psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ - response_size=768" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "768 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ - psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ - response_size=1280" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "1280 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ - 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 1023" \ - -s "512 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ - 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 1023" \ - -s "1536 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ - 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 1023" \ - -s "2560 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ - 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 4095" \ - -s "2048 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ - 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 4095" \ - -s "6144 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ - 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 4095" \ - -s "10240 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=256" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 511" \ - -c "256 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=768" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 511" \ - -c "768 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 511" \ - -c "1280 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=512" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 1023" \ - -c "512 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 1023" \ - -c "1536 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 1023" \ - -c "2560 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 4095" \ - -c "2048 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 4095" \ - -c "6144 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 4095" \ - -c "10240 bytes written in 3 fragments" - -# TODO: For time being, we send fixed value of RecordSizeLimit defined by -# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of -# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. -requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \ - "$P_SRV debug_level=4 force_version=tls13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -s "Maximum outgoing record payload length is 16383" \ - -s "Maximum incoming record payload length is 16384" - -# End of Record size limit tests - -# Tests for renegotiation - -# G_NEXT_SRV is used in renegotiation tests becuase of the increased -# extensions limit since we exceed the limit in G_SRV when we send -# TLS 1.3 extensions in the initial handshake. - -# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION -run_test "Renegotiation: none, for reference" \ - "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: client-initiated" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that -# the server did not parse the Signature Algorithm extension. This test is valid only if an MD -# algorithm stronger than SHA-1 is enabled in mbedtls_config.h -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" \ - -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? - -# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that -# the server did not parse the Signature Algorithm extension. This test is valid only if an MD -# algorithm stronger than SHA-1 is enabled in mbedtls_config.h -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: double" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -run_test "Renegotiation with max fragment length: client 2048, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: client-initiated, server-rejected" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 1 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" \ - -c "SSL - Unexpected message at ServerHello in renegotiation" \ - -c "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, default" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=-1 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -# delay 2 for 1 alert record + 1 application data record -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=2 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=0 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -s "SSL - An unexpected message was received from our peer" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=0 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, just below period" \ - "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -S "record counter limit reached: renegotiate" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -# one extra exchange to be able to complete renego -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, just above period" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -s "record counter limit reached: renegotiate" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, two times period" \ - "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=7 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -s "record counter limit reached: renegotiate" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, above period, disabled" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -S "record counter limit reached: renegotiate" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: nbio, client-initiated" \ - "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: nbio, server-initiated" \ - "$P_SRV force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ - "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: openssl server, client-initiated" \ - "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "ssl_handshake() returned" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server strict, client-initiated" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "ssl_handshake() returned" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ - 1 \ - -c "client hello, adding renegotiation extension" \ - -C "found renegotiation extension" \ - -c "=> renegotiate" \ - -c "mbedtls_ssl_handshake() returned" \ - -c "error" \ - -C "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ - allow_legacy=0" \ - 1 \ - -c "client hello, adding renegotiation extension" \ - -C "found renegotiation extension" \ - -c "=> renegotiate" \ - -c "mbedtls_ssl_handshake() returned" \ - -c "error" \ - -C "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ - allow_legacy=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -C "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "ssl_handshake() returned" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, client-initiated" \ - "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, server-initiated" \ - "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ - read_timeout=1000 max_resend=2" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, renego_period overflow" \ - "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ - "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -s "record counter limit reached: renegotiate" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ - "$G_NEXT_SRV -u --mtu 4096" \ - "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "mbedtls_ssl_handshake returned" \ - -C "error" \ - -s "Extra-header:" - -# Test for the "secure renegotiation" extension only (no actual renegotiation) - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls server strict, client default" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "found renegotiation extension" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls server unsafe, client default" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "found renegotiation extension" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls server unsafe, client break legacy" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 allow_legacy=-1" \ - 1 \ - -C "found renegotiation extension" \ - -c "error" \ - -C "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls client strict, server default" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \ - 0 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ - -s "server hello, secure renegotiation extension" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls client unsafe, server default" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 0 \ - -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ - -S "server hello, secure renegotiation extension" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls client unsafe, server break legacy" \ - "$P_SRV debug_level=3 allow_legacy=-1" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 1 \ - -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ - -S "server hello, secure renegotiation extension" - -# Tests for silently dropping trailing extra bytes in .der certificates - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: no trailing bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der0.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with a trailing zero byte" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1a.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with a trailing random byte" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1b.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 2 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der2.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 4 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der4.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 8 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der8.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 9 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der9.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -# Tests for auth_mode, there are duplicated tests using ca callback for authentication -# When updating these tests, modify the matching authentication tests accordingly - -# The next 4 cases test the 3 auth modes with a badly signed server cert. -run_test "Authentication: server badcert, client required" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 auth_mode=required" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" - # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA -# We don't check that the server receives the alert because it might -# detect that its write end of the connection is closed and abort -# before reading the alert message. - -run_test "Authentication: server badcert, client required (1.2)" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=required" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" - # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA - -run_test "Authentication: server badcert, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls13 debug_level=3 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server badcert, client optional (1.2)" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server badcert, client none" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 auth_mode=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server badcert, client none (1.2)" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server goodcert, client required, no trusted CA" \ - "$P_SRV" \ - "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -c "! mbedtls_ssl_handshake returned" \ - -c "SSL - No CA Chain is set, but required to operate" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: server goodcert, client required, no trusted CA (1.2)" \ - "$P_SRV force_version=tls12" \ - "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -c "! mbedtls_ssl_handshake returned" \ - -c "SSL - No CA Chain is set, but required to operate" - -run_test "Authentication: server goodcert, client optional, no trusted CA" \ - "$P_SRV" \ - "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: server goodcert, client optional, no trusted CA (1.2)" \ - "$P_SRV" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -run_test "Authentication: server goodcert, client none, no trusted CA" \ - "$P_SRV" \ - "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \ - "$P_SRV" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: client SHA256, server required" \ - "$P_SRV auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ - 0 \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: client SHA384, server required" \ - "$P_SRV auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -run_test "Authentication: client has no cert, server required (TLS)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=none \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -c "= write certificate$" \ - -C "skip write certificate$" \ - -S "x509_verify_cert() returned" \ - -s "peer has no certificate" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "No client certification received from the client, but required by the authentication mode" - -run_test "Authentication: client badcert, server required" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" -# We don't check that the client receives the alert because it might -# detect that its write end of the connection is closed and abort -# before reading the alert message. - -run_test "Authentication: client cert self-signed and trusted, server required" \ - "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed" \ - -S "X509 - Certificate verification failed" - -run_test "Authentication: client cert not trusted, server required" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" - -run_test "Authentication: client badcert, server optional" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -run_test "Authentication: client badcert, server none" \ - "$P_SRV debug_level=3 auth_mode=none" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got no certificate request" \ - -c "skip write certificate" \ - -c "skip write certificate verify" \ - -s "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -run_test "Authentication: client no cert, server optional" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate$" \ - -C "got no certificate to send" \ - -c "skip write certificate verify" \ - -s "skip parse certificate verify" \ - -s "! Certificate was missing" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -run_test "Authentication: openssl client no cert, server optional" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -no_middlebox" \ - 0 \ - -S "skip write certificate request" \ - -s "skip parse certificate verify" \ - -s "! Certificate was missing" \ - -S "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Authentication: client no cert, openssl server optional" \ - "$O_SRV -verify 10 -tls1_2" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 0 \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate$" \ - -c "skip write certificate verify" \ - -C "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Authentication: client no cert, openssl server required" \ - "$O_SRV -Verify 10 -tls1_2" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 1 \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate$" \ - -c "skip write certificate verify" \ - -c "! mbedtls_ssl_handshake returned" - -# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default -# value, defined here as MAX_IM_CA. Some test cases will be skipped if the -# library is configured with a different value. - -MAX_IM_CA='8' - -# The tests for the max_int tests can pass with any number higher than MAX_IM_CA -# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 -# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions -# are in place so that the semantics are consistent with the test description. -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - "$P_CLI server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 0 \ - -C "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int+1 chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 1 \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int+1 chain, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ - auth_mode=optional" \ - 1 \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int+1 chain, client none" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ - auth_mode=none" \ - 0 \ - -C "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int+1 chain, server default" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 0 \ - -S "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int+1 chain, server optional" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int+1 chain, server required" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int chain, server required" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - 0 \ - -S "X509 - A fatal error occurred" - -# Tests for CA list in CertificateRequest messages - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send CA list in CertificateRequest (default)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -s "requested DN" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: do not send CA list in CertificateRequest" \ - "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ - "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -S "requested DN" - -run_test "Authentication: send CA list in CertificateRequest, client self signed" \ - "$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "requested DN" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -c "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send alt conf DN hints in CertificateRequest" \ - "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ - crt_file2=$DATA_FILES_PATH/server1.crt \ - key_file2=$DATA_FILES_PATH/server1.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ - "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ - crt_file2=$DATA_FILES_PATH/server2.crt \ - key_file2=$DATA_FILES_PATH/server2.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -c "DN hint: C=NL, O=PolarSSL, CN=localhost" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send alt hs DN hints in CertificateRequest" \ - "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \ - crt_file2=$DATA_FILES_PATH/server1.crt \ - key_file2=$DATA_FILES_PATH/server1.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests -# When updating these tests, modify the matching authentication tests accordingly - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server badcert, client required" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server badcert, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server badcert, client none" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI ca_callback=1 debug_level=3 auth_mode=none" \ - 0 \ - -C "use CA callback for X.509 CRT verification" \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)" \ - -c "! Certificate verification flags" \ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication, CA callback: client SHA384, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication, CA callback: client SHA256, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: client badcert, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" -# We don't check that the client receives the alert because it might -# detect that its write end of the connection is closed and abort -# before reading the alert message. - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: client cert not trusted, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: client badcert, server optional" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server max_int chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -C "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server max_int+1 chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ - debug_level=3 auth_mode=optional" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ - "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: client max_int+1 chain, server required" \ - "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -run_test "Authentication, CA callback: client max_int chain, server required" \ - "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -S "X509 - A fatal error occurred" - -# Tests for certificate selection based on SHA version - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ - "$P_SRV force_version=tls12 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key \ - crt_file2=$DATA_FILES_PATH/server5-sha1.crt \ - key_file2=$DATA_FILES_PATH/server5.key" \ - "$P_CLI" \ - 0 \ - -c "signed using.*ECDSA with SHA256" \ - -C "signed using.*ECDSA with SHA1" - -# tests for SNI - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: no SNI callback" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI server_name=localhost" \ - 0 \ - -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: matching cert 1" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=localhost" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: matching cert 2" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=polarssl.example" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: no matching cert" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=nonesuch.example" \ - 1 \ - -s "parse ServerName extension" \ - -s "ssl_sni_wrapper() returned" \ - -s "mbedtls_ssl_handshake returned" \ - -c "mbedtls_ssl_handshake returned" \ - -c "SSL - A fatal alert message was received from our peer" - -run_test "SNI: client auth no override: optional" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ - "$P_CLI debug_level=3 server_name=localhost" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -run_test "SNI: client auth override: none -> optional" \ - "$P_SRV debug_level=3 auth_mode=none \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ - "$P_CLI debug_level=3 server_name=localhost" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -run_test "SNI: client auth override: optional -> none" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ - "$P_CLI debug_level=3 server_name=localhost" \ - 0 \ - -s "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got no certificate request" \ - -c "skip write certificate" - -run_test "SNI: CA no override" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ - "$P_CLI debug_level=3 server_name=localhost \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -run_test "SNI: CA override" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ - "$P_CLI debug_level=3 server_name=localhost \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -run_test "SNI: CA override with CRL" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ - "$P_CLI debug_level=3 server_name=localhost \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -s "send alert level=2 message=44" \ - -s "The certificate has been revoked (is on a CRL)" - # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED - -# Tests for SNI and DTLS - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, no SNI callback" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI server_name=localhost dtls=1" \ - 0 \ - -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, matching cert 1" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=localhost dtls=1" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, matching cert 2" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=polarssl.example dtls=1" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, no matching cert" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=nonesuch.example dtls=1" \ - 1 \ - -s "parse ServerName extension" \ - -s "ssl_sni_wrapper() returned" \ - -s "mbedtls_ssl_handshake returned" \ - -c "mbedtls_ssl_handshake returned" \ - -c "SSL - A fatal alert message was received from our peer" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, client auth no override: optional" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, client auth override: none -> optional" \ - "$P_SRV debug_level=3 auth_mode=none dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, client auth override: optional -> none" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1" \ - 0 \ - -s "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got no certificate request" \ - -c "skip write certificate" \ - -c "skip write certificate verify" \ - -s "skip parse certificate verify" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, CA no override" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, CA override" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, CA override with CRL" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key dtls=1 \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -s "send alert level=2 message=44" \ - -s "The certificate has been revoked (is on a CRL)" - # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED - -# Tests for non-blocking I/O: exercise a variety of handshake flows - -run_test "Non-blocking I/O: basic handshake" \ - "$P_SRV nbio=2 tickets=0 auth_mode=none" \ - "$P_CLI nbio=2 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -run_test "Non-blocking I/O: client auth" \ - "$P_SRV nbio=2 tickets=0 auth_mode=required" \ - "$P_CLI nbio=2 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: ticket" \ - "$P_SRV nbio=2 tickets=1 auth_mode=none" \ - "$P_CLI nbio=2 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: ticket + client auth" \ - "$P_SRV nbio=2 tickets=1 auth_mode=required" \ - "$P_CLI nbio=2 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=required" \ - "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=required" \ - "$P_CLI nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=none" \ - "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=none" \ - "$P_CLI nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Non-blocking I/O: session-id resume" \ - "$P_SRV nbio=2 tickets=0 auth_mode=none" \ - "$P_CLI force_version=tls12 nbio=2 tickets=0 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -# Tests for event-driven I/O: exercise a variety of handshake flows - -run_test "Event-driven I/O: basic handshake" \ - "$P_SRV event=1 tickets=0 auth_mode=none" \ - "$P_CLI event=1 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -run_test "Event-driven I/O: client auth" \ - "$P_SRV event=1 tickets=0 auth_mode=required" \ - "$P_CLI event=1 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: ticket" \ - "$P_SRV event=1 tickets=1 auth_mode=none" \ - "$P_CLI event=1 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: ticket + client auth" \ - "$P_SRV event=1 tickets=1 auth_mode=required" \ - "$P_CLI event=1 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=required" \ - "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=required" \ - "$P_CLI event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=none" \ - "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=none" \ - "$P_CLI event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Event-driven I/O: session-id resume" \ - "$P_SRV event=1 tickets=0 auth_mode=none" \ - "$P_CLI force_version=tls12 event=1 tickets=0 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: basic handshake" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=0" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: client auth" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=0" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket + client auth" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket + resume" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: session-id resume" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -# This test demonstrates the need for the mbedtls_ssl_check_pending function. -# During session resumption, the client will send its ApplicationData record -# within the same datagram as the Finished messages. In this situation, the -# server MUST NOT idle on the underlying transport after handshake completion, -# because the ApplicationData request has already been queued internally. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ - -p "$P_PXY pack=50" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -# Tests for version negotiation. Some information to ease the understanding -# of the version negotiation test titles below: -# . 1.2/1.3 means that only TLS 1.2/TLS 1.3 is enabled. -# . 1.2+1.3 means that both TLS 1.2 and TLS 1.3 are enabled. -# . 1.2+(1.3)/(1.2)+1.3 means that TLS 1.2/1.3 is enabled and that -# TLS 1.3/1.2 may be enabled or not. -# . max=1.2 means that both TLS 1.2 and TLS 1.3 are enabled at build time but -# TLS 1.3 is disabled at runtime (maximum negotiable version is TLS 1.2). -# . min=1.3 means that both TLS 1.2 and TLS 1.3 are enabled at build time but -# TLS 1.2 is disabled at runtime (minimum negotiable version is TLS 1.3). - -# Tests for version negotiation, MbedTLS client and server - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli 1.2, srv 1.2 -> 1.2" \ - "$P_SRV" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli max=1.2, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$P_CLI max_version=tls12" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Version nego m->m: cli 1.3, srv 1.3 -> 1.3" \ - "$P_SRV" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli min=1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$P_CLI min_version=tls13" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli 1.2+1.3, srv 1.2+1.3 -> 1.3" \ - "$P_SRV" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli max=1.2, srv 1.2+1.3 -> 1.2" \ - "$P_SRV" \ - "$P_CLI max_version=tls12" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli min=1.3, srv 1.2+1.3 -> 1.3" \ - "$P_SRV" \ - "$P_CLI min_version=tls13" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version m->m: cli max=1.2, srv min=1.3" \ - "$P_SRV min_version=tls13" \ - "$P_CLI max_version=tls12" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" \ - -C "Protocol is TLSv1.2" \ - -S "Protocol is TLSv1.3" \ - -C "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version m->m: cli min=1.3, srv max=1.2" \ - "$P_SRV max_version=tls12" \ - "$P_CLI min_version=tls13" \ - 1 \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.2" \ - -C "Protocol is TLSv1.2" \ - -S "Protocol is TLSv1.3" \ - -C "Protocol is TLSv1.3" - -# Tests of version negotiation on server side against GnuTLS client - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:%DISABLE_TLS13_COMPAT_MODE" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -# GnuTLS can be setup to send a ClientHello containing a supported versions -# extension proposing TLS 1.2 (preferred) and then TLS 1.3. In that case, -# a TLS 1.3 and TLS 1.2 capable server is supposed to negotiate TLS 1.2 and -# to indicate in the ServerHello that it downgrades from TLS 1.3. The GnuTLS -# client then detects the downgrade indication and aborts the handshake even -# if TLS 1.2 was its preferred version. Keeping the test even if the -# handshake fails eventually as it exercices parts of the Mbed TLS -# implementation that are otherwise not exercised. -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server version nego G->m: cli 1.2+1.3 (1.2 preferred!), srv 1.2+1.3 -> 1.2" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \ - 1 \ - -c "Detected downgrade to TLS 1.2 from TLS 1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2+1.3, srv 1.2 -> 1.2" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2+1.3, max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version G->m: cli 1.0, (1.2)+(1.3)" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version G->m: cli 1.1, (1.2)+(1.3)" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version G->m: cli 1.2, srv 1.3" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version G->m: cli 1.3, srv 1.2" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version G->m: cli 1.2, srv min=1.3" \ - "$P_SRV min_version=tls13" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version G->m: cli 1.3, srv max=1.2" \ - "$P_SRV max_version=tls12" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -# Tests of version negotiation on server side against OpenSSL client - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$O_NEXT_CLI -tls1_2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI -no_middlebox" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2+1.3, srv 1.2 -> 1.2" \ - "$P_SRV" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version O->m: cli 1.0, srv (1.2)+(1.3)" \ - "$P_SRV" \ - "$O_CLI -tls1" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version O->m: cli 1.1, srv (1.2)+(1.3)" \ - "$P_SRV" \ - "$O_CLI -tls1_1" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version O->m: cli 1.2, srv 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version O->m: cli 1.3, srv 1.2" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version O->m: cli 1.2, srv min=1.3" \ - "$P_SRV min_version=tls13" \ - "$O_NEXT_CLI -tls1_2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version O->m: cli 1.3, srv max=1.2" \ - "$P_SRV max_version=tls12" \ - "$O_NEXT_CLI -tls1_3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -# Tests of version negotiation on client side against GnuTLS and OpenSSL server - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version: srv max TLS 1.0" \ - "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ - "$P_CLI" \ - 1 \ - -s "Error in protocol version" \ - -c "Handshake protocol not within min/max boundaries" \ - -S "Version: TLS1.0" \ - -C "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version: srv max TLS 1.1" \ - "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ - "$P_CLI" \ - 1 \ - -s "Error in protocol version" \ - -c "Handshake protocol not within min/max boundaries" \ - -S "Version: TLS1.1" \ - -C "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_gnutls_tls1_3 -run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.0" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "Client's version: 3.3" \ - -S "Version: TLS1.0" \ - -C "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_gnutls_tls1_3 -run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.1" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "Client's version: 3.3" \ - -S "Version: TLS1.1" \ - -C "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_gnutls_tls1_3 -run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.2" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \ - "$P_CLI force_version=tls13 debug_level=4" \ - 1 \ - -s "Client's version: 3.3" \ - -c "is a fatal alert message (msg 40)" \ - -S "Version: TLS1.2" \ - -C "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_openssl_next -run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.0" \ - "$O_NEXT_SRV -msg -tls1" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "fatal protocol_version" \ - -c "is a fatal alert message (msg 70)" \ - -S "Version: TLS1.0" \ - -C "Protocol : TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_openssl_next -run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.1" \ - "$O_NEXT_SRV -msg -tls1_1" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "fatal protocol_version" \ - -c "is a fatal alert message (msg 70)" \ - -S "Version: TLS1.1" \ - -C "Protocol : TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_openssl_next -run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.2" \ - "$O_NEXT_SRV -msg -tls1_2" \ - "$P_CLI force_version=tls13 debug_level=4" \ - 1 \ - -s "fatal protocol_version" \ - -c "is a fatal alert message (msg 70)" \ - -S "Version: TLS1.2" \ - -C "Protocol : TLSv1.2" - -# Tests for ALPN extension - -run_test "ALPN: none" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "client hello, adding alpn extension" \ - -S "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension " \ - -C "Application Layer Protocol is" \ - -S "Application Layer Protocol is" - -run_test "ALPN: client only" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 alpn=abc,1234" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension " \ - -c "Application Layer Protocol is (none)" \ - -S "Application Layer Protocol is" - -run_test "ALPN: server only" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "client hello, adding alpn extension" \ - -S "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension " \ - -C "Application Layer Protocol is" \ - -s "Application Layer Protocol is (none)" - -run_test "ALPN: both, common cli1-srv1" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3 alpn=abc,1234" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -s "server side, adding alpn extension" \ - -c "found alpn extension" \ - -c "Application Layer Protocol is abc" \ - -s "Application Layer Protocol is abc" - -run_test "ALPN: both, common cli2-srv1" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3 alpn=1234,abc" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -s "server side, adding alpn extension" \ - -c "found alpn extension" \ - -c "Application Layer Protocol is abc" \ - -s "Application Layer Protocol is abc" - -run_test "ALPN: both, common cli1-srv2" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3 alpn=1234,abcde" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -s "server side, adding alpn extension" \ - -c "found alpn extension" \ - -c "Application Layer Protocol is 1234" \ - -s "Application Layer Protocol is 1234" - -run_test "ALPN: both, no common" \ - "$P_SRV debug_level=3 alpn=abc,123" \ - "$P_CLI debug_level=3 alpn=1234,abcde" \ - 1 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -c "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension" \ - -C "Application Layer Protocol is 1234" \ - -S "Application Layer Protocol is 1234" - - -# Tests for keyUsage in leaf certificates, part 1: -# server-side certificate/suite selection -# -# This is only about 1.2 (for 1.3, all key exchanges use signatures). -# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use -# signatures too, following the removal of RSA #8170 and static ECDH #9201. - -run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" - -run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-RSA-WITH-" - -run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \ - "$P_CLI" \ - 1 \ - -C "Ciphersuite is " - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" - - -run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDH-" - -run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ - "$P_CLI" \ - 1 \ - -C "Ciphersuite is " - -# Tests for keyUsage in leaf certificates, part 2: -# client-side checking of server cert -# -# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange. -# In 4.0 this will probably change as all TLS 1.2 key exchanges will use -# signatures too, following the removal of RSA #8170 and static ECDH #9201. - -run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=3 \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=3 auth_mode=optional \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - -run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=3 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=3 auth_mode=optional \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ke.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for keyUsage in leaf certificates, part 3: -# server-side checking of client cert -# -# Here, both 1.2 and 1.3 only use signatures. - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$P_CLI key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "Processing of the Certificate handshake message failed" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "! mbedtls_ssl_handshake returned" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "Processing of the Certificate handshake message failed" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "! mbedtls_ssl_handshake returned" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection - -run_test "extKeyUsage srv: serverAuth -> OK" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI" \ - 0 - -run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI" \ - 0 - -run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \ - "$P_CLI" \ - 0 - -run_test "extKeyUsage srv: codeSign -> fail" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \ - "$P_CLI" \ - 1 - -# Tests for extendedKeyUsage, part 2: client-side checking of server cert - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: serverAuth -> OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=3 auth_mode=optional" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the extendedKeyUsage extension" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the extendedKeyUsage extension" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the extendedKeyUsage extension" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for extendedKeyUsage, part 3: server-side checking of client cert - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -S "Processing of the Certificate handshake message failed" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for DHM parameters loading - -run_test "DHM parameters: reference" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=3" \ - 0 \ - -c "value of 'DHM: P ' (2048 bits)" \ - -c "value of 'DHM: G ' (2 bits)" - -run_test "DHM parameters: other parameters" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=3" \ - 0 \ - -c "value of 'DHM: P ' (1024 bits)" \ - -c "value of 'DHM: G ' (2 bits)" - -# Tests for DHM client-side size checking - -run_test "DHM size: server default, client default, OK" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server default, client 2048, OK" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=2048" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 1024, client default, OK" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 999, client 999, OK" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=999" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 1000, client 1000, OK" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=1000" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 1000, client default, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server 1000, client 1001, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=1001" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server 999, client 1000, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=1000" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server 998, client 999, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.998.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=999" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server default, client 2049, rejected" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=2049" \ - 1 \ - -c "DHM prime too short:" - -# Tests for PSK callback - -run_test "PSK callback: psk, no callback" \ - "$P_SRV psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 1 \ - -s "SSL - Verification of the message MAC failed" - -run_test "PSK callback: no psk, no callback" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 1 \ - -s "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: callback overrides other settings" \ - "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 1 \ - -S "SSL - The handshake negotiation failed" \ - -s "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: first id matches" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead" \ - 0 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: second id matches" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: no match" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=ghi psk=beef" \ - 1 \ - -S "SSL - The handshake negotiation failed" \ - -s "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: wrong key" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=beef" \ - 1 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -s "SSL - Verification of the message MAC failed" - -# Tests for EC J-PAKE - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "ECJPAKE: client not configured" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "add ciphersuite: 0xc0ff" \ - -C "adding ecjpake_kkpp extension" \ - -S "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -S "server hello, ecjpake kkpp extension" \ - -C "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: server not configured" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -s "found ecjpake kkpp extension" \ - -s "skip ecjpake kkpp extension" \ - -s "ciphersuite mismatch: ecjpake not configured" \ - -S "server hello, ecjpake kkpp extension" \ - -C "found ecjpake_kkpp extension" \ - -s "SSL - The handshake negotiation failed" - -# Note: if the name of this test is changed, then please adjust the corresponding -# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: opaque password client+server, working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ - "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -c "using opaque password" \ - -s "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -# Note: if the name of this test is changed, then please adjust the corresponding -# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: opaque password client only, working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -c "using opaque password" \ - -S "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -# Note: if the name of this test is changed, then please adjust the corresponding -# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: opaque password server only, working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ - "$P_CLI debug_level=3 ecjpake_pw=bla\ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -C "using opaque password" \ - -s "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: password mismatch, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 ecjpake_pw=bad \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -C "re-using cached ecjpake parameters" \ - -s "SSL - Verification of the message MAC failed" - -server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE_OPAQUE_PW: opaque password mismatch, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ - "$P_CLI debug_level=3 ecjpake_pw=bad ecjpake_pw_opaque=1 \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -c "using opaque password" \ - -s "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "SSL - Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, DTLS" \ - "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "re-using cached ecjpake parameters" \ - -S "SSL - Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, DTLS, no cookie" \ - "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ - "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -C "re-using cached ecjpake parameters" \ - -S "SSL - Verification of the message MAC failed" - -server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: password mismatch, DTLS" \ - "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -c "re-using cached ecjpake parameters" \ - -s "SSL - Verification of the message MAC failed" - -# for tests with configs/config-thread.h -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, DTLS, nolog" \ - "$P_SRV dtls=1 ecjpake_pw=bla" \ - "$P_CLI dtls=1 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 - -# Test for ClientHello without extensions - -# Without extensions, ECC is impossible (no curve negotiation). -requires_config_enabled MBEDTLS_RSA_C -requires_gnutls -run_test "ClientHello without extensions: RSA" \ - "$P_SRV force_version=tls12 debug_level=3" \ - "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 0 \ - -s "Ciphersuite is .*-RSA-WITH-.*" \ - -S "Ciphersuite is .*-EC.*" \ - -s "dumping 'client hello extensions' (0 bytes)" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -requires_gnutls -run_test "ClientHello without extensions: PSK" \ - "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ - "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ - 0 \ - -s "Ciphersuite is .*-PSK-.*" \ - -S "Ciphersuite is .*-EC.*" \ - -s "dumping 'client hello extensions' (0 bytes)" - -# Tests for mbedtls_ssl_get_bytes_avail() - -# The server first reads buffer_size-1 bytes, then reads the remainder. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ - "$P_SRV buffer_size=100" \ - "$P_CLI request_size=100" \ - 0 \ - -s "Read from client: 100 bytes read$" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \ - "$P_SRV buffer_size=100" \ - "$P_CLI request_size=101" \ - 0 \ - -s "Read from client: 101 bytes read (100 + 1)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_max_content_len 200 -run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ - "$P_SRV buffer_size=100" \ - "$P_CLI request_size=200" \ - 0 \ - -s "Read from client: 200 bytes read (100 + 100)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ - "$P_SRV buffer_size=100 force_version=tls12" \ - "$P_CLI request_size=$MAX_CONTENT_LEN" \ - 0 \ - -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" - -# Tests for small client packets - -run_test "Small client packet TLS 1.2 BlockCipher" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 AEAD" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small client packet TLS 1.3 AEAD" \ - "$P_SRV" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small client packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -s "Read from client: 1 bytes read" - -# Tests for small client packets in DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small client packet DTLS 1.2" \ - "$P_SRV dtls=1 force_version=dtls12" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small client packet DTLS 1.2, without EtM" \ - "$P_SRV dtls=1 force_version=dtls12 etm=0" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: 1 bytes read" - -# Tests for small server packets - -run_test "Small server packet TLS 1.2 BlockCipher" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 AEAD" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small server packet TLS 1.3 AEAD" \ - "$P_SRV response_size=1" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small server packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV response_size=1" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -c "Read from server: 1 bytes read" - -# Tests for small server packets in DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small server packet DTLS 1.2" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small server packet DTLS 1.2, without EtM" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 1 bytes read" - -# Test for large client packets - -# How many fragments do we expect to write $1 bytes? -fragments_for_write() { - echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" -} - -run_test "Large client packet TLS 1.2 BlockCipher" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 AEAD" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large client packet TLS 1.3 AEAD" \ - "$P_SRV" \ - "$P_CLI request_size=16383 \ - force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ - -s "Read from client: 16383 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large client packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV" \ - "$P_CLI request_size=16383 \ - force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ - -s "Read from client: 16383 bytes read" - -# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. -run_test "Large server packet TLS 1.2 BlockCipher" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "16384 bytes written in 1 fragments" \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -s "16384 bytes written in 1 fragments" \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 AEAD" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ - 0 \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ - 0 \ - -c "Read from server: 16384 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large server packet TLS 1.3 AEAD" \ - "$P_SRV response_size=16383" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -c "Read from server: 16383 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large server packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV response_size=16383" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -c "Read from server: 16383 bytes read" - -# Tests for restartable ECC - -# Force the use of a curve that supports restartable ECC (secp256r1). - -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, default" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1" \ - 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" - -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=0" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=0" \ - 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" - -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=65535" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=65535" \ - 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" - -# The following test cases for restartable ECDH come in two variants: -# * The "(USE_PSA)" variant expects the current behavior, which is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests -# the partial implementation where ECDH in TLS is not actually restartable. -# * The "(no USE_PSA)" variant expects the desired behavior. These test -# cases cannot currently pass because the implementation of restartable ECC -# in TLS is partial: ECDH is not actually restartable. This is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. -# -# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, -# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test -# cases. - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -skip_next_test -run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" - -# This works the same with & without USE_PSA as we never get to ECDH: -# we abort as soon as we determined the cert is bad. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, badsign" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 1 \ - -c "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=none" \ - 0 \ - -C "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=none" \ - 0 \ - -C "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -skip_next_test -run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - dtls=1 debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - dtls=1 debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -skip_next_test -run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ - "$P_SRV groups=secp256r1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" - - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ - "$P_SRV groups=secp256r1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" - -# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no -# restartable behaviour at all (not even client auth). -# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, -# and all 4 assertions negated. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" - -# Tests of asynchronous private key support in SSL - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, delay=0" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, delay=1" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, delay=2" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=2 async_private_delay2=2" \ - "$P_CLI" \ - 0 \ - -s "Async sign callback: using key slot " \ - -U "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): call 1 more times." \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SSL async private: sign, SNI" \ - "$P_SRV force_version=tls12 debug_level=3 \ - async_operations=s async_private_delay1=0 async_private_delay2=0 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=polarssl.example" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, delay=0" \ - "$P_SRV \ - async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, delay=1" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign callback not present" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_version=tls12; [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -S "Async sign callback" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "The own private key or pre-shared key is not set, but needed" \ - -s "Async resume (slot [0-9]): decrypt done, status=0" \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt callback not present" \ - "$P_SRV debug_level=1 \ - async_operations=s async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; - [ \$? -eq 1 ] && $P_CLI force_version=tls12" \ - 0 \ - -S "Async decrypt callback" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "got no RSA private key" \ - -s "Async resume (slot [0-9]): sign done, status=0" \ - -s "Successful connection" - -# key1: ECDSA, key2: RSA; use key1 from slot 0 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: slot 0 used with key1" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 0," \ - -s "Async resume (slot 0): call 0 more times." \ - -s "Async resume (slot 0): sign done, status=0" - -# key1: ECDSA, key2: RSA; use key2 from slot 0 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: slot 0 used with key2" \ - "$P_SRV \ - async_operations=s async_private_delay2=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 0," \ - -s "Async resume (slot 0): call 0 more times." \ - -s "Async resume (slot 0): sign done, status=0" - -# key1: ECDSA, key2: RSA; use key2 from slot 1 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: slot 1 used with key2" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 1," \ - -s "Async resume (slot 1): call 0 more times." \ - -s "Async resume (slot 1): sign done, status=0" - -# key1: ECDSA, key2: RSA; use key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: fall back to transparent key" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt " \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: no key matches this certificate." - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, error in start" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=1" \ - "$P_CLI" \ - 1 \ - -s "Async sign callback: injected error" \ - -S "Async resume" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, cancel after start" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=2" \ - "$P_CLI" \ - 1 \ - -s "Async sign callback: using key slot " \ - -S "Async resume" \ - -s "Async cancel" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, error in resume" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=3" \ - "$P_CLI" \ - 1 \ - -s "Async sign callback: using key slot " \ - -s "Async resume callback: sign done but injected error" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, error in start" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: injected error" \ - -S "Async resume" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, cancel after start" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=2" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: using key slot " \ - -S "Async resume" \ - -s "Async cancel" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, error in resume" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=3" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume callback: decrypt done but injected error" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: cancel after start then operate correctly" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=-2" \ - "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ - 0 \ - -s "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async resume" \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: error in resume then operate correctly" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=-3" \ - "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ - 0 \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async resume" \ - -s "Successful connection" - -# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -# Note: the function "detect_required_features()" is not able to detect more than -# one "force_ciphersuite" per client/server and it only picks the 2nd one. -# Therefore the 1st one is added explicitly here -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "SSL async private: cancel after start then fall back to transparent key" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 async_private_error=-2 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; - [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 0" \ - -S "Async resume" \ - -s "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async sign callback: no key matches this certificate." \ - -s "Successful connection" - -# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -# Note: the function "detect_required_features()" is not able to detect more than -# one "force_ciphersuite" per client/server and it only picks the 2nd one. -# Therefore the 1st one is added explicitly here -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "SSL async private: sign, error in resume then fall back to transparent key" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 async_private_error=-3 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; - [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async resume" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async sign callback: no key matches this certificate." \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: client-initiated, sign" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1" \ - "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: server-initiated, sign" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI exchanges=2 renegotiation=1" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: client-initiated, decrypt" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1" \ - "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: server-initiated, decrypt" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -# Tests for ECC extensions (rfc 4492) - -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -run_test "Force a non ECC ciphersuite in the client side" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -C "client hello, adding supported_groups extension" \ - -C "client hello, adding supported_point_formats extension" \ - -S "found supported elliptic curves extension" \ - -S "found supported point formats extension" - -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -run_test "Force a non ECC ciphersuite in the server side" \ - "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "found supported_point_formats extension" \ - -S "server hello, supported_point_formats extension" - -requires_hash_alg SHA_256 -run_test "Force an ECC ciphersuite in the client side" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "client hello, adding supported_groups extension" \ - -c "client hello, adding supported_point_formats extension" \ - -s "found supported elliptic curves extension" \ - -s "found supported point formats extension" - -requires_hash_alg SHA_256 -run_test "Force an ECC ciphersuite in the server side" \ - "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "found supported_point_formats extension" \ - -s "server hello, supported_point_formats extension" - -# Tests for DTLS HelloVerifyRequest - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: enabled" \ - "$P_SRV dtls=1 debug_level=2" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -s "cookie verification failed" \ - -s "cookie verification passed" \ - -S "cookie verification skipped" \ - -c "received hello verify request" \ - -s "hello verification requested" \ - -S "SSL - The requested feature is not available" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: disabled" \ - "$P_SRV dtls=1 debug_level=2 cookies=0" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -S "cookie verification failed" \ - -S "cookie verification passed" \ - -s "cookie verification skipped" \ - -C "received hello verify request" \ - -S "hello verification requested" \ - -S "SSL - The requested feature is not available" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: default (failing)" \ - "$P_SRV dtls=1 debug_level=2 cookies=-1" \ - "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ - 1 \ - -s "cookie verification failed" \ - -S "cookie verification passed" \ - -S "cookie verification skipped" \ - -C "received hello verify request" \ - -S "hello verification requested" \ - -s "SSL - The requested feature is not available" - -requires_ipv6 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: enabled, IPv6" \ - "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ - "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ - 0 \ - -s "cookie verification failed" \ - -s "cookie verification passed" \ - -S "cookie verification skipped" \ - -c "received hello verify request" \ - -s "hello verification requested" \ - -S "SSL - The requested feature is not available" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: enabled, nbio" \ - "$P_SRV dtls=1 nbio=2 debug_level=2" \ - "$P_CLI dtls=1 nbio=2 debug_level=2" \ - 0 \ - -s "cookie verification failed" \ - -s "cookie verification passed" \ - -S "cookie verification skipped" \ - -c "received hello verify request" \ - -s "hello verification requested" \ - -S "SSL - The requested feature is not available" - -# Tests for client reconnecting from the same port with DTLS - -not_with_valgrind # spurious resend -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reference" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ - 0 \ - -C "resend" \ - -S "The operation timed out" \ - -S "Client initiated reconnection from same port" - -not_with_valgrind # spurious resend -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reconnect" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ - 0 \ - -C "resend" \ - -S "The operation timed out" \ - -s "Client initiated reconnection from same port" - -not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ - 0 \ - -S "The operation timed out" \ - -s "Client initiated reconnection from same port" - -only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ - 0 \ - -S "The operation timed out" \ - -s "Client initiated reconnection from same port" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: no cookies" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ - 0 \ - -s "The operation timed out" \ - -S "Client initiated reconnection from same port" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: attacker-injected" \ - -p "$P_PXY inject_clihlo=1" \ - "$P_SRV dtls=1 exchanges=2 debug_level=1" \ - "$P_CLI dtls=1 exchanges=2" \ - 0 \ - -s "possible client reconnect from the same port" \ - -S "Client initiated reconnection from same port" - -# Tests for various cases of client authentication with DTLS -# (focused on handshake flows and message parsing) - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client auth: required" \ - "$P_SRV dtls=1 auth_mode=required" \ - "$P_CLI dtls=1" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client auth: optional, client has no cert" \ - "$P_SRV dtls=1 auth_mode=optional" \ - "$P_CLI dtls=1 crt_file=none key_file=none" \ - 0 \ - -s "! Certificate was missing" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client auth: none, client has no cert" \ - "$P_SRV dtls=1 auth_mode=none" \ - "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ - 0 \ - -c "skip write certificate$" \ - -s "! Certificate verification was skipped" - -run_test "DTLS wrong PSK: badmac alert" \ - "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ - "$P_CLI dtls=1 psk=73776f726466697374" \ - 1 \ - -s "SSL - Verification of the message MAC failed" \ - -c "SSL - A fatal alert message was received from our peer" - -# Tests for receiving fragmented handshake messages with DTLS - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: no fragmentation (gnutls server)" \ - "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (gnutls server)" \ - "$G_SRV -u --mtu 512" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (gnutls server)" \ - "$G_SRV -u --mtu 128" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ - "$G_SRV -u --mtu 128" \ - "$P_CLI dtls=1 nbio=2 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ - "$G_SRV -u --mtu 256" \ - "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "mbedtls_ssl_handshake returned" \ - -C "error" \ - -s "Extra-header:" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ - "$G_SRV -u --mtu 256" \ - "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "mbedtls_ssl_handshake returned" \ - -C "error" \ - -s "Extra-header:" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: no fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 2048" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 nbio=2 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Tests for sending fragmented handshake messages with DTLS -# -# Use client auth when we need the client to send large messages, -# and use large cert chains on both sides too (the long chains we have all use -# both RSA and ECDSA, but ideally we should have long chains with either). -# Sizes reached (UDP payload): -# - 2037B for server certificate -# - 1542B for client certificate -# - 1013B for newsessionticket -# - all others below 512B -# All those tests assume MAX_CONTENT_LEN is at least 2048 - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: none (for reference)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=4096" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=4096" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: server only (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# With the MFL extension, the server has no way of forcing -# the client to not exceed a certain MTU; hence, the following -# test can't be replicated with an MTU proxy such as the one -# `client-initiated, server only (max_frag_len)` below. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=4096" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=none \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# While not required by the standard defining the MFL extension -# (according to which it only applies to records, not to datagrams), -# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, -# as otherwise there wouldn't be any means to communicate MTU restrictions -# to the peer. -# The next test checks that no datagrams significantly larger than the -# negotiated MFL are sent. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1110" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=none \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# While not required by the standard defining the MFL extension -# (according to which it only applies to records, not to datagrams), -# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, -# as otherwise there wouldn't be any means to communicate MTU restrictions -# to the peer. -# The next test checks that no datagrams significantly larger than the -# negotiated MFL are sent. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1110" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: none (for reference) (MTU)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=4096" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - mtu=4096" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client (MTU)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=3500-60000 \ - mtu=4096" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=3500-60000 \ - mtu=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: server (MTU)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - mtu=2048" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: both (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - mtu=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_max_content_len 2048 -run_test "DTLS fragmenting: both (MTU=512)" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=2500-60000 \ - mtu=512" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Test for automatic MTU reduction on repeated resend. -# Forcing ciphersuite for this test to fit the MTU of 508 with full config. -# The ratio of max/min timeout should ideally equal 4 to accept two -# retransmissions, but in some cases (like both the server and client using -# fragmentation and auto-reduction) an extra retransmission might occur, -# hence the ratio of 8. -not_with_valgrind -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ - -p "$P_PXY mtu=508" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=400-3200" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=400-3200" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 508 with full config. -only_with_valgrind -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ - -p "$P_PXY mtu=508" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-10000" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=250-10000" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend -# OTOH the client might resend if the server is to slow to reset after sending -# a HelloVerifyRequest, so only check for no retransmission server-side -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend -# OTOH the client might resend if the server is to slow to reset after sending -# a HelloVerifyRequest, so only check for no retransmission server-side -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=1024 nbio=2" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=10000-60000 \ - mtu=1024 nbio=2" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=512 nbio=2" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512 nbio=2" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. -# This ensures things still work after session_reset(). -# It also exercises the "resumed handshake" flow. -# Since we don't support reading fragmented ClientHello yet, -# up the MTU to 1450 (larger than ClientHello with session ticket, -# but still smaller than client's Certificate to ensure fragmentation). -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -# reco_delay avoids races where the client reconnects before the server has -# resumed listening, which would result in a spurious autoreduction. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ - -p "$P_PXY mtu=1450" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=1450" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=10000-60000 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - hs_timeout=10000-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - hs_timeout=10000-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -client_needs_more_time 2 -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU + 3d" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ - "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-10000 mtu=512" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=250-10000 mtu=512" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -client_needs_more_time 2 -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-10000 mtu=512 nbio=2" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=250-10000 mtu=512 nbio=2" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# interop tests for DTLS fragmentating with reliable connection -# -# here and below we just want to test that the we fragment in a way that -# pleases other implementations, so we don't need the peer to fragment -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_gnutls -requires_max_content_len 2048 -run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ - "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -# We use --insecure for the GnuTLS client because it expects -# the hostname / IP it connects to to be the name used in the -# certificate obtained from the server. Here, however, it -# connects to 127.0.0.1 while our test certificates use 'localhost' -# as the server name in the certificate. This will make the -# certificate validation fail, but passing --insecure makes -# GnuTLS continue the connection nonetheless. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_gnutls -requires_not_i686 -requires_max_content_len 2048 -run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - mtu=512 force_version=dtls12" \ - "$G_CLI -u --insecure 127.0.0.1" \ - 0 \ - -s "fragmenting handshake message" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ - "$O_SRV -dtls1_2 -verify 10" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -requires_max_content_len 2048 -run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - mtu=512 force_version=dtls12" \ - "$O_CLI -dtls1_2" \ - 0 \ - -s "fragmenting handshake message" - -# interop tests for DTLS fragmentating with unreliable connection -# -# again we just want to test that the we fragment in a way that -# pleases other implementations, so we don't need the peer to fragment -requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$G_NEXT_SRV -u" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - "$G_NEXT_CLI -u --insecure 127.0.0.1" \ - 0 \ - -s "fragmenting handshake message" - -## The test below requires 1.1.1a or higher version of openssl, otherwise -## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$O_NEXT_SRV -dtls1_2 -verify 10" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -## the test below will time out with certain seed. -## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - "$O_CLI -dtls1_2" \ - 0 \ - -s "fragmenting handshake message" - -# Tests for DTLS-SRTP (RFC 5764) -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported" \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -S "selected srtp profile" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension." \ - "$P_SRV dtls=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. mki used" \ - "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "dumping 'using mki' (8 bytes)" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "dumping 'sending mki' (8 bytes)" \ - -c "dumping 'received mki' (8 bytes)" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -s "DTLS-SRTP no mki value negotiated"\ - -S "dumping 'using mki' (8 bytes)" \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP no mki value negotiated"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "dumping 'sending mki' (8 bytes)" \ - -C "dumping 'received mki' (8 bytes)" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -S "selected srtp profile" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP Extension negotiated, profile" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ - "$P_SRV dtls=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP Extension negotiated, profile" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. openssl server" \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ - "$O_SRV -dtls" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP no mki value negotiated"\ - -c "dumping 'sending mki' (8 bytes)" \ - -C "dumping 'received mki' (8 bytes)" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_NULL_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -S "selected srtp profile" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP profile:" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ - "$P_SRV dtls=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP profile:" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. gnutls server" \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ - "$G_SRV -u" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP mki value:"\ - -c "dumping 'sending mki' (8 bytes)" \ - -c "dumping 'received mki' (8 bytes)" \ - -C "error" - -# Tests for specific things with "unreliable" UDP connection - -not_with_valgrind # spurious resend due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: reference" \ - -p "$P_PXY" \ - "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ - 0 \ - -C "replayed record" \ - -S "replayed record" \ - -C "Buffer record from epoch" \ - -S "Buffer record from epoch" \ - -C "ssl_buffer_message" \ - -S "ssl_buffer_message" \ - -C "discarding invalid record" \ - -S "discarding invalid record" \ - -S "resend" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -not_with_valgrind # spurious resend due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: duplicate every packet" \ - -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ - 0 \ - -c "replayed record" \ - -s "replayed record" \ - -c "record from another epoch" \ - -s "record from another epoch" \ - -S "resend" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ - -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -c "replayed record" \ - -S "replayed record" \ - -c "record from another epoch" \ - -s "record from another epoch" \ - -c "resend" \ - -s "resend" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: multiple records in same datagram" \ - -p "$P_PXY pack=50" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -c "next record in same datagram" \ - -s "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ - -p "$P_PXY pack=50 duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -c "next record in same datagram" \ - -s "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ - 0 \ - -c "discarding invalid record (mac)" \ - -s "discarding invalid record (mac)" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" \ - -S "too many records with bad MAC" \ - -S "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ - 1 \ - -C "discarding invalid record (mac)" \ - -S "discarding invalid record (mac)" \ - -S "Extra-header:" \ - -C "HTTP/1.0 200 OK" \ - -s "too many records with bad MAC" \ - -s "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ - 0 \ - -c "discarding invalid record (mac)" \ - -s "discarding invalid record (mac)" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" \ - -S "too many records with bad MAC" \ - -S "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ - 1 \ - -c "discarding invalid record (mac)" \ - -s "discarding invalid record (mac)" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" \ - -s "too many records with bad MAC" \ - -s "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: delay ChangeCipherSpec" \ - -p "$P_PXY delay_ccs=1" \ - "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ - "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ - 0 \ - -c "record from another epoch" \ - -s "record from another epoch" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -# Tests for reordering support with DTLS - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ - -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ - -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "found fragmented DTLS handshake message"\ - -c "Next handshake message 1 not or only partially bufffered" \ - -c "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -# The client buffers the ServerKeyExchange before receiving the fragmented -# Certificate message; at the time of writing, together these are aroudn 1200b -# in size, so that the bound below ensures that the certificate can be reassembled -# while keeping the ServerKeyExchange. -requires_certificate_authentication -requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ - -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ - -C "attempt to make space by freeing buffered messages" \ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -# The size constraints ensure that the delayed certificate message can't -# be reassembled while keeping the ServerKeyExchange message, but it can -# when dropping it first. -requires_certificate_authentication -requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 -requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ - -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "attempt to make space by freeing buffered future messages" \ - -c "Enough space available after freeing buffered HS messages" \ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ - -p "$P_PXY delay_cli=Certificate" \ - "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ - -s "Buffering HS message" \ - -s "Next handshake message has been buffered - load" \ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ - -p "$P_PXY delay_srv=NewSessionTicket" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ - -c "Injecting buffered CCS message" \ - -c "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ - -p "$P_PXY delay_cli=ClientKeyExchange" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -s "Injecting buffered CCS message" \ - -s "Remember CCS message" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer encrypted Finished message" \ - -p "$P_PXY delay_ccs=1" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -s "Buffer record from epoch 1" \ - -s "Found buffered record from current epoch - load" \ - -c "Buffer record from epoch 1" \ - -c "Found buffered record from current epoch - load" - -# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec -# from the server are delayed, so that the encrypted Finished message -# is received and buffered. When the fragmented NewSessionTicket comes -# in afterwards, the encrypted Finished message must be freed in order -# to make space for the NewSessionTicket to be reassembled. -# This works only in very particular circumstances: -# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering -# of the NewSessionTicket, but small enough to also allow buffering of -# the encrypted Finished message. -# - The MTU setting on the server must be so small that the NewSessionTicket -# needs to be fragmented. -# - All messages sent by the server must be small enough to be either sent -# without fragmentation or be reassembled within the bounds of -# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based -# handshake, omitting CRTs. -requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 -requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 -run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ - -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ - "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ - 0 \ - -s "Buffer record from epoch 1" \ - -s "Found buffered record from current epoch - load" \ - -c "Buffer record from epoch 1" \ - -C "Found buffered record from current epoch - load" \ - -c "Enough space available after freeing future epoch record" - -# Tests for "randomly unreliable connection": try a variety of flows and peers - -client_needs_more_time 2 -run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ - psk=73776f726466697368" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, FS, client auth" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS proxy: 3d, FS, ticket" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS proxy: 3d, max handshake, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ - auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "DTLS proxy: 3d, min handshake, resumption" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 debug_level=3" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -s "a session has been resumed" \ - -c "a session has been resumed" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ - 0 \ - -s "a session has been resumed" \ - -c "a session has been resumed" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiate=1 debug_level=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiate=1 debug_level=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ - debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiation=1 exchanges=4 debug_level=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ - debug_level=2 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -## The three tests below require 1.1.1a or higher version of openssl, otherwise -## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) -## Besides, openssl should use dtls1_2 or dtls, otherwise it will cause "SSL alert number 70" error -requires_openssl_next -client_needs_more_time 6 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, openssl server" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ - 0 \ - -c "HTTP/1.0 200 OK" - -requires_openssl_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, openssl server, fragmentation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ - 0 \ - -c "HTTP/1.0 200 OK" - -requires_openssl_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ - 0 \ - -c "HTTP/1.0 200 OK" - -requires_gnutls -client_needs_more_time 6 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, gnutls server" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ - 0 \ - -s "Extra-header:" \ - -c "Extra-header:" - -requires_gnutls_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ - 0 \ - -s "Extra-header:" \ - -c "Extra-header:" - -requires_gnutls_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ - 0 \ - -s "Extra-header:" \ - -c "Extra-header:" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "export keys functionality" \ - "$P_SRV eap_tls=1 debug_level=3" \ - "$P_CLI force_version=tls12 eap_tls=1 debug_level=3" \ - 0 \ - -c "EAP-TLS key material is:"\ - -s "EAP-TLS key material is:"\ - -c "EAP-TLS IV is:" \ - -s "EAP-TLS IV is:" - -# openssl feature tests: check if tls1.3 exists. -requires_openssl_tls1_3 -run_test "TLS 1.3: Test openssl tls1_3 feature" \ - "$O_NEXT_SRV -tls1_3 -msg" \ - "$O_NEXT_CLI -tls1_3 -msg" \ - 0 \ - -c "TLS 1.3" \ - -s "TLS 1.3" - -# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options. -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3: Test gnutls tls1_3 feature" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Version: TLS1.3" \ - -c "Version: TLS1.3" - -# TLS1.3 test cases -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256 -requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255" -requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256" -run_test "TLS 1.3: Default" \ - "$P_SRV allow_sha1=0 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key force_version=tls13" \ - "$P_CLI allow_sha1=0" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "Ciphersuite is TLS1-3-CHACHA20-POLY1305-SHA256" \ - -s "ECDH/FFDH group: " \ - -s "selected signature algorithm ecdsa_secp256r1_sha256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Establish TLS 1.2 then TLS 1.3 session" \ - "$P_SRV" \ - "( $P_CLI force_version=tls12; \ - $P_CLI force_version=tls13 )" \ - 0 \ - -s "Protocol is TLSv1.2" \ - -s "Protocol is TLSv1.3" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Establish TLS 1.3 then TLS 1.2 session" \ - "$P_SRV" \ - "( $P_CLI force_version=tls13; \ - $P_CLI force_version=tls12 )" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "Protocol is TLSv1.2" \ - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: minimal feature sets - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: minimal feature sets - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=3" \ - 0 \ - -s "SERVER HELLO was queued" \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: alpn - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ - "$P_CLI debug_level=3 alpn=h2" \ - 0 \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" \ - -c "Application Layer Protocol is h2" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: alpn - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ - "$P_CLI debug_level=3 alpn=h2" \ - 0 \ - -s "SERVER HELLO was queued" \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" \ - -c "Application Layer Protocol is h2" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: server alpn - openssl" \ - "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ - "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ - 0 \ - -s "found alpn extension" \ - -s "server side, adding alpn extension" \ - -s "Protocol is TLSv1.3" \ - -s "HTTP/1.0 200 OK" \ - -s "Application Layer Protocol is h2" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: server alpn - gnutls" \ - "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ - 0 \ - -s "found alpn extension" \ - -s "server side, adding alpn extension" \ - -s "Protocol is TLSv1.3" \ - -s "HTTP/1.0 200 OK" \ - -s "Application Layer Protocol is h2" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ - "$P_CLI debug_level=4 crt_file=none key_file=none" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -s "TLS 1.3" \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ - -s "Version: TLS1.3" \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" - - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ - key_file=$DATA_FILES_PATH/cli2.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 - -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -# Test using an opaque private key for client authentication -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ - key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 - -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ - "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ - "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ - "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ - "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - openssl" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - openssl with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3 -no_middlebox" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "=> write certificate request" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - gnutls" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - gnutls with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost -d 4 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "=> write certificate request" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "=> write certificate request" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=none key_file=none" \ - 1 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "=> write certificate request" \ - -s "SSL - No client certification received from the client, but required by the authentication mode" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ - "$P_SRV debug_level=4 auth_mode=optional crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=none key_file=none" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "=> write certificate request" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: server: HRR check - mbedtls" \ - "$P_SRV debug_level=4 groups=secp384r1" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "selected_group: secp384r1" \ - -s "=> write hello retry request" \ - -s "<= write hello retry request" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check, no server certificate available" \ - "$P_SRV debug_level=4 crt_file=none key_file=none" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "No certificate available." - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - openssl with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ - sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$O_NEXT_CLI -msg -debug -servername localhost -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3" \ - 0 \ - -s "parse ServerName extension" \ - -s "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - gnutls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ - sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \ - 0 \ - -s "parse ServerName extension" \ - -s "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "parse ServerName extension" \ - -s "HTTP/1.0 200 OK" - -for i in opt-testcases/*.sh -do - TEST_SUITE_NAME=${i##*/} - TEST_SUITE_NAME=${TEST_SUITE_NAME%.*} - . "$i" -done -unset TEST_SUITE_NAME - -# Test 1.3 compatibility mode -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 tickets=0" \ - "$P_CLI debug_level=4" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m both with middlebox compat support" \ - "$P_SRV debug_level=4 tickets=0" \ - "$P_CLI debug_level=4" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ - "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O both with middlebox compat support" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G both with middlebox compat support" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -C "14 03 03 00 01" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "14 03 03 00 01" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -C "SSL 3.3 ChangeCipherSpec packet received" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "SSL 3.3 ChangeCipherSpec packet received" \ - -c "discarding change cipher spec in TLS1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "SSL 3.3 ChangeCipherSpec packet received" - -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ - "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "received HelloRetryRequest message" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ - "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ - "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ - "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "received HelloRetryRequest message" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ - "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ - "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -C "14 03 03 00 01" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "14 03 03 00 01" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -C "SSL 3.3 ChangeCipherSpec packet received" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "SSL 3.3 ChangeCipherSpec packet received" \ - -c "discarding change cipher spec in TLS1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "SSL 3.3 ChangeCipherSpec packet received" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key - -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache - -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key - -d 4 - --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, m->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, O->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ - -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ - -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ - 0 \ - -c "TLSv1.3" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, G->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ - --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ - --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \ - 0 \ - -c "Negotiated version: 3.4" \ - -c "HTTP/1.0 200 [Oo][Kk]" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ - --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ - --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ - 1 \ - -S "ssl_tls13_pick_key_cert:check signature algorithm" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ - -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ - -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ - 1 \ - -S "ssl_tls13_pick_key_cert:check signature algorithm" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ - "$P_CLI allow_sha1=0 debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ - 1 \ - -S "ssl_tls13_pick_key_cert:check signature algorithm" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable certificate, G->m" \ - "$P_SRV debug_level=4 - crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ - --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \ - 1 \ - -s "ssl_tls13_pick_key_cert:no suitable certificate found" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable certificate, O->m" \ - "$P_SRV debug_level=4 - crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ - -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \ - 1 \ - -s "ssl_tls13_pick_key_cert:no suitable certificate found" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable certificate, m->m" \ - "$P_SRV debug_level=4 - crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$P_CLI allow_sha1=0 debug_level=4 \ - sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \ - 1 \ - -s "ssl_tls13_pick_key_cert:no suitable certificate found" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check client no signature algorithm, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key - -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache - -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 1 \ - -c "no suitable signature algorithm" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check client no signature algorithm, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key - -d 4 - --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 1 \ - -c "no suitable signature algorithm" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check client no signature algorithm, m->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 1 \ - -c "no suitable signature algorithm" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key - -msg -tls1_2 - -Verify 10 " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 - min_version=tls12 max_version=tls13 " \ - 0 \ - -c "Protocol is TLSv1.2" \ - -c "HTTP/1.0 200 [Oo][Kk]" - - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key - -d 4 - --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 - min_version=tls12 max_version=tls13 " \ - 0 \ - -c "Protocol is TLSv1.2" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_3072 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe3072(0101)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_3072 -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe3072 ( 101 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_4096 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe4096(0102)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_4096 -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe4096 ( 102 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_6144 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -# Tests using FFDH with a large prime take a long time to run with a memory -# sanitizer. GnuTLS <=3.8.1 has a hard-coded timeout and gives up after -# 30s (since 3.8.1, it can be configured with --timeout). We've observed -# 8192-bit FFDH test cases failing intermittently on heavily loaded CI -# executors (https://github.com/Mbed-TLS/mbedtls/issues/9742), -# when using MSan. As a workaround, skip them. -# Also skip 6144-bit FFDH to have a bit of safety margin. -not_with_msan_or_valgrind -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe6144(0103)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_6144 -not_with_msan_or_valgrind -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe6144 ( 103 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_8192 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -not_with_msan_or_valgrind -client_needs_more_time 4 -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_8192 -not_with_msan_or_valgrind -client_needs_more_time 4 -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ - "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ - "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -C "received HelloRetryRequest message" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -# Legacy_compression_methods testing - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "TLS 1.2 ClientHello indicating support for deflate compression method" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ - 0 \ - -c "Handshake was completed" \ - -s "dumping .client hello, compression. (2 bytes)" - -# Test heap memory usage after handshake -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_MEMORY_DEBUG -requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 16384 -run_tests_memory_after_handshake - -if [ "$LIST_TESTS" -eq 0 ]; then - - # Final report - - echo "------------------------------------------------------------------------" - - if [ $FAILS = 0 ]; then - printf "PASSED" - else - printf "FAILED" - fi - PASSES=$(( $TESTS - $FAILS )) - echo " ($PASSES / $TESTS tests ($SKIPS skipped))" - - if [ $((TESTS - SKIPS)) -lt $MIN_TESTS ]; then - cat < -#include -#include -#include "mbedtls/psa_util.h" -#include - -#include -/* END_HEADER */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ -void ssl_cf_hmac(int hash) -{ - /* - * Test the function mbedtls_ct_hmac() against a reference - * implementation. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#else - mbedtls_md_context_t ctx, ref_ctx; - const mbedtls_md_info_t *md_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - size_t out_len, block_size; - size_t min_in_len, in_len, max_in_len, i; - /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ - unsigned char add_data[13]; - unsigned char ref_out[MBEDTLS_MD_MAX_SIZE]; - unsigned char *data = NULL; - unsigned char *out = NULL; - unsigned char rec_num = 0; - - USE_PSA_INIT(); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); - - out_len = PSA_HASH_LENGTH(alg); - block_size = PSA_HASH_BLOCK_LENGTH(alg); - - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); -#else - mbedtls_md_init(&ctx); - mbedtls_md_init(&ref_ctx); - - md_info = mbedtls_md_info_from_type(hash); - TEST_ASSERT(md_info != NULL); - out_len = mbedtls_md_get_size(md_info); - TEST_ASSERT(out_len != 0); - block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* Use allocated out buffer to catch overwrites */ - TEST_CALLOC(out, out_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Set up dummy key */ - memset(ref_out, 42, sizeof(ref_out)); - TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, - ref_out, out_len, - &key)); -#else - /* Set up contexts with the given hash and a dummy key */ - TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1)); - TEST_EQUAL(0, mbedtls_md_setup(&ref_ctx, md_info, 1)); - memset(ref_out, 42, sizeof(ref_out)); - TEST_EQUAL(0, mbedtls_md_hmac_starts(&ctx, ref_out, out_len)); - TEST_EQUAL(0, mbedtls_md_hmac_starts(&ref_ctx, ref_out, out_len)); - memset(ref_out, 0, sizeof(ref_out)); -#endif - - /* - * Test all possible lengths up to a point. The difference between - * max_in_len and min_in_len is at most 255, and make sure they both vary - * by at least one block size. - */ - for (max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++) { - mbedtls_test_set_step(max_in_len * 10000); - - /* Use allocated in buffer to catch overreads */ - TEST_CALLOC(data, max_in_len); - - min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; - for (in_len = min_in_len; in_len <= max_in_len; in_len++) { - mbedtls_test_set_step(max_in_len * 10000 + in_len); - - /* Set up dummy data and add_data */ - rec_num++; - memset(add_data, rec_num, sizeof(add_data)); - for (i = 0; i < in_len; i++) { - data[i] = (i & 0xff) ^ rec_num; - } - - /* Get the function's result */ - TEST_CF_SECRET(&in_len, sizeof(in_len)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg), - add_data, sizeof(add_data), - data, in_len, - min_in_len, max_in_len, - out)); -#else - TEST_EQUAL(0, mbedtls_ct_hmac(&ctx, add_data, sizeof(add_data), - data, in_len, - min_in_len, max_in_len, - out)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - TEST_CF_PUBLIC(&in_len, sizeof(in_len)); - TEST_CF_PUBLIC(out, out_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation, - key, alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, - sizeof(add_data))); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - data, in_len)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation, - out, out_len)); -#else - /* Compute the reference result */ - TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, add_data, - sizeof(add_data))); - TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, data, in_len)); - TEST_EQUAL(0, mbedtls_md_hmac_finish(&ref_ctx, ref_out)); - TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx)); - - /* Compare */ - TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } - - mbedtls_free(data); - data = NULL; - } - -exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_abort(&operation); - psa_destroy_key(key); -#else - mbedtls_md_free(&ref_ctx); - mbedtls_md_free(&ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_free(data); - mbedtls_free(out); - - USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data deleted file mode 100644 index c8f40a0c5..000000000 --- a/tests/suites/test_suite_debug.data +++ /dev/null @@ -1,67 +0,0 @@ -Debug print msg (threshold 1, level 0) -debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" - -Debug print msg (threshold 1, level 1) -debug_print_msg_threshold:1:1:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" - -Debug print msg (threshold 1, level 2) -debug_print_msg_threshold:1:2:"MyFile":999:"" - -Debug print msg (threshold 0, level 1) -debug_print_msg_threshold:0:1:"MyFile":999:"" - -Debug print msg (threshold 0, level 5) -debug_print_msg_threshold:0:5:"MyFile":999:"" - -Debug print return value #1 -mbedtls_debug_print_ret:"MyFile":999:"Test return value":0:"MyFile(0999)\: Test return value() returned 0 (-0x0000)\n" - -Debug print return value #2 -mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0x1000:"MyFile(0999)\: Test return value() returned -4096 (-0x1000)\n" - -Debug print return value #3 -mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0xFFFF:"MyFile(0999)\: Test return value() returned -65535 (-0xffff)\n" - -Debug print buffer #1 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n" - -Debug print buffer #2 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n" - -Debug print buffer #3 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n" - -Debug print buffer #4 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n" - -Debug print buffer #5 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" - -Debug print mbedtls_mpi: 0 (empty representation) -mbedtls_debug_print_mpi:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" - -Debug print mbedtls_mpi: 0 (non-empty representation) -mbedtls_debug_print_mpi:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" - -Debug print mbedtls_mpi #2: 3 bits -mbedtls_debug_print_mpi:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n" - -Debug print mbedtls_mpi: 49 bits -mbedtls_debug_print_mpi:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n" - -Debug print mbedtls_mpi: 759 bits -mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print mbedtls_mpi: 764 bits #1 -mbedtls_debug_print_mpi:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print mbedtls_mpi: 764 bits #2 -mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" - -Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function deleted file mode 100644 index a71db14ec..000000000 --- a/tests/suites/test_suite_debug.function +++ /dev/null @@ -1,240 +0,0 @@ -/* BEGIN_HEADER */ -#include "debug_internal.h" -#include "string.h" -#include "mbedtls/pk.h" -#include - -struct buffer_data { - char buf[2000]; - char *ptr; -}; - -static void string_debug(void *data, int level, const char *file, int line, const char *str) -{ - struct buffer_data *buffer = (struct buffer_data *) data; - char *p = buffer->ptr; - ((void) level); - - memcpy(p, file, strlen(file)); - p += strlen(file); - - *p++ = '('; - *p++ = '0' + (line / 1000) % 10; - *p++ = '0' + (line / 100) % 10; - *p++ = '0' + (line / 10) % 10; - *p++ = '0' + (line / 1) % 10; - *p++ = ')'; - *p++ = ':'; - *p++ = ' '; - -#if defined(MBEDTLS_THREADING_C) - /* Skip "thread ID" (up to the first space) as it is not predictable */ - while (*str++ != ' ') { - ; - } -#endif - - memcpy(p, str, strlen(str)); - p += strlen(str); - - /* Detect if debug messages output partial lines and mark them */ - if (p[-1] != '\n') { - *p++ = '*'; - } - - buffer->ptr = p; -} -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void debug_print_msg_threshold(int threshold, int level, char *file, - int line, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - mbedtls_debug_set_threshold(threshold); - - mbedtls_debug_print_msg(&ssl, level, file, line, - "Text message, 2 == %d", 2); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void mbedtls_debug_print_ret(char *file, int line, char *text, int value, - char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - mbedtls_debug_print_ret(&ssl, 0, file, line, text, value); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void mbedtls_debug_print_buf(char *file, int line, char *text, - data_t *data, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - mbedtls_debug_print_buf(&ssl, 0, file, line, text, data->x, data->len); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_debug_print_crt(char *crt_file, char *file, int line, - char *prefix, char *result_str) -{ - mbedtls_x509_crt crt; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&crt); - MD_OR_USE_PSA_INIT(); - - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); - mbedtls_debug_print_crt(&ssl, 0, file, line, prefix, &crt); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */ -void mbedtls_debug_print_mpi(char *value, char *file, int line, - char *prefix, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - mbedtls_mpi val; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_mpi_init(&val); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(mbedtls_test_read_mpi(&val, value) == 0); - - mbedtls_debug_print_mpi(&ssl, 0, file, line, prefix, &val); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_mpi_free(&val); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data deleted file mode 100644 index dec5639ee..000000000 --- a/tests/suites/test_suite_error.data +++ /dev/null @@ -1,21 +0,0 @@ -Single low error -depends_on:MBEDTLS_AES_C -error_strerror:-0x0020:"AES - Invalid key length" - -Single high error -depends_on:MBEDTLS_RSA_C -error_strerror:-0x4080:"RSA - Bad input parameters to function" - -Low and high error -depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C -error_strerror:-0x40A0:"RSA - Bad input parameters to function \: AES - Invalid key length" - -Non existing high error -error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)" - -Non existing low error -error_strerror:-0x007F:"UNKNOWN ERROR CODE (007F)" - -Non existing low and high error -error_strerror:-0x88FF:"UNKNOWN ERROR CODE (8880) \: UNKNOWN ERROR CODE (007F)" - diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function deleted file mode 100644 index 4c38ab05f..000000000 --- a/tests/suites/test_suite_error.function +++ /dev/null @@ -1,21 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/error.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ERROR_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void error_strerror(int code, char *result_str) -{ - char buf[500]; - - memset(buf, 0, sizeof(buf)); - - mbedtls_strerror(code, buf, 500); - - TEST_ASSERT(strcmp(buf, result_str) == 0); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_mps.data b/tests/suites/test_suite_mps.data deleted file mode 100644 index 442f32188..000000000 --- a/tests/suites/test_suite_mps.data +++ /dev/null @@ -1,125 +0,0 @@ -MPS Reader: Single step, single round, pausing disabled -mbedtls_mps_reader_no_pausing_single_step_single_round:0 - -MPS Reader: Single step, single round, pausing enabled but unused -mbedtls_mps_reader_no_pausing_single_step_single_round:1 - -MPS Reader: Single step, multiple rounds, pausing disabled -mbedtls_mps_reader_no_pausing_single_step_multiple_rounds:0 - -MPS Reader: Single step, multiple rounds, pausing enabled but unused -mbedtls_mps_reader_no_pausing_single_step_multiple_rounds:1 - -MPS Reader: Multiple steps, single round, pausing disabled -mbedtls_mps_reader_no_pausing_multiple_steps_single_round:0 - -MPS Reader: Multiple steps, single round, pausing enabled but unused -mbedtls_mps_reader_no_pausing_multiple_steps_single_round:1 - -MPS Reader: Multiple steps, multiple rounds, pausing disabled -mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds:0 - -MPS Reader: Multiple steps, multiple rounds, pausing enabled but unused -mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds:1 - -MPS Reader: Pausing needed but disabled -mbedtls_mps_reader_pausing_needed_disabled: - -MPS Reader: Pausing needed + enabled, but buffer too small -mbedtls_mps_reader_pausing_needed_buffer_too_small: - -MPS Reader: Pausing, repeat single call without commit -mbedtls_mps_reader_pausing:0 - -MPS Reader: Pausing, repeat single call with commit -mbedtls_mps_reader_pausing:1 - -MPS Reader: Pausing, repeat multiple calls without commit -mbedtls_mps_reader_pausing:2 - -MPS Reader: Pausing, repeat multiple calls with commit #0 -mbedtls_mps_reader_pausing:3 - -MPS Reader: Pausing, repeat multiple calls with commit #1 -mbedtls_mps_reader_pausing:4 - -MPS Reader: Pausing, repeat multiple calls with commit #2 -mbedtls_mps_reader_pausing:5 - -MPS Reader: Pausing, feed 50 bytes in 10b + 10b + 80b -mbedtls_mps_reader_pausing_multiple_feeds:0 - -MPS Reader: Pausing, feed 50 bytes in 50x1b -mbedtls_mps_reader_pausing_multiple_feeds:1 - -MPS Reader: Pausing, feed 50 bytes in 49x1b + 51b -mbedtls_mps_reader_pausing_multiple_feeds:2 - -MPS Reader: Reclaim with data remaining #0 -mbedtls_mps_reader_reclaim_data_left:0 - -MPS Reader: Reclaim with data remaining #1 -mbedtls_mps_reader_reclaim_data_left:1 - -MPS Reader: Reclaim with data remaining #2 -mbedtls_mps_reader_reclaim_data_left:2 - -MPS Reader: Reclaim with data remaining, continue fetching -mbedtls_mps_reader_reclaim_data_left_retry: - -MPS Reader: Pausing several times, #0 -mbedtls_mps_reader_multiple_pausing:0 - -MPS Reader: Pausing several times, #1 -mbedtls_mps_reader_multiple_pausing:1 - -MPS Reader: Pausing several times, #2 -mbedtls_mps_reader_multiple_pausing:2 - -MPS Reader: Pausing several times, #3 -mbedtls_mps_reader_multiple_pausing:3 - -MPS Reader: Random usage, 20 rds, feed 100, get 200, acc 50 -mbedtls_mps_reader_random_usage:20:100:200:50 - -MPS Reader: Random usage, 1000 rds, feed 10, get 100, acc 80 -mbedtls_mps_reader_random_usage:1000:10:100:80 - -MPS Reader: Random usage, 10000 rds, feed 1, get 100, acc 80 -mbedtls_mps_reader_random_usage:10000:1:100:80 - -MPS Reader: Random usage, 100 rds, feed 100, get 1000, acc 500 -mbedtls_mps_reader_random_usage:100:100:1000:500 - -MPS Reader: Pausing, inconsistent continuation, #0 -mbedtls_reader_inconsistent_usage:0 - -MPS Reader: Pausing, inconsistent continuation, #1 -mbedtls_reader_inconsistent_usage:1 - -MPS Reader: Pausing, inconsistent continuation, #2 -mbedtls_reader_inconsistent_usage:2 - -MPS Reader: Pausing, inconsistent continuation, #3 -mbedtls_reader_inconsistent_usage:3 - -MPS Reader: Pausing, inconsistent continuation, #4 -mbedtls_reader_inconsistent_usage:4 - -MPS Reader: Pausing, inconsistent continuation, #5 -mbedtls_reader_inconsistent_usage:5 - -MPS Reader: Pausing, inconsistent continuation, #6 -mbedtls_reader_inconsistent_usage:6 - -MPS Reader: Pausing, inconsistent continuation, #7 -mbedtls_reader_inconsistent_usage:7 - -MPS Reader: Pausing, inconsistent continuation, #8 -mbedtls_reader_inconsistent_usage:8 - -MPS Reader: Feed with invalid buffer (NULL) -mbedtls_mps_reader_feed_empty: - -MPS Reader: Excess request leading to integer overflow -mbedtls_mps_reader_reclaim_overflow: diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function deleted file mode 100644 index 675113658..000000000 --- a/tests/suites/test_suite_mps.function +++ /dev/null @@ -1,1164 +0,0 @@ -/* BEGIN_HEADER */ - -#include - -#include "mps_reader.h" - -/* - * Compile-time configuration for test suite. - */ - -/* Comment/Uncomment this to disable/enable the - * testing of the various MPS layers. - * This can be useful for time-consuming instrumentation - * tasks such as the conversion of E-ACSL annotations - * into runtime assertions. */ -#define TEST_SUITE_MPS_READER - -/* End of compile-time configuration. */ - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_SSL_PROTO_TLS1_3 - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_single_step_single_round(int with_acc) -{ - /* This test exercises the most basic use of the MPS reader: - * - The 'producing' layer provides a buffer - * - The 'consuming' layer fetches it in a single go. - * - After processing, the consuming layer commits the data - * and the reader is moved back to producing mode. - * - * Parameters: - * - with_acc: 0 if the reader should be initialized without accumulator. - * 1 if the reader should be initialized with accumulator. - * - * Whether the accumulator is present or not should not matter, - * since the consumer's request can be fulfilled from the data - * that the producer has provided. - */ - unsigned char bufA[100]; - unsigned char acc[10]; - unsigned char *tmp; - int paused; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - /* Consume exactly what's available */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufA, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0); - TEST_ASSERT(paused == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_single_step_multiple_rounds(int with_acc) -{ - /* This test exercises multiple rounds of the basic use of the MPS reader: - * - The 'producing' layer provides a buffer - * - The 'consuming' layer fetches it in a single go. - * - After processing, the consuming layer commits the data - * and the reader is moved back to producing mode. - * - * Parameters: - * - with_acc: 0 if the reader should be initialized without accumulator. - * 1 if the reader should be initialized with accumulator. - * - * Whether the accumulator is present or not should not matter, - * since the consumer's request can be fulfilled from the data - * that the producer has provided. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - /* Consume exactly what's available */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufA, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufB, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_multiple_steps_single_round(int with_acc) -{ - /* This test exercises one round of the following: - * - The 'producing' layer provides a buffer - * - The 'consuming' layer fetches it in multiple calls - * to `mbedtls_mps_reader_get()`, without committing in between. - * - After processing, the consuming layer commits the data - * and the reader is moved back to producing mode. - * - * Parameters: - * - with_acc: 0 if the reader should be initialized without accumulator. - * 1 if the reader should be initialized with accumulator. - * - * Whether the accumulator is present or not should not matter, - * since the consumer's requests can be fulfilled from the data - * that the producer has provided. - */ - - /* Lower layer provides data that the upper layer fully consumes - * through multiple `get` calls. */ - unsigned char buf[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_size_t tmp_len; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, buf, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 70, buf + 10, 70); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 80, 20); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds(int with_acc) -{ - /* This test exercises one round of fetching a buffer in multiple chunks - * and passing it back to the producer afterwards, followed by another - * single-step sequence of feed-fetch-commit-reclaim. - */ - unsigned char bufA[100], bufB[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_size_t tmp_len; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 70, bufA + 10, 70); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 20); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufB, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing_needed_disabled() -{ - /* This test exercises the behaviour of the MPS reader when a read request - * of the consumer exceeds what has been provided by the producer, and when - * no accumulator is available in the reader. - * - * In this case, we expect the reader to fail. - */ - - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing_needed_buffer_too_small() -{ - /* This test exercises the behaviour of the MPS reader with accumulator - * in the situation where a read request goes beyond the bounds of the - * current read buffer, _and_ the reader's accumulator is too small to - * hold the requested amount of data. - * - * In this case, we expect mbedtls_mps_reader_reclaim() to fail, - * but it should be possible to continue fetching data as if - * there had been no excess request via mbedtls_mps_reader_get() - * and the call to mbedtls_mps_reader_reclaim() had been rejected - * because of data remaining. - */ - - unsigned char buf[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_reader rd; - mbedtls_mps_size_t tmp_len; - - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, buf + 50, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_reclaim_overflow() -{ - /* This test exercises the behaviour of the MPS reader with accumulator - * in the situation where upon calling mbedtls_mps_reader_reclaim(), the - * uncommitted data together with the excess data missing in the last - * call to mbedtls_mps_reader_get() exceeds the bounds of the type - * holding the buffer length. - */ - - unsigned char buf[100]; - unsigned char acc[50]; - unsigned char *tmp; - mbedtls_mps_reader rd; - - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - /* Excess request */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing(int option) -{ - /* This test exercises the behaviour of the reader when the - * accumulator is used to fulfill a consumer's request. - * - * More detailed: - * - The producer feeds some data. - * - The consumer asks for more data than what's available. - * - The reader remembers the request and goes back to - * producing mode, waiting for more data from the producer. - * - The producer provides another chunk of data which is - * sufficient to fulfill the original read request. - * - The consumer retries the original read request, which - * should now succeed. - * - * This test comes in multiple variants controlled by the - * `option` parameter and documented below. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char *tmp; - unsigned char acc[40]; - int paused; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - - /* Consumption (upper layer) */ - /* Ask for more than what's available. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - switch (option) { - case 0: /* Single uncommitted fetch at pausing */ - case 1: - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - default: /* Multiple uncommitted fetches at pausing */ - break; - } - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0); - TEST_ASSERT(paused == 1); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - - /* Consumption */ - switch (option) { - case 0: /* Single fetch at pausing, re-fetch with commit. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - - case 1: /* Single fetch at pausing, re-fetch without commit. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - break; - - case 2: /* Multiple fetches at pausing, repeat without commit. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - break; - - case 3: /* Multiple fetches at pausing, repeat with commit 1. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - break; - - case 4: /* Multiple fetches at pausing, repeat with commit 2. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - - case 5: /* Multiple fetches at pausing, repeat with commit 3. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - - default: - TEST_ASSERT(0); - } - - /* In all cases, fetch the rest of the second buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing_multiple_feeds(int option) -{ - /* This test exercises the behaviour of the MPS reader - * in the following situation: - * - The consumer has asked for more than what's available, so the - * reader pauses and waits for further input data via - * `mbedtls_mps_reader_feed()` - * - Multiple such calls to `mbedtls_mps_reader_feed()` are necessary - * to fulfill the original request, and the reader needs to do - * the necessary bookkeeping under the hood. - * - * This test comes in a few variants differing in the number and - * size of feed calls that the producer issues while the reader is - * accumulating the necessary data - see the comments below. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char *tmp; - unsigned char acc[70]; - mbedtls_mps_reader rd; - mbedtls_mps_size_t fetch_len; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - - /* Consumption (upper layer) */ - /* Ask for more than what's available. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* 20 left, ask for 70 -> 50 overhead */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - switch (option) { - case 0: /* 10 + 10 + 80 byte feed */ - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, 10) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 10, 10) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 20, 80) == 0); - break; - - case 1: /* 50 x 1byte */ - for (size_t num_feed = 0; num_feed < 49; num_feed++) { - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + num_feed, 1) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 49, 1) == 0); - break; - - case 2: /* 49 x 1byte + 51bytes */ - for (size_t num_feed = 0; num_feed < 49; num_feed++) { - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + num_feed, 1) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 49, 51) == 0); - break; - - default: - TEST_ASSERT(0); - break; - } - - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 50, bufB, 50); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 1000, &tmp, &fetch_len) == 0); - switch (option) { - case 0: - TEST_ASSERT(fetch_len == 50); - break; - - case 1: - TEST_ASSERT(fetch_len == 0); - break; - - case 2: - TEST_ASSERT(fetch_len == 50); - break; - - default: - TEST_ASSERT(0); - break; - } - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_reclaim_data_left(int option) -{ - /* This test exercises the behaviour of the MPS reader when a - * call to mbedtls_mps_reader_reclaim() is made before all data - * provided by the producer has been fetched and committed. */ - - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - - /* Consumption (upper layer) */ - switch (option) { - case 0: - /* Fetch (but not commit) the entire buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf), &tmp, NULL) - == 0); - TEST_MEMORY_COMPARE(tmp, 100, buf, 100); - break; - - case 1: - /* Fetch (but not commit) parts of the buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, - &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); - break; - - case 2: - /* Fetch and commit parts of the buffer, then - * fetch but not commit the rest of the buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, - &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, - &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, - buf + sizeof(buf) / 2, - sizeof(buf) / 2); - break; - - default: - TEST_ASSERT(0); - break; - } - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_DATA_LEFT); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_reclaim_data_left_retry() -{ - /* This test exercises the behaviour of the MPS reader when an attempt - * by the producer to reclaim the reader fails because of more data pending - * to be processed, and the consumer subsequently fetches more data. */ - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_DATA_LEFT); - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_multiple_pausing(int option) -{ - /* This test exercises the behaviour of the MPS reader - * in the following situation: - * - A read request via `mbedtls_mps_reader_get()` can't - * be served and the reader is paused to accumulate - * the desired amount of data from the producer. - * - Once enough data is available, the consumer successfully - * reads the data from the reader, but afterwards exceeds - * the available data again - pausing is necessary for a - * second time. - */ - - unsigned char bufA[100], bufB[20], bufC[10]; - unsigned char *tmp; - unsigned char acc[50]; - mbedtls_mps_size_t tmp_len; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - for (size_t i = 0; (unsigned) i < sizeof(bufC); i++) { - bufC[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - - /* Consumption (upper layer) */ - /* Ask for more than what's available. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - - switch (option) { - case 0: /* Fetch same chunks, commit afterwards, and - * then exceed bounds of new buffer; accumulator - * large enough. */ - - /* Consume */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufC, sizeof(bufC)) == 0);; - - /* Consume */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufB + 10, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufC, 10); - break; - - case 1: /* Fetch same chunks, commit afterwards, and - * then exceed bounds of new buffer; accumulator - * not large enough. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 51, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - break; - - case 2: /* Fetch same chunks, don't commit afterwards, and - * then exceed bounds of new buffer; accumulator - * large enough. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufC, sizeof(bufC)) == 0);; - - /* Consume */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 20, bufB, 20); - TEST_MEMORY_COMPARE(tmp + 40, 10, bufC, 10); - break; - - case 3: /* Fetch same chunks, don't commit afterwards, and - * then exceed bounds of new buffer; accumulator - * not large enough. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 21, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - break; - - default: - TEST_ASSERT(0); - break; - } - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER:MBEDTLS_MPS_STATE_VALIDATION */ -void mbedtls_mps_reader_random_usage(int num_out_chunks, - int max_chunk_size, - int max_request, - int acc_size) - -{ - /* Randomly pass a reader object back and forth between lower and - * upper layer and let each of them call the respective reader API - * functions in a random fashion. - * - * On the lower layer, we're tracking and concatenating - * the data passed to successful feed calls. - * - * For the upper layer, we track and concatenate buffers - * obtained from successful get calls. - * - * As long as the lower layer calls reclaim at least once, (resetting the - * fetched but not-yet-committed data), this should always lead to the same - * stream of outgoing/incoming data for the lower/upper layers, even if - * most of the random calls fail. - * - * NOTE: This test uses rand() for random data, which is not optimal. - * Instead, it would be better to get the random data from a - * static buffer. This both eases reproducibility and allows - * simple conversion to a fuzz target. - */ - int ret; - unsigned char *acc = NULL; - unsigned char *outgoing = NULL, *incoming = NULL; - unsigned char *cur_chunk = NULL; - size_t cur_out_chunk, out_pos, in_commit, in_fetch; - int rand_op; /* Lower layer: - * - Reclaim (0) - * - Feed (1) - * Upper layer: - * - Get, do tolerate smaller output (0) - * - Get, don't tolerate smaller output (1) - * - Commit (2) */ - int mode = 0; /* Lower layer (0) or Upper layer (1) */ - int reclaimed = 1; /* Have to call reclaim at least once before - * returning the reader to the upper layer. */ - mbedtls_mps_reader rd; - - if (acc_size > 0) { - TEST_CALLOC(acc, acc_size); - } - - /* This probably needs to be changed because we want - * our tests to be deterministic. */ - // srand( time( NULL ) ); - - TEST_CALLOC(outgoing, num_out_chunks * max_chunk_size); - TEST_CALLOC(incoming, num_out_chunks * max_chunk_size); - - mbedtls_mps_reader_init(&rd, acc, acc_size); - - cur_out_chunk = 0; - in_commit = 0; - in_fetch = 0; - out_pos = 0; - while (cur_out_chunk < (unsigned) num_out_chunks) { - if (mode == 0) { - /* Choose randomly between reclaim and feed */ - rand_op = rand() % 2; - - if (rand_op == 0) { - /* Reclaim */ - ret = mbedtls_mps_reader_reclaim(&rd, NULL); - - if (ret == 0) { - TEST_ASSERT(cur_chunk != NULL); - mbedtls_free(cur_chunk); - cur_chunk = NULL; - } - reclaimed = 1; - } else { - /* Feed reader with a random chunk */ - unsigned char *tmp = NULL; - size_t tmp_size; - if (cur_out_chunk == (unsigned) num_out_chunks) { - continue; - } - - tmp_size = (rand() % max_chunk_size) + 1; - TEST_CALLOC(tmp, tmp_size); - - TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, tmp, tmp_size) == 0); - ret = mbedtls_mps_reader_feed(&rd, tmp, tmp_size); - - if (ret == 0 || ret == MBEDTLS_ERR_MPS_READER_NEED_MORE) { - cur_out_chunk++; - memcpy(outgoing + out_pos, tmp, tmp_size); - out_pos += tmp_size; - } - - if (ret == 0) { - TEST_ASSERT(cur_chunk == NULL); - cur_chunk = tmp; - } else { - mbedtls_free(tmp); - } - - } - - /* Randomly switch to consumption mode if reclaim - * was called at least once. */ - if (reclaimed == 1 && rand() % 3 == 0) { - in_fetch = 0; - mode = 1; - } - } else { - /* Choose randomly between get tolerating fewer data, - * get not tolerating fewer data, and commit. */ - rand_op = rand() % 3; - if (rand_op == 0 || rand_op == 1) { - mbedtls_mps_size_t get_size, real_size; - unsigned char *chunk_get; - get_size = (rand() % max_request) + 1; - if (rand_op == 0) { - ret = mbedtls_mps_reader_get(&rd, get_size, &chunk_get, - &real_size); - } else { - real_size = get_size; - ret = mbedtls_mps_reader_get(&rd, get_size, &chunk_get, NULL); - } - - /* Check if output is in accordance with what was written */ - if (ret == 0) { - memcpy(incoming + in_commit + in_fetch, - chunk_get, real_size); - TEST_ASSERT(memcmp(incoming + in_commit + in_fetch, - outgoing + in_commit + in_fetch, - real_size) == 0); - in_fetch += real_size; - } - } else if (rand_op == 2) { /* Commit */ - ret = mbedtls_mps_reader_commit(&rd); - if (ret == 0) { - in_commit += in_fetch; - in_fetch = 0; - } - } - - /* Randomly switch back to preparation */ - if (rand() % 3 == 0) { - reclaimed = 0; - mode = 0; - } - } - } - -exit: - /* Cleanup */ - mbedtls_mps_reader_free(&rd); - mbedtls_free(incoming); - mbedtls_free(outgoing); - mbedtls_free(acc); - mbedtls_free(cur_chunk); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_reader_inconsistent_usage(int option) -{ - /* This test exercises the behaviour of the MPS reader - * in the following situation: - * - The consumer asks for more data than what's available - * - The reader is paused and receives more data from the - * producer until the original read request can be fulfilled. - * - The consumer does not repeat the original request but - * requests data in a different way. - * - * The reader does not guarantee that inconsistent read requests - * after pausing will succeed, and this test triggers some cases - * where the request fails. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char *tmp; - unsigned char acc[40]; - mbedtls_mps_reader rd; - int success = 0; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - /* Consumption */ - switch (option) { - case 0: - /* Ask for buffered data in a single chunk, no commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10); - success = 1; - break; - - case 1: - /* Ask for buffered data in a single chunk, with commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - success = 1; - break; - - case 2: - /* Ask for more than was requested when pausing, #1 */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 31, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - break; - - case 3: - /* Ask for more than was requested when pausing #2 */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - break; - - case 4: - /* Asking for buffered data in different - * chunks than before CAN fail. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - break; - - case 5: - /* Asking for buffered data different chunks - * than before NEED NOT fail - no commits */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - success = 1; - break; - - case 6: - /* Asking for buffered data different chunks - * than before NEED NOT fail - intermediate commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - success = 1; - break; - - case 7: - /* Asking for buffered data different chunks - * than before NEED NOT fail - end commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - success = 1; - break; - - case 8: - /* Asking for buffered data different chunks - * than before NEED NOT fail - intermediate & end commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - success = 1; - break; - - default: - TEST_ASSERT(0); - break; - } - - if (success == 1) { - /* In all succeeding cases, fetch the rest of the second buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - } - -exit: - /* Wrapup */ - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_feed_empty() -{ - /* This test exercises the behaviour of the reader when it is - * fed with a NULL buffer. */ - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, NULL, sizeof(buf)) == - MBEDTLS_ERR_MPS_READER_INVALID_ARG); - - /* Subsequent feed-calls should still succeed. */ - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, buf, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_net.data b/tests/suites/test_suite_net.data deleted file mode 100644 index 4f516c8b6..000000000 --- a/tests/suites/test_suite_net.data +++ /dev/null @@ -1,8 +0,0 @@ -Context init-free-free -context_init_free:0 - -Context init-free-init-free -context_init_free:1 - -net_poll beyond FD_SETSIZE -poll_beyond_fd_setsize: diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function deleted file mode 100644 index fa09f5a64..000000000 --- a/tests/suites/test_suite_net.function +++ /dev/null @@ -1,137 +0,0 @@ -/* BEGIN_HEADER */ - -#include "mbedtls/net_sockets.h" - -#if defined(unix) || defined(__unix__) || defined(__unix) || \ - defined(__APPLE__) || defined(__QNXNTO__) || \ - defined(__HAIKU__) || defined(__midipix__) -#define MBEDTLS_PLATFORM_IS_UNIXLIKE -#endif - -#if defined(MBEDTLS_PLATFORM_IS_UNIXLIKE) -#include -#include -#include -#include -#include -#include -#endif - - -#if defined(MBEDTLS_PLATFORM_IS_UNIXLIKE) -/** Open a file on the given file descriptor. - * - * This is disruptive if there is already something open on that descriptor. - * Caller beware. - * - * \param ctx An initialized, but unopened socket context. - * On success, it refers to the opened file (\p wanted_fd). - * \param wanted_fd The desired file descriptor. - * - * \return \c 0 on success, a negative error code on error. - */ -static int open_file_on_fd(mbedtls_net_context *ctx, int wanted_fd) -{ - int got_fd = open("/dev/null", O_RDONLY); - TEST_ASSERT(got_fd >= 0); - if (got_fd != wanted_fd) { - TEST_ASSERT(dup2(got_fd, wanted_fd) >= 0); - TEST_ASSERT(close(got_fd) >= 0); - } - ctx->fd = wanted_fd; - return 0; -exit: - return -1; -} -#endif /* MBEDTLS_PLATFORM_IS_UNIXLIKE */ - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_NET_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void context_init_free(int reinit) -{ - mbedtls_net_context ctx; - - mbedtls_net_init(&ctx); - mbedtls_net_free(&ctx); - - if (reinit) { - mbedtls_net_init(&ctx); - } - mbedtls_net_free(&ctx); - - /* This test case always succeeds, functionally speaking. A plausible - * bug might trigger an invalid pointer dereference or a memory leak. */ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PLATFORM_IS_UNIXLIKE */ -void poll_beyond_fd_setsize() -{ - /* Test that mbedtls_net_poll does not misbehave when given a file - * descriptor greater or equal to FD_SETSIZE. This code is specific to - * platforms with a Unix-like select() function, which is where - * FD_SETSIZE is a concern. */ - - struct rlimit rlim_nofile; - int restore_rlim_nofile = 0; - int ret; - mbedtls_net_context ctx; - uint8_t buf[1]; - - mbedtls_net_init(&ctx); - - /* On many systems, by default, the maximum permitted file descriptor - * number is less than FD_SETSIZE. If so, raise the limit if - * possible. - * - * If the limit can't be raised, a file descriptor opened by the - * net_sockets module will be less than FD_SETSIZE, so the test - * is not necessary and we mark it as skipped. - * A file descriptor could still be higher than FD_SETSIZE if it was - * opened before the limit was lowered (which is something an application - * might do); but we don't do such things in our test code, so the unit - * test will run if it can. - */ - TEST_ASSERT(getrlimit(RLIMIT_NOFILE, &rlim_nofile) == 0); - if (rlim_nofile.rlim_cur < FD_SETSIZE + 1) { - rlim_t old_rlim_cur = rlim_nofile.rlim_cur; - rlim_nofile.rlim_cur = FD_SETSIZE + 1; - TEST_ASSUME(setrlimit(RLIMIT_NOFILE, &rlim_nofile) == 0); - rlim_nofile.rlim_cur = old_rlim_cur; - restore_rlim_nofile = 1; - } - - TEST_ASSERT(open_file_on_fd(&ctx, FD_SETSIZE) == 0); - - /* In principle, mbedtls_net_poll() with valid arguments should succeed. - * However, we know that on Unix-like platforms (and others), this function - * is implemented on top of select() and fd_set, which do not support - * file descriptors greater or equal to FD_SETSIZE. So we expect to hit - * this platform limitation. - * - * If mbedtls_net_poll() does not proprely check that ctx.fd is in range, - * it may still happen to return the expected failure code, but if this - * is problematic on the particular platform where the code is running, - * a memory sanitizer such as UBSan should catch it. - */ - ret = mbedtls_net_poll(&ctx, MBEDTLS_NET_POLL_READ, 0); - TEST_EQUAL(ret, MBEDTLS_ERR_NET_POLL_FAILED); - - /* mbedtls_net_recv_timeout() uses select() and fd_set in the same way. */ - ret = mbedtls_net_recv_timeout(&ctx, buf, sizeof(buf), 0); - TEST_EQUAL(ret, MBEDTLS_ERR_NET_POLL_FAILED); - -exit: - mbedtls_net_free(&ctx); - if (restore_rlim_nofile) { - setrlimit(RLIMIT_NOFILE, &rlim_nofile); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data deleted file mode 100644 index a9b23af36..000000000 --- a/tests/suites/test_suite_pkcs7.data +++ /dev/null @@ -1,3257 +0,0 @@ -PKCS7 Signed Data Parse Pass SHA256 #1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse Pass SHA1 #2 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse Pass Without CERT #3 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse with zero signers -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_no_signers.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse Fail with multiple certs #4 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE - -PKCS7 Signed Data Parse Fail with corrupted cert #5.0 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT - -PKCS7 Signed Data Parse Fail with disabled alg #5.1 -depends_on:MBEDTLS_RSA_C:!PSA_WANT_ALG_SHA_512 -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":MBEDTLS_ERR_PKCS7_INVALID_ALG - -PKCS7 Parse Fail with Inlined Content Info #5.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_with_signature.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE - -PKCS7 Signed Data Parse Fail with no RSA #5.3 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_ERR_PKCS7_INVALID_CERT - -PKCS7 Signed Data Parse Fail with corrupted signer info #6 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail with corrupted signer info[1] unexpected tag #6.3 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail with corrupted signer info[1] fuzz bad #6.5 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail with corrupted signer info[2] fuzz bad #6.6 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail Version other than 1 #7 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION - -PKCS7 Signed Data Parse Fail Encrypted Content #8 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE - -PKCS7 Signed Data Verification Pass zero-len data -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_zerolendata_detached.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_zerolendata.bin":0:0 - -PKCS7 Signed Data Verification Fail zero-len data -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_zerolendata_detached.der":"../framework/data_files/pkcs7-rsa-sha256-2.der":"../framework/data_files/pkcs7_zerolendata.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Verification Pass SHA256 #9 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verification Pass SHA256 #9.1 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 - -PKCS7 Signed Data Verification Pass SHA1 #10 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verification Pass SHA512 #11 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verification Fail because of different certificate #12 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-2.der":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Verification Fail because of different data hash #13 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520) -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_2_invalid_tag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail Corrupt signerInfos[1].issuerAndSerialNumber.serialNumber, after multi-element .name (4541044530479104) -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Only Signed Data Parse Pass #15 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Verify with multiple(2) signers #16.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verify with multiple(3) signers #16.1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_MEMORY_BUFFER_ALLOC_C -pkcs7_verify:"../framework/data_files/pkcs7_data_3_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt ../framework/data_files/pkcs7-rsa-sha256-3.crt":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Hash Verify with multiple signers #17 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 - -PKCS7 Signed Data Hash Verify Fail with multiple signers #18 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_512 -pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL - -PKCS7 Signed Data Verify Pass Expired Cert #19 no TIME_DATE -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE -pkcs7_verify:"../framework/data_files/pkcs7_data_rsa_expired.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verify Fail Expired Cert #19 have DATE_TIME -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID - -PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME 1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_rsa_expired.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"003082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Add null byte to end #21.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #22.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"0282050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1280 to 1281 #23.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050106092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #24.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050106092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #25.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050002092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #26.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"30820500060a2a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #27.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006082a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #28.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702028204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1265 to 1266 #29.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f2308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #30.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f2308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1265 to 1264 #31.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f0308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #32.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1028204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1261 to 1262 #33.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ee020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #34.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ee020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1261 to 1260 #35.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ec020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #36.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed040101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #37.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020201310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #38.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020001310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #39.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101020f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 16 #40.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed0201013110300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #41.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed0201013110300d0609608648016503040201050000300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 14 #42.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310e300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #43.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f020d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #44.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300e06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #45.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300e0609608648016503040201050000300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #46.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300c06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #47.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d02096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #48.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d060a6086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #49.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06086086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #50.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010200300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #51.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010501300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #52.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500020b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #53.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300c06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #54.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300c06092a864886f70d01070100a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #55.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300a06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #56.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b02092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #57.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b060a2a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #58.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06082a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #59.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d0107010282034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 845 to 846 #60.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034e3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #61.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034e3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d97273003182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 845 to 844 #62.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034c3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #63.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d0282034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 841 to 842 #64.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034a30820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #65.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034a30820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d97273003182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 841 to 840 #66.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034830820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #67.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034902820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 561 to 562 #68.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820232a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #69.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820232a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff00300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 561 to 560 #70.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820230a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #71.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231020302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #72.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00402010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #73.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a0040201020002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #74.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00202010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #75.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00304010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #76.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302020202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #77.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302000202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #78.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010204147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #79.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #80.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #81.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #82.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #83.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06092a864886f70d01010b0500003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #84.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #85.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #86.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a2a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #87.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06082a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #88.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b02003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #89.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05013034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #90.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05000234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #91.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #92.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203100301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #93.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #94.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #95.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #96.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #97.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #98.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #99.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #100.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #101.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #102.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #103.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #104.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #105.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #106.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #107.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #108.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #109.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #110.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #111.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #112.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #113.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #114.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #115.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #116.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #117.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #118.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #119.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #120.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #121.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #122.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #123.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #124.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203100301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #125.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #126.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #127.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #128.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203100301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #129.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #130.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #131.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #132.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #133.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #134.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #135.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #136.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031021e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 30 to 31 #137.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301f170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #138.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301f170d3232313032383136313035365a170d3233313032383136313035365a003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 30 to 29 #139.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301d170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 17 to 02 #140.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e020d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #141.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170e3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #142.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170c3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 17 to 02 #143.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a020d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #144.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170e3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #145.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170c3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #146.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #147.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #148.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310030820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #149.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #150.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #151.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #152.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #153.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #154.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #155.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #156.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #157.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #158.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #159.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #160.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #161.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #162.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #163.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #164.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #165.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #166.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #167.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #168.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #169.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #170.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #171.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #172.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #173.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #174.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #175.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #176.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #177.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #178.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #179.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #180.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310030820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #181.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #182.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #183.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #184.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310030820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #185.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #186.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #187.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #188.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #189.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #190.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #191.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #192.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 290 to 291 #193.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820123300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #194.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820123300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf08353020301000100a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 290 to 289 #195.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820121300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #196.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122020d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #197.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300e06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #198.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300e06092a864886f70d0101010500000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #199.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300c06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #200.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d02092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #201.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d060a2a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #202.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06082a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #203.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010102000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #204.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105010382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 03 to 02 #205.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000282010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 271 to 272 #206.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d010101050003820110003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 271 to 270 #207.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010e003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a3 to 02 #208.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf08353020301000102533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 83 to 84 #209.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3543051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 83 to 82 #210.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3523051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #211.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff020d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #212.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300e06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #213.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300e06092a864886f70d01010b0500000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #214.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300c06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #215.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d02092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #216.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d060a2a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #217.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06082a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #218.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b02000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #219.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05010382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 03 to 02 #220.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000282010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 257 to 258 #221.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010200821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 257 to 256 #222.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010000821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #223.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972730282017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 375 to 376 #224.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017830820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #225.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017830820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 375 to 374 #226.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017630820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #227.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017702820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #228.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #229.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #230.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #231.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #232.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #233.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #234.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #235.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #236.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf00300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #237.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #238.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #239.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #240.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #241.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #242.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #243.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #244.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #245.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #246.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #247.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #248.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #249.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #250.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #251.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #252.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #253.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #254.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #255.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #256.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #257.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #258.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #259.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #260.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #261.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #262.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #263.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #264.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #265.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #266.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #267.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #268.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #269.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #270.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #271.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #272.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #273.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #274.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #275.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #276.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #277.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #278.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #279.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #280.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #281.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #282.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #283.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #284.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203104147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #285.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #286.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #287.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #288.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #289.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e0609608648016503040201050000300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #290.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #291.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #292.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a6086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #293.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06086086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #294.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010200300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #295.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010501300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #296.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500020d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #297.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #298.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d010101050000048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #299.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300c06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #300.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d02092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #301.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d060a2a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #302.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06082a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #303.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010200048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #304.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010501048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #305.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500028201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #306.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201015becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - - -PKCS7 Parse Failure Invalid ASN1: Add null byte to start #307.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"003082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Add null byte to end #308.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #309.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"0282032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 806 to 807 #310.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032706092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #311.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032706092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 806 to 805 #312.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032506092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #313.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032602092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #314.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"30820326060a2a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #315.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606082a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #316.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d0107020282031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 791 to 792 #317.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031830820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #318.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031830820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 791 to 790 #319.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031630820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #320.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031702820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 787 to 788 #321.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820314020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #322.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820314020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 787 to 786 #323.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820312020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #324.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313040101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #325.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020201310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #326.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020001310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #327.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101020f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 16 #328.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a0820317308203130201013110300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #329.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a0820317308203130201013110300d0609608648016503040201050000300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 14 #330.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310e300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #331.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f020d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #332.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300e06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #333.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300e0609608648016503040201050000300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #334.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300c06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #335.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d02096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #336.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d060a6086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #337.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06086086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #338.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010200300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #339.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010501300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #340.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500020b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #341.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300c06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #342.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300c06092a864886f70d01070100318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #343.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300a06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #344.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b02092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #345.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b060a2a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #346.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06082a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #347.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701028202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 750 to 751 #348.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ef30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #349.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ef30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 750 to 749 #350.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ed30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #351.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee02820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #352.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #353.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd00030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #354.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #355.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #356.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #357.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #358.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #359.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #360.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf00300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #361.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #362.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #363.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #364.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #365.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #366.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #367.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #368.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #369.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #370.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #371.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #372.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #373.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #374.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #375.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #376.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #377.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #378.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #379.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #380.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #381.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #382.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #383.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #384.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #385.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #386.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #387.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #388.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #389.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #390.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #391.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #392.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #393.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #394.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #395.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #396.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #397.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #398.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #399.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #400.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #401.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #402.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #403.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #404.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #405.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #406.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #407.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #408.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203104147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #409.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #410.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #411.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #412.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #413.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e0609608648016503040201050000300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #414.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #415.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #416.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a6086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #417.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06086086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #418.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010200300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #419.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010501300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #420.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500020d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #421.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #422.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d010101050000048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #423.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300c06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #424.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d02092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #425.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d060a2a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #426.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06082a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #427.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010200048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #428.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010501048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #429.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500028201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #430.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201015becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #431.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd002820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #432.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #433.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #434.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #435.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #436.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #437.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #438.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #439.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #440.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c00300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #441.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #442.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #443.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #444.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #445.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #446.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #447.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #448.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #449.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #450.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #451.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #452.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #453.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #454.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #455.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #456.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #457.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #458.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #459.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #460.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #461.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #462.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #463.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #464.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #465.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #466.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #467.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #468.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #469.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #470.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #471.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #472.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #473.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #474.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #475.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #476.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #477.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #478.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #479.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #480.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #481.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #482.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #483.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #484.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #485.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #486.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #487.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #488.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320414564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #489.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320215564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #490.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320213564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #491.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c020d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #492.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #493.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e0609608648016503040201050000300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #494.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300c06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #495.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d02096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #496.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d060a6086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #497.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06086086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #498.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010200300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #499.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010501300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #500.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500020d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #501.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #502.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d01010105000004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #503.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300c06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #504.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d02092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #505.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d060a2a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #506.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06082a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #507.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101020004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #508.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050104820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #509.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050002820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #510.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820101046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - - -PKCS7 Parse Failure Invalid ASN1: Add null byte to start #511.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"003082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Add null byte to end #512.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #513.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"0282049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1181 to 1182 #514.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049e06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #515.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049e06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1181 to 1180 #516.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049c06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #517.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d02092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #518.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d060a2a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #519.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06082a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #520.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d0107020282048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1166 to 1167 #521.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048f3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #522.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048f3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1166 to 1165 #523.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048d3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #524.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e0282048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1162 to 1163 #525.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048b020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #526.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048b020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1162 to 1161 #527.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e30820489020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #528.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a040101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #529.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020201310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #530.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020001310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #531.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101020f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 16 #532.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a0201013110300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #533.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a0201013110300d0609608648016503040201050000300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 14 #534.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310e300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #535.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f020d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #536.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300e06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #537.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300e0609608648016503040201050000300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #538.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300c06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #539.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d02096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #540.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d060a6086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #541.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06086086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #542.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010200300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #543.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010501300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #544.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500020b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #545.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300c06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #546.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300c06092a864886f70d010701003182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #547.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300a06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #548.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b02092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #549.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b060a2a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #550.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06082a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #551.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107010282046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1125 to 1126 #552.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046630820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #553.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046630820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1125 to 1124 #554.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046430820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #555.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046502820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #556.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #557.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd00030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #558.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #559.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #560.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #561.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #562.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #563.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #564.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf00300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #565.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #566.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #567.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #568.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #569.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #570.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #571.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #572.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #573.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #574.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #575.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #576.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #577.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #578.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #579.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #580.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #581.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #582.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #583.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #584.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #585.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #586.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #587.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #588.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #589.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #590.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #591.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #592.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #593.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #594.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #595.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #596.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #597.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #598.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #599.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #600.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #601.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #602.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #603.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #604.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #605.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #606.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #607.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #608.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #609.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #610.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #611.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #612.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203104147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #613.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #614.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #615.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #616.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #617.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e0609608648016503040201050000300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #618.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #619.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #620.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a6086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #621.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06086086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #622.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010200300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #623.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010501300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #624.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500020d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #625.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #626.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d010101050000048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #627.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300c06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #628.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d02092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #629.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d060a2a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #630.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06082a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #631.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010200048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #632.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010501048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #633.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500028201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #634.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201015becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #635.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd002820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #636.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #637.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a64000030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #638.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #639.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #640.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #641.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #642.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #643.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #644.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c00300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #645.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #646.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #647.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #648.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #649.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #650.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #651.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #652.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #653.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #654.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #655.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #656.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #657.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #658.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #659.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #660.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #661.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #662.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #663.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #664.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #665.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #666.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #667.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #668.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #669.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #670.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #671.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #672.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #673.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #674.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #675.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #676.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #677.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #678.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #679.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #680.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #681.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #682.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #683.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #684.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #685.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #686.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #687.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #688.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #689.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #690.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #691.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #692.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320414564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #693.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320215564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #694.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320213564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #695.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c020d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #696.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #697.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e0609608648016503040201050000300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #698.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300c06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #699.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d02096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #700.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d060a6086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #701.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06086086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #702.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010200300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #703.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010501300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #704.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500020d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #705.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #706.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d01010105000004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #707.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300c06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #708.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d02092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #709.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d060a2a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #710.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06082a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #711.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101020004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #712.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050104820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #713.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050002820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #714.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820101046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #715.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640002820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #716.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #717.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #718.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #719.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #720.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #721.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #722.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #723.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #724.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb00300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #725.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #726.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #727.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #728.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203300021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #729.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #730.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #731.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #732.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #733.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #734.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #735.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #736.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #737.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #738.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #739.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #740.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #741.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #742.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #743.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #744.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #745.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #746.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #747.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #748.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #749.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #750.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #751.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #752.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #753.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #754.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #755.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #756.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #757.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #758.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #759.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #760.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203300021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #761.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #762.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #763.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #764.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203300021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #765.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #766.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #767.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #768.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #769.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #770.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #771.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #772.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033041462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #773.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021562477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #774.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021362477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #775.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb020d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #776.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300e06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #777.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300e0609608648016503040201050000300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #778.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300c06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #779.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d02096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #780.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d060a6086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #781.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06086086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #782.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010200300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #783.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010501300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #784.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500020d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #785.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300e06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #786.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300e06092a864886f70d010101050000048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #787.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300c06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #788.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d02092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #789.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d060a2a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #790.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06082a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #791.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010200048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #792.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010501048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #793.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500028201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #794.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201016d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function deleted file mode 100644 index e5dc4bd19..000000000 --- a/tests/suites/test_suite_pkcs7.function +++ /dev/null @@ -1,171 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/bignum.h" -#include "mbedtls/pkcs7.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#include "x509_internal.h" -#include "mbedtls/oid.h" -#include "sys/types.h" -#include "sys/stat.h" -#include "mbedtls/rsa.h" -#include "mbedtls/error.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PKCS7_C - * END_DEPENDENCIES - */ -/* BEGIN_SUITE_HELPERS */ -static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) -{ - int res; - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init(&pkcs7); - res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); - mbedtls_pkcs7_free(&pkcs7); - return res; -} -/* END_SUITE_HELPERS */ - -/* BEGIN_CASE */ -void pkcs7_asn1_fail(data_t *pkcs7_buf) -{ - int res; - res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len); - TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA); - -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse(char *pkcs7_file, int res_expect) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); - TEST_EQUAL(res, 0); - - res = pkcs7_parse_buffer(pkcs7_buf, buflen); - TEST_EQUAL(res, res_expect); - -exit: - mbedtls_free(pkcs7_buf); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify(char *pkcs7_file, - char *crt_files, - char *filetobesigned, - int do_hash_alg, - int res_expect) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen, i, k, cnt = 0, n_crts = 1; - unsigned char *data = NULL; - char **crt_files_arr = NULL; - unsigned char *hash = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - const mbedtls_md_info_t *md_info; - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt **crts = NULL; - - MD_OR_USE_PSA_INIT(); - - mbedtls_pkcs7_init(&pkcs7); - - /* crt_files are space seprated list */ - for (i = 0; i < strlen(crt_files); i++) { - if (crt_files[i] == ' ') { - n_crts++; - } - } - - TEST_CALLOC(crts, n_crts); - TEST_CALLOC(crt_files_arr, n_crts); - - for (i = 0; i < strlen(crt_files); i++) { - for (k = i; k < strlen(crt_files); k++) { - if (crt_files[k] == ' ') { - break; - } - } - TEST_CALLOC(crt_files_arr[cnt], (k-i)+1); - crt_files_arr[cnt][k-i] = '\0'; - memcpy(crt_files_arr[cnt++], crt_files + i, k-i); - i = k; - } - - for (i = 0; i < n_crts; i++) { - TEST_CALLOC(crts[i], 1); - mbedtls_x509_crt_init(crts[i]); - } - - res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); - TEST_EQUAL(res, 0); - - res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); - TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA); - - TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts); - - for (i = 0; i < n_crts; i++) { - res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]); - TEST_EQUAL(res, 0); - } - - res = stat(filetobesigned, &st); - TEST_EQUAL(res, 0); - - file = fopen(filetobesigned, "rb"); - TEST_ASSERT(file != NULL); - - datalen = st.st_size; - /* Special-case for zero-length input so that data will be non-NULL */ - TEST_CALLOC(data, datalen == 0 ? 1 : datalen); - buflen = fread((void *) data, sizeof(unsigned char), datalen, file); - TEST_EQUAL(buflen, datalen); - - fclose(file); - - if (do_hash_alg) { - md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); - TEST_CALLOC(hash, mbedtls_md_get_size(md_info)); - res = mbedtls_md(md_info, data, datalen, hash); - TEST_EQUAL(res, 0); - - for (i = 0; i < n_crts; i++) { - res = - mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash, - mbedtls_md_get_size(md_info)); - TEST_EQUAL(res, res_expect); - } - } else { - for (i = 0; i < n_crts; i++) { - res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen); - TEST_EQUAL(res, res_expect); - } - } - -exit: - for (i = 0; i < n_crts; i++) { - mbedtls_x509_crt_free(crts[i]); - mbedtls_free(crts[i]); - mbedtls_free(crt_files_arr[i]); - } - mbedtls_free(hash); - mbedtls_pkcs7_free(&pkcs7); - mbedtls_free(crt_files_arr); - mbedtls_free(crts); - mbedtls_free(data); - mbedtls_free(pkcs7_buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data deleted file mode 100644 index 8135ef17a..000000000 --- a/tests/suites/test_suite_ssl.data +++ /dev/null @@ -1,3363 +0,0 @@ -Attempt to register multiple PSKs -test_multiple_psks: - -Attempt to register multiple PSKS, incl. opaque PSK, #0 -test_multiple_psks_opaque:0 - -Attempt to register multiple PSKs, incl. opaque PSK, #1 -test_multiple_psks_opaque:1 - -Attempt to register multiple PSKs, incl. opaque PSK, #2 -test_multiple_psks_opaque:2 - -Test callback buffer sanity -test_callback_buffer_sanity: - -Callback buffer test: Exercise simple write/read -test_callback_buffer:50:25:25:25:25:0:0:0:0 - -Callback buffer test: Filling up the buffer -test_callback_buffer:50:50:50:50:50:0:0:0:0 - -Callback buffer test: Filling up the buffer in two steps -test_callback_buffer:50:20:20:0:0:30:30:50:50 - -Callback buffer test: Reading out the buffer in two steps -test_callback_buffer:50:50:50:30:30:0:0:20:20 - -Callback buffer test: Data wraps in buffer -test_callback_buffer:50:45:45:10:10:10:10:45:45 - -Callback buffer test: Data starts at the end -test_callback_buffer:50:50:50:49:49:10:10:11:11 - -Callback buffer test: Can write less than requested -test_callback_buffer:50:75:50:30:30:25:25:45:45 - -Callback buffer test: Can read less than requested -test_callback_buffer:50:25:25:30:25:5:5:5:5 - -Callback buffer test: Writing to full buffer -test_callback_buffer:50:50:50:0:0:10:0:60:50 - -Callback buffer test: Reading from empty buffer -test_callback_buffer:50:0:0:10:0:0:0:0:0 - -Test mock socket sanity -ssl_mock_sanity: - -Test mock blocking TCP connection -ssl_mock_tcp:1 - -Test mock non-blocking TCP connection -ssl_mock_tcp:0 - -Test mock blocking TCP connection (interleaving) -ssl_mock_tcp_interleaving:1 - -Test mock non-blocking TCP connection (interleaving) -ssl_mock_tcp_interleaving:0 - -Message queue - sanity -ssl_message_queue_sanity: - -Message queue - basic test -ssl_message_queue_basic: - -Message queue - overflow/underflow -ssl_message_queue_overflow_underflow: - -Message queue - interleaved -ssl_message_queue_interleaved: - -Message queue - insufficient buffer -ssl_message_queue_insufficient_buffer: - -Message transport mock - uninitialized structures -ssl_message_mock_uninitialized: - -Message transport mock - basic test -ssl_message_mock_basic: - -Message transport mock - queue overflow/underflow -ssl_message_mock_queue_overflow_underflow: - -Message transport mock - socket overflow -ssl_message_mock_socket_overflow: - -Message transport mock - truncated message -ssl_message_mock_truncated: - -Message transport mock - socket read error -ssl_message_mock_socket_read_error: - -Message transport mock - one-way interleaved sends/reads -ssl_message_mock_interleaved_one_way: - -Message transport mock - two-way interleaved sends/reads -ssl_message_mock_interleaved_two_ways: - -Test mbedtls_endpoint sanity for the client -mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT - -Test mbedtls_endpoint sanity for the server -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER - -TLS 1.2:Move client handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.2:Move client handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.2:Move client handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.2:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.2:Move client handshake to SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 - -TLS 1.2:Move client handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.2:Move client handshake to SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO_DONE:1 - -TLS 1.2:Move client handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.2:Move client handshake to CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 - -TLS 1.2:Move client handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.2:Move client handshake to CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move client handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.2:Move client handshake to SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move client handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.2:Move client handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLS 1.2:Move client handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.2:Move client handshake to HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_OVER:1 - -TLS 1.3:Move client handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.3:Move client handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.3:Move client handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.3:Move client handshake to ENCRYPTED_EXTENSIONS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 - -TLS 1.3:Move client handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.3:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.3:Move client handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.3:Move client handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.3:Move client handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.3:Move client handshake to CLIENT_CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 - -TLS 1.3:Move client handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.3:Move client handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLS 1.3:Move client handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.3:Move client handshake to CLIENT_CCS_AFTER_SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:1 - -TLS 1.2:Move server handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.2:Move server handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.2:Move server handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.2:Move server handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.2:Move server handshake to SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 - -TLS 1.2:Move server handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.2:Move server handshake to SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO_DONE:1 - -TLS 1.2:Move server handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.2:Move server handshake to CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 - -TLS 1.2:Move server handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.2:Move server handshake to CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move server handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.2:Move server handshake to SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move server handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.2:Move server handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLS 1.2:Move server handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.2:Move server handshake to HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_OVER:1 - -TLS 1.3:Move server handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.3:Move server handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.3:Move server handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.3:Move server handshake to ENCRYPTED_EXTENSIONS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 - -TLS 1.3:Move server handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.3:Move server handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.3:Move server handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.3:Move server handshake to SERVER_CCS_AFTER_SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:1 - -TLS 1.3:Move server handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.3:Move server handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.3:Move server handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.3:Move server handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.3:Move server handshake to CLIENT_CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 - -TLS 1.2:Negative test moving clients ssl to state: VERIFY_REQUEST_SENT -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 - -TLS 1.2:Negative test moving servers ssl to state: NEW_SESSION_TICKET -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_NEW_SESSION_TICKET:0 - -Handshake, tls1_2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 - -Handshake, tls1_3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 - -Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 - -Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 - -Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 - -Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 - -Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 - -Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 - -DTLS Handshake, tls1_2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 - -DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 - -DTLS Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 - -DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 - -DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 - -DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 - -DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 - -DTLS Handshake with serialization, tls1_2 -depends_on:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS -handshake_serialization - -DTLS Handshake fragmentation, MFL=512 -depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1 - -DTLS Handshake fragmentation, MFL=1024 -depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 - -Handshake min/max version check, all -> 1.2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2 - -Handshake min/max version check, all -> 1.3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Sending app data via TLS, MFL=512 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 - -Sending app data via TLS, MFL=512 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3 - -Sending app data via TLS, MFL=1024 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 - -Sending app data via TLS, MFL=1024 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5 - -Sending app data via TLS, MFL=2048 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 - -Sending app data via TLS, MFL=2048 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4 - -Sending app data via TLS, MFL=4096 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 - -Sending app data via TLS, MFL=4096 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3 - -Sending app data via TLS without MFL and without fragmentation -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 - -Sending app data via TLS without MFL and with fragmentation -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7 - -Sending app data via DTLS, MFL=512 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 - -Sending app data via DTLS, MFL=512 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0 - -Sending app data via DTLS, MFL=1024 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 - -Sending app data via DTLS, MFL=1024 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0 - -Sending app data via DTLS, MFL=2048 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 - -Sending app data via DTLS, MFL=2048 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0 - -Sending app data via DTLS, MFL=4096 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 - -Sending app data via DTLS, MFL=4096 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0 - -Sending app data via DTLS, without MFL and without fragmentation -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 - -Sending app data via DTLS, without MFL and with fragmentation -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0 - -DTLS renegotiation: no legacy renegotiation -renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION - -DTLS renegotiation: legacy renegotiation -renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION - -DTLS renegotiation: legacy break handshake -renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE - -DTLS serialization with MFL=512 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512 - -DTLS serialization with MFL=1024 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024 - -DTLS serialization with MFL=2048 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048 - -DTLS serialization with MFL=4096 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 - -DTLS no legacy renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS no legacy renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS no legacy renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS no legacy renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy break handshake renegotiation with MFL=512 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS legacy break handshake renegotiation with MFL=1024 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS legacy break handshake renegotiation with MFL=2048 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS legacy break handshake renegotiation with MFL=4096 -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" - -SSL DTLS replay: initial state, seqnum 0 -ssl_dtls_replay:"":"000000000000":0 - -SSL DTLS replay: 0 seen, 1 arriving -ssl_dtls_replay:"000000000000":"000000000001":0 - -SSL DTLS replay: 0 seen, 0 replayed -ssl_dtls_replay:"000000000000":"000000000000":-1 - -SSL DTLS replay: 0-1 seen, 2 arriving -ssl_dtls_replay:"000000000000000000000001":"000000000002":0 - -SSL DTLS replay: 0-1 seen, 1 replayed -ssl_dtls_replay:"000000000000000000000001":"000000000001":-1 - -SSL DTLS replay: 0-1 seen, 0 replayed -ssl_dtls_replay:"000000000000000000000001":"000000000000":-1 - -SSL DTLS replay: new -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0 - -SSL DTLS replay: way new -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0 - -SSL DTLS replay: delayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0 - -SSL DTLS replay: last replayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1 - -SSL DTLS replay: older replayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1 - -SSL DTLS replay: most recent in window, replayed -ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1 - -SSL DTLS replay: oldest in window, replayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1 - -SSL DTLS replay: oldest in window, not replayed -ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0 - -SSL DTLS replay: just out of the window -ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1 - -SSL DTLS replay: way out of the window -ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1 - -SSL DTLS replay: big jump then replay -ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1 - -SSL DTLS replay: big jump then new -ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0 - -SSL DTLS replay: big jump then just delayed -ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0 - -SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice -ssl_set_hostname_twice:"server0":"server1" - -SSL session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:1:0:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2 - -SSL session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:1:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2 - -SSL session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:1:0:0:MBEDTLS_SSL_VERSION_TLS1_2 - -SSL session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:0:1:0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Test Session id & Ciphersuite accessors TLS 1.2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_id_accessors_check:MBEDTLS_SSL_VERSION_TLS1_2 - -Test Session id & Ciphersuite accessors TLS 1.3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_session_id_accessors_check:MBEDTLS_SSL_VERSION_TLS1_3 - -Record crypt, AES-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-192-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-192-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ChachaPoly -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ChachaPoly, 1.3 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, ChachaPoly -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ChachaPoly, 1.3 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, ChachaPoly, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ChachaPoly, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-192-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-192-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -SSL TLS 1.3 Key schedule: Secret evolution #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Initial secret to Early Secret -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_key_evolution:PSA_ALG_SHA_256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" - -SSL TLS 1.3 Key schedule: Secret evolution #2 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Early secret to Handshake Secret -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_key_evolution:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" - -SSL TLS 1.3 Key schedule: Secret evolution #3 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Handshake secret to Master Secret -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Server handshake traffic secret -> Server traffic key -# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #2 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Server handshake traffic secret -> Server traffic IV -# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #3 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Client handshake traffic secret -> Client traffic key -# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #4 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Client handshake traffic secret -> Client traffic IV -# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) -# Vector from RFC 8448 -# Server handshake traffic secret -> Server traffic IV -# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) -# Vector from RFC 8448 -# Server handshake traffic secret -> Server traffic Key -# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) -# Vector from RFC 8448 -# Client handshake traffic secret -> Client traffic IV -# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) -# Vector from RFC 8448 -# Client handshake traffic secret -> Client traffic Key -# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448) -# Calculation of finished_key -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448) -# Calculation of resumption key -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" - -SSL TLS 1.3 Key schedule: Traffic key generation #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" - -SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) -# Vector RFC 8448 -# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Derive-Secret( Early-Secret, "derived", "") -# Tests the case where context isn't yet hashed (empty string here, -# but still needs to be hashed) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Derive-Secret( MasterSecret, "s ap traffic", hash) -# Tests the case where context is already hashed -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2 -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" - -SSL TLS 1.3 Key schedule: Early secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_early_secrets:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" - -SSL TLS 1.3 Key schedule: Handshake secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_handshake_secrets:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" - -SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 -# - Server App Key: 0b6d22c8ff68097ea871c672073773bf -# - Server App IV: 1b13dd9f8d8f17091d34b349 -# - Client App Key: 49134b95328f279f0183860589ac6707 -# - Client App IV: bc4dd5f7b98acff85466261d -# - App data payload: 70696e67 -# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5 -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5" - -SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 -# - Server App Key: 0b6d22c8ff68097ea871c672073773bf -# - Server App IV: 1b13dd9f8d8f17091d34b349 -# - Client App Key: 49134b95328f279f0183860589ac6707 -# - Client App IV: bc4dd5f7b98acff85466261d -# - App data payload: 706f6e67 -# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7 -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7" - -SSL TLS 1.3 Record Encryption RFC 8448 Example #1 -# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3 -# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56 -# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84 -# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51 -# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9 -# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f -# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f -# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f -# 30 31 -# - Complete record: 17 03 03 00 43 a2 3f 70 54 b6 2c 94 d0 af fa fe -# 82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f -# 2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b -# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6 -# 3a ee bb 21 69 49 15 e4 -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4" - -SSL TLS 1.3 Record Encryption RFC 8448 Example #2 -# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3 -# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56 -# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84 -# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51 -# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9 -# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f -# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f -# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f -# 30 31 -# - Complete record: 17 03 03 00 43 2e 93 7e 11 ef 4a c7 40 e5 38 ad -# 36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36 -# e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8 -# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54 -# 0d d0 32 e1 67 c2 95 5d -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d" - -SSL TLS 1.3 Key schedule: Application secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" - -SSL TLS 1.3 Key schedule: Resumption secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_resumption_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" - -SSL TLS 1.3 Key schedule: PSK binder -# Vector from RFC 8448 -# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"' -# For all other data, see Section 4, 'construct a ClientHello handshake message:' -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_MONTGOMERY_255 -ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d" - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0 - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0 - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled -depends_on:!PSA_WANT_ALG_SHA_384 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled -depends_on:!PSA_WANT_ALG_SHA_256 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Session serialization, save-load: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: small ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: large ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, save-load: no ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save-load: small ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save-load: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, save-load: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Session serialization, load-save: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: small ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_save:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: large ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_save:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, load-save: no ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load-save: small ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load-save: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, load-save -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Session serialization, save buffer size: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: small ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_save_buf_size:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: large ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_save_buf_size:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, save buffer size: no ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save buffer size: small ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save buffer size: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, save buffer size -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Session serialization, load buffer size: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: small ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: large ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: no ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: small ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: large ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, load buffer size: no ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load buffer size: small ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load buffer size: large ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, load buffer size -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C -ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Test configuration of groups for DHE through mbedtls_ssl_conf_curves() -conf_curve: - -Test configuration of groups for DHE through mbedtls_ssl_conf_groups() -conf_group: - -Version config: valid client TLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: valid client DTLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: valid server TLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: valid server DTLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: invalid client TLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid client DTLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server TLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server DTLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid client TLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported client DTLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: valid server TLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported server DTLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: invalid client TLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid client DTLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server TLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server DTLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid client hybrid TLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported client hybrid DTLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: valid server hybrid TLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported server hybrid DTLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: valid client hybrid TLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid server hybrid TLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid client hybrid TLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid server hybrid TLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid minimum version -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:770:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid maximum version -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:773:MBEDTLS_ERR_SSL_BAD_CONFIG - -Test accessor into timing_delay_context -timing_final_delay_accessor - -Sanity test cid functions -cid_sanity: - -Raw key agreement: nominal -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -raw_key_agreement_fail:0 - -Raw key agreement: bad server key -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -raw_key_agreement_fail:1 - -Force a bad session id length -force_bad_session_id_len - -Cookie parsing: nominal run -cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d00200000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_SSL_INTERNAL_ERROR - -Cookie parsing: cookie_len overflow -cookie_parsing:"16fefd000000000000000000ea010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727db97b7373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737db963":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: non-zero fragment offset -cookie_parsing:"16fefd00000000000000000032010000de000072000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d01730143":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: sid_len overflow -cookie_parsing:"16fefd00000000000000000032010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF730143":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: record too short -cookie_parsing:"16fefd0000000000000000002f010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: one byte overread -cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d0001":MBEDTLS_ERR_SSL_DECODE_ERROR - -TLS 1.3 srv Certificate msg - wrong vector lengths -tls13_server_certificate_msg_invalid_vector_len - -EC-JPAKE set password -depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -ssl_ecjpake_set_password:0 - -EC-JPAKE set opaque password -depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED:MBEDTLS_USE_PSA_CRYPTO -ssl_ecjpake_set_password:1 - -Test Elliptic curves' info parsing -elliptic_curve_get_properties - -TLS 1.3 resume session with ticket -tls13_resume_session_with_ticket - -TLS 1.3 read early data, early data accepted -tls13_read_early_data:TEST_EARLY_DATA_ACCEPTED - -TLS 1.3 read early data, no early data indication -tls13_read_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT - -TLS 1.3 read early data, server rejects early data -tls13_read_early_data:TEST_EARLY_DATA_SERVER_REJECTS - -TLS 1.3 read early data, discard after HRR -tls13_read_early_data:TEST_EARLY_DATA_HRR - -TLS 1.3 cli, early data, same ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_SAME_ALPN - -TLS 1.3 cli, early data, different ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_DIFF_ALPN - -TLS 1.3 cli, early data, no initial ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_NO_INITIAL_ALPN - -TLS 1.3 cli, early data, no later ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_NO_LATER_ALPN - -TLS 1.3 cli, early data state, early data accepted -tls13_cli_early_data_state:TEST_EARLY_DATA_ACCEPTED - -TLS 1.3 cli, early data state, no early data indication -tls13_cli_early_data_state:TEST_EARLY_DATA_NO_INDICATION_SENT - -TLS 1.3 cli, early data state, server rejects early data -tls13_cli_early_data_state:TEST_EARLY_DATA_SERVER_REJECTS - -TLS 1.3 cli, early data state, hello retry request -tls13_cli_early_data_state:TEST_EARLY_DATA_HRR - -TLS 1.3 write early data, early data accepted -tls13_write_early_data:TEST_EARLY_DATA_ACCEPTED - -TLS 1.3 write early data, no early data indication -tls13_write_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT - -TLS 1.3 write early data, server rejects early data -tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS - -TLS 1.3 write early data, hello retry request -tls13_write_early_data:TEST_EARLY_DATA_HRR - -TLS 1.3 cli, maximum early data size, default size -tls13_cli_max_early_data_size:-1 - -TLS 1.3 cli, maximum early data size, zero -tls13_cli_max_early_data_size:0 - -TLS 1.3 cli, maximum early data size, very small but not 0 -tls13_cli_max_early_data_size:3 - -TLS 1.3 cli, maximum early data size, 93 -tls13_cli_max_early_data_size:93 - -TLS 1.3 srv, max early data size, dflt, wsz=96 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:96 - -TLS 1.3 srv, max early data size, dflt, wsz=128 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:128 - -TLS 1.3 srv, max early data size, 3, wsz=2 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:2 - -TLS 1.3 srv, max early data size, 3, wsz=3 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:3 - -TLS 1.3 srv, max early data size, 98, wsz=23 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:23 - -TLS 1.3 srv, max early data size, 98, wsz=49 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:49 - -TLS 1.3 srv, max early data size, server rejects, dflt, wsz=128 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1:128 - -TLS 1.3 srv, max early data size, server rejects, 3, wsz=3 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3:3 - -TLS 1.3 srv, max early data size, server rejects, 98, wsz=49 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:98:49 - -TLS 1.3 srv, max early data size, HRR, dflt, wsz=128 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1:128 - -TLS 1.3 srv, max early data size, HRR, 3, wsz=3 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 - -TLS 1.3 srv, max early data size, HRR, 98, wsz=49 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function deleted file mode 100644 index 3802074f9..000000000 --- a/tests/suites/test_suite_ssl.function +++ /dev/null @@ -1,5037 +0,0 @@ -/* BEGIN_HEADER */ -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } - -/* Mnemonics for the early data test scenarios */ -#define TEST_EARLY_DATA_ACCEPTED 0 -#define TEST_EARLY_DATA_NO_INDICATION_SENT 1 -#define TEST_EARLY_DATA_SERVER_REJECTS 2 -#define TEST_EARLY_DATA_HRR 3 -#define TEST_EARLY_DATA_SAME_ALPN 4 -#define TEST_EARLY_DATA_DIFF_ALPN 5 -#define TEST_EARLY_DATA_NO_INITIAL_ALPN 6 -#define TEST_EARLY_DATA_NO_LATER_ALPN 7 - -#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ - defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \ - defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) && \ - defined(PSA_HAVE_ALG_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS) -/* - * Test function to write early data for negative tests where - * mbedtls_ssl_write_early_data() cannot be used. - */ -static int write_early_data(mbedtls_ssl_context *ssl, - unsigned char *buf, size_t len) -{ - int ret = mbedtls_ssl_get_max_out_record_payload(ssl); - - TEST_ASSERT(ret > 0); - TEST_LE_U(len, (size_t) ret); - - ret = mbedtls_ssl_flush_output(ssl); - TEST_EQUAL(ret, 0); - TEST_EQUAL(ssl->out_left, 0); - - ssl->out_msglen = len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - if (len > 0) { - memcpy(ssl->out_msg, buf, len); - } - - ret = mbedtls_ssl_write_record(ssl, 1); - TEST_EQUAL(ret, 0); - - ret = len; - -exit: - return ret; -} -#endif - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_SSL_TLS_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void test_callback_buffer_sanity() -{ - enum { MSGLEN = 10 }; - mbedtls_test_ssl_buffer buf; - mbedtls_test_ssl_buffer_init(&buf); - unsigned char input[MSGLEN]; - unsigned char output[MSGLEN]; - - USE_PSA_INIT(); - memset(input, 0, sizeof(input)); - - /* Make sure calling put and get on NULL buffer results in error. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) - == -1); - - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); - - /* Make sure calling put and get on a buffer that hasn't been set up results - * in error. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) - == -1); - - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); - - /* Make sure calling put and get on NULL input only results in - * error if the length is not zero, and that a NULL output is valid for data - * dropping. - */ - - TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); - - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) - == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); - - /* Make sure calling put several times in the row is safe */ - - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) - == sizeof(input)); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); - - -exit: - mbedtls_test_ssl_buffer_free(&buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is - * correct and works as expected. - * - * That is - * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes. - * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. - * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret - * bytes. - * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. - * - All of the bytes we got match the bytes we put in in a FIFO manner. - */ - -/* BEGIN_CASE */ -void test_callback_buffer(int size, int put1, int put1_ret, - int get1, int get1_ret, int put2, int put2_ret, - int get2, int get2_ret) -{ - enum { ROUNDS = 2 }; - size_t put[ROUNDS]; - int put_ret[ROUNDS]; - size_t get[ROUNDS]; - int get_ret[ROUNDS]; - mbedtls_test_ssl_buffer buf; - unsigned char *input = NULL; - size_t input_len; - unsigned char *output = NULL; - size_t output_len; - size_t i, j, written, read; - - mbedtls_test_ssl_buffer_init(&buf); - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); - - /* Check the sanity of input parameters and initialise local variables. That - * is, ensure that the amount of data is not negative and that we are not - * expecting more to put or get than we actually asked for. */ - TEST_ASSERT(put1 >= 0); - put[0] = put1; - put_ret[0] = put1_ret; - TEST_ASSERT(put1_ret <= put1); - TEST_ASSERT(put2 >= 0); - put[1] = put2; - put_ret[1] = put2_ret; - TEST_ASSERT(put2_ret <= put2); - - TEST_ASSERT(get1 >= 0); - get[0] = get1; - get_ret[0] = get1_ret; - TEST_ASSERT(get1_ret <= get1); - TEST_ASSERT(get2 >= 0); - get[1] = get2; - get_ret[1] = get2_ret; - TEST_ASSERT(get2_ret <= get2); - - input_len = 0; - /* Calculate actual input and output lengths */ - for (j = 0; j < ROUNDS; j++) { - if (put_ret[j] > 0) { - input_len += put_ret[j]; - } - } - /* In order to always have a valid pointer we always allocate at least 1 - * byte. */ - if (input_len == 0) { - input_len = 1; - } - TEST_CALLOC(input, input_len); - - output_len = 0; - for (j = 0; j < ROUNDS; j++) { - if (get_ret[j] > 0) { - output_len += get_ret[j]; - } - } - TEST_ASSERT(output_len <= input_len); - /* In order to always have a valid pointer we always allocate at least 1 - * byte. */ - if (output_len == 0) { - output_len = 1; - } - TEST_CALLOC(output, output_len); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < input_len; i++) { - input[i] = i & 0xFF; - } - - written = read = 0; - for (j = 0; j < ROUNDS; j++) { - TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, - input + written, put[j])); - written += put_ret[j]; - TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, - output + read, get[j])); - read += get_ret[j]; - TEST_ASSERT(read <= written); - if (get_ret[j] > 0) { - TEST_ASSERT(memcmp(output + read - get_ret[j], - input + read - get_ret[j], get_ret[j]) - == 0); - } - } - -exit: - mbedtls_free(input); - mbedtls_free(output); - mbedtls_test_ssl_buffer_free(&buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_mock_socket` related - * I/O functions is correct and works as expected on unconnected sockets. - */ - -/* BEGIN_CASE */ -void ssl_mock_sanity() -{ - enum { MSGLEN = 105 }; - unsigned char message[MSGLEN] = { 0 }; - unsigned char received[MSGLEN] = { 0 }; - mbedtls_test_mock_socket socket; - - mbedtls_test_mock_socket_init(&socket); - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - mbedtls_test_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - - mbedtls_test_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - mbedtls_test_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - -exit: - mbedtls_test_mock_socket_close(&socket); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_mock_socket` related functions - * can send a single message from the client to the server. - */ - -/* BEGIN_CASE */ -void ssl_mock_tcp(int blocking) -{ - enum { MSGLEN = 105 }; - enum { BUFLEN = MSGLEN / 5 }; - unsigned char message[MSGLEN]; - unsigned char received[MSGLEN]; - mbedtls_test_mock_socket client; - mbedtls_test_mock_socket server; - size_t written, read; - int send_ret, recv_ret; - mbedtls_ssl_send_t *send; - mbedtls_ssl_recv_t *recv; - unsigned i; - - if (blocking == 0) { - send = mbedtls_test_mock_tcp_send_nb; - recv = mbedtls_test_mock_tcp_recv_nb; - } else { - send = mbedtls_test_mock_tcp_send_b; - recv = mbedtls_test_mock_tcp_recv_b; - } - - mbedtls_test_mock_socket_init(&client); - mbedtls_test_mock_socket_init(&server); - USE_PSA_INIT(); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - - /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); - - /* Send the message to the server */ - send_ret = recv_ret = 1; - written = read = 0; - while (send_ret != 0 || recv_ret != 0) { - send_ret = send(&client, message + written, MSGLEN - written); - - TEST_ASSERT(send_ret >= 0); - TEST_ASSERT(send_ret <= BUFLEN); - written += send_ret; - - /* If the buffer is full we can test blocking and non-blocking send */ - if (send_ret == BUFLEN) { - int blocking_ret = send(&client, message, 1); - if (blocking) { - TEST_ASSERT(blocking_ret == 0); - } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - } - - recv_ret = recv(&server, received + read, MSGLEN - read); - - /* The result depends on whether any data was sent */ - if (send_ret > 0) { - TEST_ASSERT(recv_ret > 0); - TEST_ASSERT(recv_ret <= BUFLEN); - read += recv_ret; - } else if (blocking) { - TEST_ASSERT(recv_ret == 0); - } else { - TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ); - recv_ret = 0; - } - - /* If the buffer is empty we can test blocking and non-blocking read */ - if (recv_ret == BUFLEN) { - int blocking_ret = recv(&server, received, 1); - if (blocking) { - TEST_ASSERT(blocking_ret == 0); - } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); - } - } - } - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - -exit: - mbedtls_test_mock_socket_close(&client); - mbedtls_test_mock_socket_close(&server); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_mock_socket` related functions - * can send messages in both direction at the same time (with the I/O calls - * interleaving). - */ - -/* BEGIN_CASE */ -void ssl_mock_tcp_interleaving(int blocking) -{ - enum { ROUNDS = 2 }; - enum { MSGLEN = 105 }; - enum { BUFLEN = MSGLEN / 5 }; - unsigned char message[ROUNDS][MSGLEN]; - unsigned char received[ROUNDS][MSGLEN]; - mbedtls_test_mock_socket client; - mbedtls_test_mock_socket server; - size_t written[ROUNDS]; - size_t read[ROUNDS]; - int send_ret[ROUNDS]; - int recv_ret[ROUNDS]; - unsigned i, j, progress; - mbedtls_ssl_send_t *send; - mbedtls_ssl_recv_t *recv; - - if (blocking == 0) { - send = mbedtls_test_mock_tcp_send_nb; - recv = mbedtls_test_mock_tcp_recv_nb; - } else { - send = mbedtls_test_mock_tcp_send_b; - recv = mbedtls_test_mock_tcp_recv_b; - } - - mbedtls_test_mock_socket_init(&client); - mbedtls_test_mock_socket_init(&server); - USE_PSA_INIT(); - - /* Fill up the buffers with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < ROUNDS; i++) { - for (j = 0; j < MSGLEN; j++) { - message[i][j] = (i * MSGLEN + j) & 0xFF; - } - } - - /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); - - /* Send the message from both sides, interleaving. */ - progress = 1; - for (i = 0; i < ROUNDS; i++) { - written[i] = 0; - read[i] = 0; - } - /* This loop does not stop as long as there was a successful write or read - * of at least one byte on either side. */ - while (progress != 0) { - mbedtls_test_mock_socket *socket; - - for (i = 0; i < ROUNDS; i++) { - /* First sending is from the client */ - socket = (i % 2 == 0) ? (&client) : (&server); - - send_ret[i] = send(socket, message[i] + written[i], - MSGLEN - written[i]); - TEST_ASSERT(send_ret[i] >= 0); - TEST_ASSERT(send_ret[i] <= BUFLEN); - written[i] += send_ret[i]; - - /* If the buffer is full we can test blocking and non-blocking - * send */ - if (send_ret[i] == BUFLEN) { - int blocking_ret = send(socket, message[i], 1); - if (blocking) { - TEST_ASSERT(blocking_ret == 0); - } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - } - } - - for (i = 0; i < ROUNDS; i++) { - /* First receiving is from the server */ - socket = (i % 2 == 0) ? (&server) : (&client); - - recv_ret[i] = recv(socket, received[i] + read[i], - MSGLEN - read[i]); - - /* The result depends on whether any data was sent */ - if (send_ret[i] > 0) { - TEST_ASSERT(recv_ret[i] > 0); - TEST_ASSERT(recv_ret[i] <= BUFLEN); - read[i] += recv_ret[i]; - } else if (blocking) { - TEST_ASSERT(recv_ret[i] == 0); - } else { - TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ); - recv_ret[i] = 0; - } - - /* If the buffer is empty we can test blocking and non-blocking - * read */ - if (recv_ret[i] == BUFLEN) { - int blocking_ret = recv(socket, received[i], 1); - if (blocking) { - TEST_ASSERT(blocking_ret == 0); - } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); - } - } - } - - progress = 0; - for (i = 0; i < ROUNDS; i++) { - progress += send_ret[i] + recv_ret[i]; - } - } - - for (i = 0; i < ROUNDS; i++) { - TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0); - } - -exit: - mbedtls_test_mock_socket_close(&client); - mbedtls_test_mock_socket_close(&server); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_sanity() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - /* Trying to push/pull to an empty queue */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) - == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) - == MBEDTLS_TEST_ERROR_ARG_NULL); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 0); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_basic() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); - - /* Sanity test - 3 pushes and 3 pops with sufficient space */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 3); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_overflow_underflow() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); - - /* 4 pushes (last one with an error), 4 pops (last one with an error) */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) - == MBEDTLS_ERR_SSL_WANT_WRITE); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) - == MBEDTLS_ERR_SSL_WANT_READ); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_interleaved() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); - - /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops - * (to wrap around the buffer) */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_insufficient_buffer() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - size_t message_len = 10; - size_t buffer_len = 5; - - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); - - /* Popping without a sufficient buffer */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) - == (int) message_len); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) - == (int) buffer_len); -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_uninitialized() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; - mbedtls_test_mock_socket client, server; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - - USE_PSA_INIT(); - /* Send with a NULL context */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) - == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) - == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_TEST_ERROR_SEND_FAILED); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); - - /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, - MSGLEN) - == MSGLEN); - - /* Test if there's an error when trying to read from a disconnected - * socket */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_TEST_ERROR_RECV_FAILED); -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_basic() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); - - /* Send the message to the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - - /* Read from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - memset(received, 0, MSGLEN); - - /* Send the message to the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) - == MSGLEN); - - /* Read from the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) - == MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_queue_overflow_underflow() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*2)); - - /* Send three message to the server, last one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) - == MSGLEN - 1); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_WRITE); - - /* Read three messages from the server, last one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) - == MSGLEN - 1); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_socket_overflow() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); - - /* Send two message to the server, second one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_TEST_ERROR_SEND_FAILED); - - /* Read the only message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_truncated() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); - - memset(received, 0, MSGLEN); - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - 2 * MSGLEN)); - - /* Send two messages to the server, the second one small enough to fit in the - * receiver's buffer. */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) - == MSGLEN / 2); - /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2) - == MSGLEN/2); - - /* Test that the first half of the message is valid, and second one isn't */ - TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); - TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) - != 0); - memset(received, 0, MSGLEN); - - /* Read a full message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2) - == MSGLEN / 2); - - /* Test that the first half of the message is valid */ - TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_socket_read_error() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); - - /* Force a read error by disconnecting the socket by hand */ - server.status = 0; - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_TEST_ERROR_RECV_FAILED); - /* Return to a valid state */ - server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; - - memset(received, 0, sizeof(received)); - - /* Test that even though the server tried to read once disconnected, the - * continuity is preserved */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_interleaved_one_way() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context) == 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); - - /* Interleaved test - [2 sends, 1 read] twice, and then two reads - * (to wrap around the buffer) */ - for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - memset(received, 0, sizeof(received)); - } - - for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_interleaved_two_ways() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context) == 0); - - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context) == 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); - - /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads - * (to wrap around the buffer) both ways. */ - for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - - memset(received, 0, sizeof(received)); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - - memset(received, 0, sizeof(received)); - } - - for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - memset(received, 0, sizeof(received)); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); - - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); - memset(received, 0, sizeof(received)); - } - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); - - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ -void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) -{ - uint32_t len = 0; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - /* Read previous record numbers */ - for (len = 0; len < prevs->len; len += 6) { - memcpy(ssl.in_ctr + 2, prevs->x + len, 6); - mbedtls_ssl_dtls_replay_update(&ssl); - } - - /* Check new number */ - memcpy(ssl.in_ctr + 2, new->x, 6); - TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1) -{ - const char *output_hostname; - mbedtls_ssl_context ssl; - - mbedtls_ssl_init(&ssl); - USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0); - output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0); - - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0); - output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0); - -exit: - mbedtls_ssl_free(&ssl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_crypt_record(int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - int cid0_len, int cid1_len) -{ - /* - * Test several record encryptions and decryptions - * with plenty of space before and after the data - * within the record buffer. - */ - - int ret; - int num_records = 16; - mbedtls_ssl_context ssl; /* ONLY for debugging */ - - mbedtls_ssl_transform t0, t1; - unsigned char *buf = NULL; - size_t const buflen = 512; - mbedtls_record rec, rec_backup; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len); - - TEST_ASSERT(ret == 0); - - TEST_CALLOC(buf, buflen); - - while (num_records-- > 0) { - mbedtls_ssl_transform *t_dec, *t_enc; - /* Take turns in who's sending and who's receiving. */ - if (num_records % 3 == 0) { - t_dec = &t0; - t_enc = &t1; - } else { - t_dec = &t1; - t_enc = &t0; - } - - /* - * The record header affects the transformation in two ways: - * 1) It determines the AEAD additional data - * 2) The record counter sometimes determines the IV. - * - * Apart from that, the fields don't have influence. - * In particular, it is currently not the responsibility - * of ssl_encrypt/decrypt_buf to check if the transform - * version matches the record version, or that the - * type is sensible. - */ - - memset(rec.ctr, num_records, sizeof(rec.ctr)); - rec.type = 42; - rec.ver[0] = num_records; - rec.ver[1] = num_records; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - rec.buf = buf; - rec.buf_len = buflen; - rec.data_offset = 16; - /* Make sure to vary the length to exercise different - * paddings. */ - rec.data_len = 1 + num_records; - - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Make a copy for later comparison */ - rec_backup = rec; - - /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - if (ret != 0) { - continue; - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec.cid_len != 0) { - /* DTLS 1.2 + CID hides the real content type and - * uses a special CID content type in the protected - * record. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* TLS 1.3 hides the real content type and - * always uses Application Data as the content type - * for protected records. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* Decrypt record with t_dec */ - ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); - TEST_ASSERT(ret == 0); - - /* Compare results */ - TEST_ASSERT(rec.type == rec_backup.type); - TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); - TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); - TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); - TEST_ASSERT(rec.data_len == rec_backup.data_len); - TEST_ASSERT(rec.data_offset == rec_backup.data_offset); - TEST_ASSERT(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len) == 0); - } - -exit: - - /* Cleanup */ - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - - mbedtls_free(buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_crypt_record_small(int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - int cid0_len, int cid1_len) -{ - /* - * Test pairs of encryption and decryption with an increasing - * amount of space in the record buffer - in more detail: - * 1) Try to encrypt with 0, 1, 2, ... bytes available - * in front of the plaintext, and expect the encryption - * to succeed starting from some offset. Always keep - * enough space in the end of the buffer. - * 2) Try to encrypt with 0, 1, 2, ... bytes available - * at the end of the plaintext, and expect the encryption - * to succeed starting from some offset. Always keep - * enough space at the beginning of the buffer. - * 3) Try to encrypt with 0, 1, 2, ... bytes available - * both at the front and end of the plaintext, - * and expect the encryption to succeed starting from - * some offset. - * - * If encryption succeeds, check that decryption succeeds - * and yields the original record. - */ - - mbedtls_ssl_context ssl; /* ONLY for debugging */ - - mbedtls_ssl_transform t0, t1; - unsigned char *buf = NULL; - size_t const buflen = 256; - mbedtls_record rec, rec_backup; - - int ret; - int mode; /* Mode 1, 2 or 3 as explained above */ - size_t offset; /* Available space at beginning/end/both */ - size_t threshold = 96; /* Maximum offset to test against */ - - size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */ - size_t default_post_padding = 128; /* Post-padding to use in mode 1 */ - - int seen_success; /* Indicates if in the current mode we've - * already seen a successful test. */ - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len); - - TEST_ASSERT(ret == 0); - - TEST_CALLOC(buf, buflen); - - for (mode = 1; mode <= 3; mode++) { - seen_success = 0; - for (offset = 0; offset <= threshold; offset++) { - mbedtls_ssl_transform *t_dec, *t_enc; - t_dec = &t0; - t_enc = &t1; - - memset(rec.ctr, offset, sizeof(rec.ctr)); - rec.type = 42; - rec.ver[0] = offset; - rec.ver[1] = offset; - rec.buf = buf; - rec.buf_len = buflen; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - switch (mode) { - case 1: /* Space in the beginning */ - rec.data_offset = offset; - rec.data_len = buflen - offset - default_post_padding; - break; - - case 2: /* Space in the end */ - rec.data_offset = default_pre_padding; - rec.data_len = buflen - default_pre_padding - offset; - break; - - case 3: /* Space in the beginning and end */ - rec.data_offset = offset; - rec.data_len = buflen - 2 * offset; - break; - - default: - TEST_ASSERT(0); - break; - } - - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Make a copy for later comparison */ - rec_backup = rec; - - /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); - - if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - /* It's ok if the output buffer is too small. We do insist - * on at least one mode succeeding; this is tracked by - * seen_success. */ - continue; - } - - TEST_EQUAL(ret, 0); - seen_success = 1; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec.cid_len != 0) { - /* DTLS 1.2 + CID hides the real content type and - * uses a special CID content type in the protected - * record. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* TLS 1.3 hides the real content type and - * always uses Application Data as the content type - * for protected records. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* Decrypt record with t_dec */ - TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0); - - /* Compare results */ - TEST_ASSERT(rec.type == rec_backup.type); - TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); - TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); - TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); - TEST_ASSERT(rec.data_len == rec_backup.data_len); - TEST_ASSERT(rec.data_offset == rec_backup.data_offset); - TEST_ASSERT(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len) == 0); - } - - TEST_ASSERT(seen_success == 1); - } - -exit: - - /* Cleanup */ - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - - mbedtls_free(buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_hkdf_expand_label(int hash_alg, - data_t *secret, - int label_idx, - data_t *ctx, - int desired_length, - data_t *expected) -{ - unsigned char dst[100]; - - unsigned char const *lbl = NULL; - size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - if (label_idx == (int) tls13_label_ ## name) \ - { \ - lbl = mbedtls_ssl_tls13_labels.name; \ - lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ - } - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL - TEST_ASSERT(lbl != NULL); - - /* Check sanity of test parameters. */ - TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_hkdf_expand_label( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - dst, desired_length) == 0); - - TEST_MEMORY_COMPARE(dst, (size_t) desired_length, - expected->x, (size_t) expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_traffic_key_generation(int hash_alg, - data_t *server_secret, - data_t *client_secret, - int desired_iv_len, - int desired_key_len, - data_t *expected_server_write_key, - data_t *expected_server_write_iv, - data_t *expected_client_write_key, - data_t *expected_client_write_iv) -{ - mbedtls_ssl_key_set keys; - - /* Check sanity of test parameters. */ - TEST_ASSERT(client_secret->len == server_secret->len); - TEST_ASSERT( - expected_client_write_iv->len == expected_server_write_iv->len && - expected_client_write_iv->len == (size_t) desired_iv_len); - TEST_ASSERT( - expected_client_write_key->len == expected_server_write_key->len && - expected_client_write_key->len == (size_t) desired_key_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_make_traffic_keys( - (psa_algorithm_t) hash_alg, - client_secret->x, - server_secret->x, - client_secret->len /* == server_secret->len */, - desired_key_len, desired_iv_len, - &keys) == 0); - - TEST_MEMORY_COMPARE(keys.client_write_key, - keys.key_len, - expected_client_write_key->x, - (size_t) desired_key_len); - TEST_MEMORY_COMPARE(keys.server_write_key, - keys.key_len, - expected_server_write_key->x, - (size_t) desired_key_len); - TEST_MEMORY_COMPARE(keys.client_write_iv, - keys.iv_len, - expected_client_write_iv->x, - (size_t) desired_iv_len); - TEST_MEMORY_COMPARE(keys.server_write_iv, - keys.iv_len, - expected_server_write_iv->x, - (size_t) desired_iv_len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_secret(int hash_alg, - data_t *secret, - int label_idx, - data_t *ctx, - int desired_length, - int already_hashed, - data_t *expected) -{ - unsigned char dst[100]; - - unsigned char const *lbl = NULL; - size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - if (label_idx == (int) tls13_label_ ## name) \ - { \ - lbl = mbedtls_ssl_tls13_labels.name; \ - lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ - } - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL - TEST_ASSERT(lbl != NULL); - - /* Check sanity of test parameters. */ - TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_derive_secret( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - already_hashed, - dst, desired_length) == 0); - - TEST_MEMORY_COMPARE(dst, desired_length, - expected->x, desired_length); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_early_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *traffic_expected, - data_t *exporter_expected) -{ - mbedtls_ssl_tls13_early_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - traffic_expected->len == hash_len && - exporter_expected->len == hash_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_derive_early_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); - - TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len, - traffic_expected->x, traffic_expected->len); - TEST_MEMORY_COMPARE(secrets.early_exporter_master_secret, hash_len, - exporter_expected->x, exporter_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_handshake_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *client_expected, - data_t *server_expected) -{ - mbedtls_ssl_tls13_handshake_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - client_expected->len == hash_len && - server_expected->len == hash_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_derive_handshake_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); - - TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len, - client_expected->x, client_expected->len); - TEST_MEMORY_COMPARE(secrets.server_handshake_traffic_secret, hash_len, - server_expected->x, server_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_application_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *client_expected, - data_t *server_expected, - data_t *exporter_expected) -{ - mbedtls_ssl_tls13_application_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - client_expected->len == hash_len && - server_expected->len == hash_len && - exporter_expected->len == hash_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_derive_application_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); - - TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len, - client_expected->x, client_expected->len); - TEST_MEMORY_COMPARE(secrets.server_application_traffic_secret_N, hash_len, - server_expected->x, server_expected->len); - TEST_MEMORY_COMPARE(secrets.exporter_master_secret, hash_len, - exporter_expected->x, exporter_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_resumption_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *resumption_expected) -{ - mbedtls_ssl_tls13_application_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - resumption_expected->len == hash_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_derive_resumption_master_secret( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); - - TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len, - resumption_expected->x, resumption_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_create_psk_binder(int hash_alg, - data_t *psk, - int psk_type, - data_t *transcript, - data_t *binder_expected) -{ - unsigned char binder[MBEDTLS_MD_MAX_SIZE]; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - transcript->len == hash_len && - binder_expected->len == hash_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_create_psk_binder( - NULL, /* SSL context for debugging only */ - alg, - psk->x, psk->len, - psk_type, - transcript->x, - binder) == 0); - - TEST_MEMORY_COMPARE(binder, hash_len, - binder_expected->x, binder_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_record_protection(int ciphersuite, - int endpoint, - int ctr, - int padding_used, - data_t *server_write_key, - data_t *server_write_iv, - data_t *client_write_key, - data_t *client_write_iv, - data_t *plaintext, - data_t *ciphertext) -{ - mbedtls_ssl_key_set keys; - mbedtls_ssl_transform transform_send; - mbedtls_ssl_transform_init(&transform_send); - mbedtls_ssl_transform transform_recv; - mbedtls_ssl_transform_init(&transform_recv); - mbedtls_record rec; - unsigned char *buf = NULL; - size_t buf_len; - int other_endpoint; - - TEST_ASSERT(endpoint == MBEDTLS_SSL_IS_CLIENT || - endpoint == MBEDTLS_SSL_IS_SERVER); - - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - other_endpoint = MBEDTLS_SSL_IS_CLIENT; - } - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - other_endpoint = MBEDTLS_SSL_IS_SERVER; - } - - TEST_ASSERT(server_write_key->len == client_write_key->len); - TEST_ASSERT(server_write_iv->len == client_write_iv->len); - - memcpy(keys.client_write_key, - client_write_key->x, client_write_key->len); - memcpy(keys.client_write_iv, - client_write_iv->x, client_write_iv->len); - memcpy(keys.server_write_key, - server_write_key->x, server_write_key->len); - memcpy(keys.server_write_iv, - server_write_iv->x, server_write_iv->len); - - keys.key_len = server_write_key->len; - keys.iv_len = server_write_iv->len; - - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( - &transform_send, endpoint, - ciphersuite, &keys, NULL) == 0); - TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( - &transform_recv, other_endpoint, - ciphersuite, &keys, NULL) == 0); - - /* Make sure we have enough space in the buffer even if - * we use more padding than the KAT. */ - buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - TEST_CALLOC(buf, buf_len); - rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - - /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ - mbedtls_ssl_write_version(rec.ver, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); - - /* Copy plaintext into record structure */ - rec.buf = buf; - rec.buf_len = buf_len; - rec.data_offset = 0; - TEST_ASSERT(plaintext->len <= ciphertext->len); - memcpy(rec.buf + rec.data_offset, plaintext->x, plaintext->len); - rec.data_len = plaintext->len; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - memset(&rec.ctr[0], 0, 8); - rec.ctr[7] = ctr; - - TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec, - NULL, NULL) == 0); - - if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { - TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, - ciphertext->x, ciphertext->len); - } - - TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); - TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, - plaintext->x, plaintext->len); - -exit: - mbedtls_free(buf); - mbedtls_ssl_transform_free(&transform_send); - mbedtls_ssl_transform_free(&transform_recv); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_key_evolution(int hash_alg, - data_t *secret, - data_t *input, - data_t *expected) -{ - unsigned char secret_new[MBEDTLS_MD_MAX_SIZE]; - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_evolve_secret( - (psa_algorithm_t) hash_alg, - secret->len ? secret->x : NULL, - input->len ? input->x : NULL, input->len, - secret_new) == 0); - - TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, - expected->x, (size_t) expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */ -void ssl_tls_prf(int type, data_t *secret, data_t *random, - char *label, data_t *result_str, int exp_ret) -{ - unsigned char *output; - - output = mbedtls_calloc(1, result_str->len); - if (output == NULL) { - goto exit; - } - - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len, - label, random->x, random->len, - output, result_str->len) == exp_ret); - - if (exp_ret == 0) { - TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, - result_str->len, result_str->len) == 0); - } -exit: - - mbedtls_free(output); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_save_load(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session original, restored; - unsigned char *buf = NULL; - size_t len; - - /* - * Test that a save-load pair is the identity - */ - mbedtls_ssl_session_init(&original); - mbedtls_ssl_session_init(&restored); - USE_PSA_INIT(); - - /* Prepare a dummy session to work on */ - ((void) tls_version); - ((void) ticket_len); - ((void) crt_file); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &original, 0, endpoint_type) == 0); - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &original, ticket_len, endpoint_type, crt_file) == 0); - } -#endif - - /* Serialize it */ - TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_CALLOC(buf, len); - TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len) - == 0); - - /* Restore session from serialized data */ - TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0); - - /* - * Make sure both session structures are identical - */ -#if defined(MBEDTLS_HAVE_TIME) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.start == restored.start); - } -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); -#endif -#endif /* MBEDTLS_HAVE_TIME */ - - TEST_ASSERT(original.tls_version == restored.tls_version); - TEST_ASSERT(original.endpoint == restored.endpoint); - TEST_ASSERT(original.ciphersuite == restored.ciphersuite); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.id_len == restored.id_len); - TEST_ASSERT(memcmp(original.id, - restored.id, sizeof(original.id)) == 0); - TEST_ASSERT(memcmp(original.master, - restored.master, sizeof(original.master)) == 0); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - TEST_ASSERT((original.peer_cert == NULL) == - (restored.peer_cert == NULL)); - if (original.peer_cert != NULL) { - TEST_ASSERT(original.peer_cert->raw.len == - restored.peer_cert->raw.len); - TEST_ASSERT(memcmp(original.peer_cert->raw.p, - restored.peer_cert->raw.p, - original.peer_cert->raw.len) == 0); - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - TEST_ASSERT(original.peer_cert_digest_type == - restored.peer_cert_digest_type); - TEST_ASSERT(original.peer_cert_digest_len == - restored.peer_cert_digest_len); - TEST_ASSERT((original.peer_cert_digest == NULL) == - (restored.peer_cert_digest == NULL)); - if (original.peer_cert_digest != NULL) { - TEST_ASSERT(memcmp(original.peer_cert_digest, - restored.peer_cert_digest, - original.peer_cert_digest_len) == 0); - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - TEST_ASSERT(original.verify_result == restored.verify_result); - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(original.mfl_code == restored.mfl_code); -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - TEST_ASSERT(original.ticket_len == restored.ticket_len); - if (original.ticket_len != 0) { - TEST_ASSERT(original.ticket != NULL); - TEST_ASSERT(restored.ticket != NULL); - TEST_ASSERT(memcmp(original.ticket, - restored.ticket, original.ticket_len) == 0); - } - TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); -#endif - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); - TEST_ASSERT(original.ticket_flags == restored.ticket_flags); - TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len); - if (original.resumption_key_len != 0) { - TEST_ASSERT(original.resumption_key != NULL); - TEST_ASSERT(restored.resumption_key != NULL); - TEST_ASSERT(memcmp(original.resumption_key, - restored.resumption_key, - original.resumption_key_len) == 0); - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - TEST_ASSERT(original.ticket_alpn != NULL); - TEST_ASSERT(restored.ticket_alpn != NULL); - TEST_MEMORY_COMPARE(original.ticket_alpn, strlen(original.ticket_alpn), - restored.ticket_alpn, strlen(restored.ticket_alpn)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_HAVE_TIME) - TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time); -#endif - TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); - TEST_ASSERT(original.ticket_len == restored.ticket_len); - if (original.ticket_len != 0) { - TEST_ASSERT(original.ticket != NULL); - TEST_ASSERT(restored.ticket != NULL); - TEST_ASSERT(memcmp(original.ticket, - restored.ticket, - original.ticket_len) == 0); - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - TEST_ASSERT(original.hostname != NULL); - TEST_ASSERT(restored.hostname != NULL); - TEST_MEMORY_COMPARE(original.hostname, strlen(original.hostname), - restored.hostname, strlen(restored.hostname)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - TEST_ASSERT( - original.max_early_data_size == restored.max_early_data_size); -#endif - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - TEST_ASSERT(original.record_size_limit == restored.record_size_limit); -#endif - -exit: - mbedtls_ssl_session_free(&original); - mbedtls_ssl_session_free(&restored); - mbedtls_free(buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_load_save(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session session; - unsigned char *buf1 = NULL, *buf2 = NULL; - size_t len0, len1, len2; - - /* - * Test that a load-save pair is the identity - */ - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - /* Prepare a dummy session to work on */ - ((void) ticket_len); - ((void) crt_file); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - /* Get desired buffer size for serializing */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - /* Allocate first buffer */ - buf1 = mbedtls_calloc(1, len0); - TEST_ASSERT(buf1 != NULL); - - /* Serialize to buffer and free live session */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1) - == 0); - TEST_ASSERT(len0 == len1); - mbedtls_ssl_session_free(&session); - - /* Restore session from serialized data */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0); - - /* Allocate second buffer and serialize to it */ - buf2 = mbedtls_calloc(1, len0); - TEST_ASSERT(buf2 != NULL); - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2) - == 0); - - /* Make sure both serialized versions are identical */ - TEST_ASSERT(len1 == len2); - TEST_ASSERT(memcmp(buf1, buf2, len1) == 0); - -exit: - mbedtls_ssl_session_free(&session); - mbedtls_free(buf1); - mbedtls_free(buf2); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session session; - unsigned char *buf = NULL; - size_t good_len, bad_len, test_len; - - /* - * Test that session_save() fails cleanly on small buffers - */ - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - /* Prepare dummy session and get serialized size */ - ((void) ticket_len); - ((void) crt_file); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - /* Try all possible bad lengths */ - for (bad_len = 1; bad_len < good_len; bad_len++) { - /* Allocate exact size so that asan/valgrind can detect any overwrite */ - mbedtls_free(buf); - buf = NULL; - TEST_CALLOC(buf, bad_len); - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len, - &test_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_ASSERT(test_len == good_len); - } - -exit: - mbedtls_ssl_session_free(&session); - mbedtls_free(buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session session; - unsigned char *good_buf = NULL, *bad_buf = NULL; - size_t good_len, bad_len; - - /* - * Test that session_load() fails cleanly on small buffers - */ - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - /* Prepare serialized session data */ - ((void) ticket_len); - ((void) crt_file); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); - break; -#endif - - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_CALLOC(good_buf, good_len); - TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len, - &good_len) == 0); - mbedtls_ssl_session_free(&session); - - /* Try all possible bad lengths */ - for (bad_len = 0; bad_len < good_len; bad_len++) { - /* Allocate exact size so that asan/valgrind can detect any overread */ - mbedtls_free(bad_buf); - bad_buf = NULL; - TEST_CALLOC_NONNULL(bad_buf, bad_len); - memcpy(bad_buf, good_buf, bad_len); - - TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - } - -exit: - mbedtls_ssl_session_free(&session); - mbedtls_free(good_buf); - mbedtls_free(bad_buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_session_serialize_version_check(int corrupt_major, - int corrupt_minor, - int corrupt_patch, - int corrupt_config, - int endpoint_type, - int tls_version) -{ - unsigned char serialized_session[2048]; - size_t serialized_session_len; - unsigned cur_byte; - mbedtls_ssl_session session; - uint8_t should_corrupt_byte[] = { corrupt_major == 1, - corrupt_minor == 1, - corrupt_patch == 1, - corrupt_config == 1, - corrupt_config == 1 }; - - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, endpoint_type, NULL) == 0); - - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - /* Infer length of serialized session. */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, - serialized_session, - sizeof(serialized_session), - &serialized_session_len) == 0); - - mbedtls_ssl_session_free(&session); - - /* Without any modification, we should be able to successfully - * de-serialize the session - double-check that. */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len) == 0); - mbedtls_ssl_session_free(&session); - - /* Go through the bytes in the serialized session header and - * corrupt them bit-by-bit. */ - for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) { - int cur_bit; - unsigned char *const byte = &serialized_session[cur_byte]; - - if (should_corrupt_byte[cur_byte] == 0) { - continue; - } - - for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) { - unsigned char const corrupted_bit = 0x1u << cur_bit; - /* Modify a single bit in the serialized session. */ - *byte ^= corrupted_bit; - - /* Attempt to deserialize */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len) == - MBEDTLS_ERR_SSL_VERSION_MISMATCH); - - /* Undo the change */ - *byte ^= corrupted_bit; - } - } -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_session_id_accessors_check(int tls_version) -{ - mbedtls_ssl_session session; - int ciphersuite_id; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - ciphersuite_id = MBEDTLS_TLS1_3_AES_128_GCM_SHA256; - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER) == 0); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - ciphersuite_id = MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256; - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER, NULL) == 0); - - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - TEST_ASSERT(*mbedtls_ssl_session_get_id(&session) == session.id); - TEST_ASSERT(mbedtls_ssl_session_get_id_len(&session) == session.id_len); - /* mbedtls_test_ssl_tls1x_populate_session sets a mock suite-id of 0xabcd */ - TEST_ASSERT(mbedtls_ssl_session_get_ciphersuite_id(&session) == 0xabcd); - - /* Test setting a reference id for tls1.3 and tls1.2 */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if (ciphersuite_info != NULL) { - TEST_ASSERT(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info) == ciphersuite_id); - } - -exit: - mbedtls_ssl_session_free(&session); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ -void mbedtls_endpoint_sanity(int endpoint_type) -{ - enum { BUFFSIZE = 1024 }; - mbedtls_test_ssl_endpoint ep; - int ret = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - options.pk_alg = MBEDTLS_PK_RSA; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL); - TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - - ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, - 0, 0, 0); - TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); - - ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL); - TEST_ASSERT(ret == 0); - -exit: - mbedtls_test_ssl_endpoint_free(&ep, NULL); - mbedtls_test_free_handshake_options(&options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass) -{ - enum { BUFFSIZE = 1024 }; - mbedtls_test_ssl_endpoint base_ep, second_ep; - int ret = -1; - (void) tls_version; - - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.pk_alg = MBEDTLS_PK_RSA; - - /* - * If both TLS 1.2 and 1.3 are enabled and we want to do a TLS 1.2 - * handshake, force the TLS 1.2 version on endpoint under test. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) { - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } else { - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - } -#endif - - MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); - mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); - - ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL); - TEST_ASSERT(ret == 0); - - ret = mbedtls_test_ssl_endpoint_init( - &second_ep, - (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); - - TEST_ASSERT(ret == 0); - - ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), - &(second_ep.socket), - BUFFSIZE); - TEST_ASSERT(ret == 0); - - ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), - &(second_ep.ssl), - state); - if (need_pass) { - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(base_ep.ssl.state == state); - } else { - TEST_ASSERT(ret != 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(base_ep.ssl.state != state); - } - -exit: - mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&base_ep, NULL); - mbedtls_test_ssl_endpoint_free(&second_ep, NULL); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void handshake_version(int dtls, int client_min_version, int client_max_version, - int server_min_version, int server_max_version, - int expected_negotiated_version) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.client_min_version = client_min_version; - options.client_max_version = client_max_version; - options.server_min_version = server_min_version; - options.server_max_version = server_max_version; - options.expected_negotiated_version = expected_negotiated_version; - - options.dtls = dtls; - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ -void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.cipher = cipher; - options.dtls = dtls; - options.psk_str = psk_str; - options.pk_alg = pk_alg; - - options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ -void handshake_cipher(char *cipher, int pk_alg, int dtls) -{ - test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ -void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, - int psa_alg, int psa_alg2, int psa_usage, - int expected_handshake_result, - int expected_ciphersuite) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.cipher = cipher; - options.psk_str = psk_str; - options.pk_alg = pk_alg; - options.opaque_alg = psa_alg; - options.opaque_alg2 = psa_alg2; - options.opaque_usage = psa_usage; - options.expected_handshake_result = expected_handshake_result; - options.expected_ciphersuite = expected_ciphersuite; - - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void app_data(int mfl, int cli_msg_len, int srv_msg_len, - int expected_cli_fragments, - int expected_srv_fragments, int dtls) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cli_msg_len = cli_msg_len; - options.srv_msg_len = srv_msg_len; - options.expected_cli_fragments = expected_cli_fragments; - options.expected_srv_fragments = expected_srv_fragments; - options.dtls = dtls; - - options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, - int expected_cli_fragments, - int expected_srv_fragments) -{ - test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, - expected_srv_fragments, 0); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, - int expected_cli_fragments, - int expected_srv_fragments) -{ - test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, - expected_srv_fragments, 1); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void handshake_serialization() -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.serialize = 1; - options.dtls = 1; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - mbedtls_test_ssl_perform_handshake(&options); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -void handshake_fragmentation(int mfl, - int expected_srv_hs_fragmentation, - int expected_cli_hs_fragmentation) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; - - srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; - srv_pattern.counter = 0; - cli_pattern.counter = 0; - - mbedtls_test_init_handshake_options(&options); - options.dtls = 1; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.mfl = mfl; - /* Set cipher to one using CBC so that record splitting can be tested */ - options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; - options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - options.srv_log_obj = &srv_pattern; - options.cli_log_obj = &cli_pattern; - options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - options.cli_log_fun = mbedtls_test_ssl_log_analyzer; - - mbedtls_test_ssl_perform_handshake(&options); - - /* Test if the server received a fragmented handshake */ - if (expected_srv_hs_fragmentation) { - TEST_ASSERT(srv_pattern.counter >= 1); - } - /* Test if the client received a fragmented handshake */ - if (expected_cli_hs_fragmentation) { - TEST_ASSERT(cli_pattern.counter >= 1); - } - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void renegotiation(int legacy_renegotiation) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.renegotiate = 1; - options.legacy_renegotiation = legacy_renegotiation; - options.dtls = 1; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls, char *cipher) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cipher = cipher; - options.renegotiate = renegotiation; - options.legacy_renegotiation = legacy_renegotiation; - options.serialize = serialize; - options.dtls = dtls; - if (dtls) { - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - options.resize_buffers = 1; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void resize_buffers_serialize_mfl(int mfl) -{ - test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ""); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, - char *cipher) -{ - test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -void test_multiple_psks() -{ - unsigned char psk0[10] = { 0 }; - unsigned char psk0_identity[] = { 'f', 'o', 'o' }; - - unsigned char psk1[10] = { 0 }; - unsigned char psk1_identity[] = { 'b', 'a', 'r' }; - - mbedtls_ssl_config conf; - - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk0, sizeof(psk0), - psk0_identity, sizeof(psk0_identity)) == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk1, sizeof(psk1), - psk1_identity, sizeof(psk1_identity)) == - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - -exit: - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */ -void test_multiple_psks_opaque(int mode) -{ - /* - * Mode 0: Raw PSK, then opaque PSK - * Mode 1: Opaque PSK, then raw PSK - * Mode 2: 2x opaque PSK - */ - - unsigned char psk0_raw[10] = { 0 }; - unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' }; - - mbedtls_svc_key_id_t psk0_opaque = mbedtls_svc_key_id_make(0x1, (psa_key_id_t) 1); - - unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' }; - - unsigned char psk1_raw[10] = { 0 }; - unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' }; - - mbedtls_svc_key_id_t psk1_opaque = mbedtls_svc_key_id_make(0x1, (psa_key_id_t) 2); - - unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' }; - - mbedtls_ssl_config conf; - - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - switch (mode) { - case 0: - - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk0_raw, sizeof(psk0_raw), - psk0_raw_identity, sizeof(psk0_raw_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - break; - - case 1: - - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk1_raw, sizeof(psk1_raw), - psk1_raw_identity, sizeof(psk1_raw_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - - break; - - case 2: - - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - - break; - - default: - TEST_ASSERT(0); - break; - } - -exit: - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); - -} -/* END_CASE */ - -/* BEGIN_CASE */ -void conf_version(int endpoint, int transport, - int min_tls_version, int max_tls_version, - int expected_ssl_setup_result) -{ - mbedtls_ssl_config conf; - mbedtls_ssl_context ssl; - - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - mbedtls_ssl_conf_endpoint(&conf, endpoint); - mbedtls_ssl_conf_transport(&conf, transport); - mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); - mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); - TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( - mbedtls_ssl_context_get_config(&ssl)), endpoint); - - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - -exit: - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_ECC_SECP_R1_256 */ -void conf_curve() -{ - - mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1, - MBEDTLS_ECP_DP_SECP224R1, - MBEDTLS_ECP_DP_SECP256R1, - MBEDTLS_ECP_DP_NONE }; - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - - mbedtls_ssl_config conf; - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); -#else - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3); -#endif - mbedtls_ssl_conf_curves(&conf, curve_list); - - mbedtls_ssl_context ssl; - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL); - TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL); - - TEST_EQUAL(ssl.handshake-> - group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], - MBEDTLS_SSL_IANA_TLS_GROUP_NONE); - - for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { - TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ -void conf_group() -{ - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - - mbedtls_ssl_config conf; - mbedtls_ssl_config_init(&conf); - - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); - - mbedtls_ssl_conf_groups(&conf, iana_tls_group_list); - - mbedtls_ssl_context ssl; - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL); - - TEST_EQUAL(ssl.conf-> - group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], - MBEDTLS_SSL_IANA_TLS_GROUP_NONE); - - for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { - TEST_EQUAL(iana_tls_group_list[i], ssl.conf->group_list[i]); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ -void force_bad_session_id_len() -{ - enum { BUFFSIZE = 1024 }; - mbedtls_test_handshake_test_options options; - mbedtls_test_ssl_endpoint client, server; - mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; - mbedtls_test_message_socket_context server_context, client_context; - - srv_pattern.pattern = cli_pattern.pattern = "cache did not store session"; - srv_pattern.counter = 0; - mbedtls_test_init_handshake_options(&options); - - options.srv_log_obj = &srv_pattern; - options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL) == 0); - - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL) == 0); - - mbedtls_debug_set_threshold(1); - mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, - options.srv_log_obj); - - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); - - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP) - == 0); - /* Force a bad session_id_len that will be read by the server in - * mbedtls_ssl_cache_set. */ - server.ssl.session_negotiate->id_len = 33; - if (options.cli_msg_len != 0 || options.srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options.cli_msg_len, - options.expected_cli_fragments, - &(server.ssl), options.srv_msg_len, - options.expected_srv_fragments) - == 0); - } - - /* Make sure that the cache did not store the session */ - TEST_EQUAL(srv_pattern.counter, 1); -exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_free_handshake_options(&options); - mbedtls_debug_set_threshold(0); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */ -void cookie_parsing(data_t *cookie, int exp_ret) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - size_t len; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, - ssl.cli_id_len, - cookie->x, cookie->len, - ssl.out_buf, - MBEDTLS_SSL_OUT_CONTENT_LEN, - &len), - exp_ret); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */ -void timing_final_delay_accessor() -{ - mbedtls_timing_delay_context delay_context; - - USE_PSA_INIT(); - mbedtls_timing_set_delay(&delay_context, 50, 100); - - TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100); - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID */ -void cid_sanity() -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - - unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char test_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - int cid_enabled; - size_t own_cid_len; - - mbedtls_test_rnd_std_rand(NULL, own_cid, sizeof(own_cid)); - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) - == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - /* Can't use CID functions with stream transport. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) - == 0); - - /* Attempt to set config cid size too big. */ - TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) - == 0); - - /* Attempt to set CID length not matching config. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - MBEDTLS_SSL_CID_IN_LEN_MAX - 1) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)) - == 0); - - /* Test we get back what we put in. */ - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == 0); - - TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); - TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); - - /* Test disabling works. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, - 0) - == 0); - - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == 0); - - TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ -void raw_key_agreement_fail(int bad_server_ecdhe_key) -{ - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; - mbedtls_psa_stats_t stats; - size_t free_slots_before = -1; - mbedtls_test_handshake_test_options client_options, server_options; - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - - /* Client side, force SECP256R1 to make one key bitflip fail - * the raw key agreement. Flipping the first byte makes the - * required 0x04 identifier invalid. */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.group_list = iana_tls_group_list; - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, - NULL), 0); - - /* Server side */ - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, - NULL), 0); - - TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE), 0); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE), 0); - - mbedtls_psa_get_stats(&stats); - /* Save the number of slots in use up to this point. - * With PSA, one can be used for the ECDH private key. */ - free_slots_before = stats.empty_slots; - - if (bad_server_ecdhe_key) { - /* Force a simulated bitflip in the server key. to make the - * raw key agreement in ssl_write_client_key_exchange fail. */ - (client.ssl).handshake->xxdh_psa_peerkey[0] ^= 0x02; - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), - bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); - - mbedtls_psa_get_stats(&stats); - - /* Make sure that the key slot is already destroyed in case of failure, - * without waiting to close the connection. */ - if (bad_server_ecdhe_key) { - TEST_EQUAL(free_slots_before, stats.empty_slots); - } - -exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384 */ -void tls13_server_certificate_msg_invalid_vector_len() -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - unsigned char *buf, *end; - size_t buf_len; - int step = 0; - int expected_result; - mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - - /* - * Test set-up - */ - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - - mbedtls_test_init_handshake_options(&client_options); - MD_OR_USE_PSA_INIT(); - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_test_init_handshake_options(&server_options); - server_options.pk_alg = MBEDTLS_PK_ECDSA; - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - while (1) { - mbedtls_test_set_step(++step); - - ret = mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_CERTIFICATE_VERIFY); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_flush_output(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_CERTIFICATE); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_tls13_fetch_handshake_msg(&(client_ep.ssl), - MBEDTLS_SSL_HS_CERTIFICATE, - &buf, &buf_len); - TEST_EQUAL(ret, 0); - - end = buf + buf_len; - - /* - * Tweak server Certificate message and parse it. - */ - - ret = mbedtls_test_tweak_tls13_certificate_msg_vector_len( - buf, &end, step, &expected_result, &expected_chk_buf_ptr_args); - - if (ret != 0) { - break; - } - - ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end); - TEST_EQUAL(ret, expected_result); - - TEST_ASSERT(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( - &expected_chk_buf_ptr_args) == 0); - - mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - } - -exit: - mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -void ssl_ecjpake_set_password(int use_opaque_arg) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT; -#else /* MBEDTLS_USE_PSA_CRYPTO */ - (void) use_opaque_arg; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = ""; - size_t pwd_len = 0; - int ret; - - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - /* test with uninitalized SSL context */ - ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - mbedtls_ssl_config_init(&conf); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - - /* test with empty password or unitialized password key (depending on use_opaque_arg) */ - ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - pwd_len = strlen(ECJPAKE_TEST_PWD); - memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (use_opaque_arg) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* First try with an invalid usage */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - PSA_ASSERT(psa_import_key(&attributes, pwd_string, - pwd_len, &pwd_slot)); - - ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); - - /* check that the opaque key is still valid after failure */ - TEST_EQUAL(psa_get_key_attributes(pwd_slot, &check_attributes), - PSA_SUCCESS); - - psa_destroy_key(pwd_slot); - - /* Then set the correct usage */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - - PSA_ASSERT(psa_import_key(&attributes, pwd_string, - pwd_len, &pwd_slot)); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - /* final check which should work without errors */ - ECJPAKE_TEST_SET_PASSWORD(0); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (use_opaque_arg) { - psa_destroy_key(pwd_slot); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void elliptic_curve_get_properties() -{ - psa_key_type_t psa_type = PSA_KEY_TYPE_NONE; - size_t psa_bits; - - MD_OR_USE_PSA_INIT(); - -#if defined(PSA_WANT_ECC_SECP_R1_521) - TEST_AVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); -#else - TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - TEST_AVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); -#else - TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - TEST_AVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); -#else - TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - TEST_AVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384); -#else - TEST_UNAVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384); -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - TEST_AVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); -#else - TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); -#else - TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - TEST_AVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); -#else - TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); -#endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); -#else - TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); -#endif -#if defined(PSA_WANT_ECC_SECP_K1_224) - TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224); -#else - TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224); -#endif -#if defined(PSA_WANT_ECC_SECP_R1_192) - TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); -#else - TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); -#endif -#if defined(PSA_WANT_ECC_SECP_K1_192) - TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); -#else - TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); -#else - TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448); -#else - TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448); -#endif - goto exit; -exit: - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_resume_session_with_ticket() -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Handshake with ticket. - * - * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not - * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks - * below. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0); - - TEST_EQUAL(server_ep.ssl.handshake->resume, 1); - TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1); - TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - PSA_DONE(); -} -/* END_CASE */ - -/* - * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_read_early_data() below is - * a temporary workaround to not run the test in Windows-2013 where there is - * an issue with mbedtls_vsnprintf(). - */ -/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_read_early_data(int scenario) -{ - int ret = -1; - unsigned char buf[64]; - const char *early_data = "This is early data."; - size_t early_data_len = strlen(early_data); - mbedtls_test_ssl_endpoint client_ep, server_ep; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.group_list = group_list; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.group_list = group_list; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - -#if defined(MBEDTLS_SSL_ALPN) - switch (scenario) { - case TEST_EARLY_DATA_SAME_ALPN: - case TEST_EARLY_DATA_DIFF_ALPN: - case TEST_EARLY_DATA_NO_LATER_ALPN: - client_options.alpn_list[0] = "ALPNExample"; - client_options.alpn_list[1] = NULL; - server_options.alpn_list[0] = "ALPNExample"; - server_options.alpn_list[1] = NULL; - break; - } -#endif - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: deprotect and discard app data records."; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_HRR: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: Ignore application message before 2nd ClientHello"; - server_options.group_list = group_list + 1; - break; -#if defined(MBEDTLS_SSL_ALPN) - case TEST_EARLY_DATA_SAME_ALPN: - client_options.alpn_list[0] = "ALPNExample"; - client_options.alpn_list[1] = NULL; - server_options.alpn_list[0] = "ALPNExample"; - server_options.alpn_list[1] = NULL; - break; - case TEST_EARLY_DATA_DIFF_ALPN: - case TEST_EARLY_DATA_NO_INITIAL_ALPN: - client_options.alpn_list[0] = "ALPNExample2"; - client_options.alpn_list[1] = NULL; - server_options.alpn_list[0] = "ALPNExample2"; - server_options.alpn_list[1] = NULL; - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: rejected, the selected ALPN is different " - "from the one associated with the pre-shared key."; - break; - case TEST_EARLY_DATA_NO_LATER_ALPN: - client_options.alpn_list[0] = NULL; - server_options.alpn_list[0] = NULL; - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: rejected, the selected ALPN is different " - "from the one associated with the pre-shared key."; - break; -#endif - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - server_options.srv_log_obj = &server_pattern; - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Handshake with ticket and send early data. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO), 0); - - ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), - (unsigned char *) early_data, - early_data_len); - - if (client_ep.ssl.early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { - TEST_EQUAL(ret, early_data_len); - } else { - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - } - - ret = mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP); - - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: -#if defined(MBEDTLS_SSL_ALPN) - case TEST_EARLY_DATA_SAME_ALPN: -#endif - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1); - TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl), - buf, sizeof(buf)), early_data_len); - TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(ret, 0); - TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: -#if defined(MBEDTLS_SSL_ALPN) - case TEST_EARLY_DATA_DIFF_ALPN: - case TEST_EARLY_DATA_NO_INITIAL_ALPN: - case TEST_EARLY_DATA_NO_LATER_ALPN: -#endif - TEST_EQUAL(ret, 0); - TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); - TEST_EQUAL(server_pattern.counter, 1); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - mbedtls_debug_set_threshold(0); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_cli_early_data_state(int scenario) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - if (scenario == TEST_EARLY_DATA_HRR) { - client_options.group_list = group_list; - server_options.group_list = group_list; - } - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_HRR: - server_options.group_list = group_list + 1; - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Go through the handshake sequence, state by state, checking the early - * data status each time. - */ - do { - int state = client_ep.ssl.state; - - /* Progress the handshake from at least one state */ - while (client_ep.ssl.state == state) { - ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - if (client_ep.ssl.state != state) { - break; - } - ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - } - - if (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { - TEST_EQUAL(mbedtls_ssl_get_early_data_status(&(client_ep.ssl)), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - } - - switch (client_ep.ssl.state) { - case MBEDTLS_SSL_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_IDLE); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_IDLE); - } else { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - memcpy(client_random, - client_ep.ssl.handshake->randbytes, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - } else { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - TEST_MEMORY_COMPARE(client_random, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - client_ep.ssl.handshake->randbytes, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_END_OF_EARLY_DATA: - TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT); - break; - - default: - TEST_FAIL("Unexpected or unknown scenario."); - } - break; - - case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR); - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unexpected or unknown scenario."); - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_OVER: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - default: - TEST_FAIL("Unexpected state."); - } - } while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER); - - ret = mbedtls_ssl_get_early_data_status(&(client_ep.ssl)); - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_ssl_get_early_data_status(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - TEST_EQUAL(client_ep.ssl.handshake->ccs_sent, 1); -#endif - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_write_early_data(int scenario) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - int beyond_first_hello = 0; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - if (scenario == TEST_EARLY_DATA_HRR) { - client_options.group_list = group_list; - server_options.group_list = group_list; - } - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_HRR: - /* - * Remove server support for the group negotiated in - * mbedtls_test_get_tls13_ticket() forcing a HelloRetryRequest. - */ - server_options.group_list = group_list + 1; - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Run handshakes going one state further in the handshake sequence at each - * loop up to the point where we reach the MBEDTLS_SSL_HANDSHAKE_OVER - * state. For each reached handshake state, check the result of the call - * to mbedtls_ssl_write_early_data(), make sure we can complete the - * handshake successfully and then reset the connection to restart the - * handshake from scratch. - */ - do { - int client_state = client_ep.ssl.state; - int previous_client_state; - const char *early_data_string = "This is early data."; - const unsigned char *early_data = (const unsigned char *) early_data_string; - size_t early_data_len = strlen(early_data_string); - int write_early_data_ret, read_early_data_ret; - unsigned char read_buf[64]; - - write_early_data_ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), - early_data, - early_data_len); - - if (scenario == TEST_EARLY_DATA_NO_INDICATION_SENT) { - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, client_state); - goto complete_handshake; - } - - switch (client_state) { - case MBEDTLS_SSL_HELLO_REQUEST: /* Intentional fallthrough */ - case MBEDTLS_SSL_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - } else { - beyond_first_hello = 1; - TEST_EQUAL(write_early_data_ret, - MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - } else { - TEST_EQUAL(write_early_data_ret, - MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - break; - - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); - break; - - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_END_OF_EARLY_DATA: - TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_END_OF_EARLY_DATA); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - break; - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR); - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO); - break; - - case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, - MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, - MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED); - break; - default: - TEST_FAIL("Unexpected or unknown scenario."); - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - case MBEDTLS_SSL_CLIENT_CERTIFICATE: /* Intentional fallthrough */ - case MBEDTLS_SSL_CLIENT_FINISHED: /* Intentional fallthrough */ - case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_OVER: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, client_state); - break; - default: - TEST_FAIL("Unknown scenario."); - } - break; - - default: - TEST_FAIL("Unexpected state."); - } - -complete_handshake: - do { - ret = mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER); - - if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { - read_early_data_ret = mbedtls_ssl_read_early_data( - &(server_ep.ssl), read_buf, sizeof(read_buf)); - - TEST_EQUAL(read_early_data_ret, early_data_len); - } - } while (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - - TEST_EQUAL(ret, 0); - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - mbedtls_test_mock_socket_close(&(client_ep.socket)); - mbedtls_test_mock_socket_close(&(server_ep.socket)); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - previous_client_state = client_state; - if (previous_client_state == MBEDTLS_SSL_HANDSHAKE_OVER) { - break; - } - - /* In case of HRR scenario, once we have been through it, move over - * the first ClientHello and ServerHello otherwise we just keep playing - * this first part of the handshake with HRR. - */ - if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) { - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO) == 0); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_CLIENT_HELLO) == 0); - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - previous_client_state), 0); - - /* Progress the handshake from at least one state */ - while (client_ep.ssl.state == previous_client_state) { - ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - if (client_ep.ssl.state != previous_client_state) { - break; - } - ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - } - } while (1); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_cli_max_early_data_size(int max_early_data_size_arg) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - unsigned char *buf = NULL; - uint32_t buf_size = 64; - uint32_t max_early_data_size; - uint32_t written_early_data_size = 0; - uint32_t read_early_data_size = 0; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - TEST_CALLOC(buf, buf_size); - - /* - * Run first handshake to get a ticket from the server. - */ - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.max_early_data_size = max_early_data_size_arg; - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - max_early_data_size = saved_session.max_early_data_size; - /* - * (max_early_data_size + 1024) for the size of the socket buffers for the - * server one to be able to contain the maximum number of early data bytes - * plus the first flight of client messages. Needed because we cannot - * initiate the handshake on server side before doing all the calls to - * mbedtls_ssl_write_early_data() we want to test. See below for more - * information. - */ - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), - max_early_data_size + 1024); - TEST_EQUAL(ret, 0); - - /* If our server is configured with max_early_data_size equal to zero, it - * does not set the MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA flag for - * the tickets it creates. To be able to test early data with a ticket - * allowing early data in its flags but with max_early_data_size equal to - * zero (case supported by our client) tweak the ticket flags here. - */ - if (max_early_data_size == 0) { - saved_session.ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; - } - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - while (written_early_data_size < max_early_data_size) { - uint32_t remaining = max_early_data_size - written_early_data_size; - - for (size_t i = 0; i < buf_size; i++) { - buf[i] = (unsigned char) (written_early_data_size + i); - } - - ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), - buf, - buf_size); - - if (buf_size <= remaining) { - TEST_EQUAL(ret, buf_size); - } else { - TEST_EQUAL(ret, remaining); - } - written_early_data_size += buf_size; - } - TEST_EQUAL(client_ep.ssl.total_early_data_size, max_early_data_size); - - ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), buf, 1); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.total_early_data_size, max_early_data_size); - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - - /* - * Now, check data on server side. It is not done in the previous loop as - * in the first call to mbedtls_ssl_handshake(), the server ends up sending - * its Finished message and then in the following call to - * mbedtls_ssl_write_early_data() we go past the early data writing window - * and we cannot test multiple calls to the API is this writing window. - */ - while (read_early_data_size < max_early_data_size) { - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - - ret = mbedtls_ssl_read_early_data(&(server_ep.ssl), - buf, - buf_size); - TEST_ASSERT(ret > 0); - - for (size_t i = 0; i < (size_t) ret; i++) { - TEST_EQUAL(buf[i], (unsigned char) (read_early_data_size + i)); - } - - read_early_data_size += ret; - } - TEST_EQUAL(read_early_data_size, max_early_data_size); - - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER) - == 0); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - mbedtls_free(buf); - PSA_DONE(); -} -/* END_CASE */ - -/* - * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is - * a temporary workaround to not run the test in Windows-2013 where there is - * an issue with mbedtls_vsnprintf(). - */ -/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int write_size_arg) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - char pattern[128]; - unsigned char *buf_write = NULL; - uint32_t write_size = (uint32_t) write_size_arg; - unsigned char *buf_read = NULL; - uint32_t read_size; - uint32_t expanded_early_data_chunk_size = 0; - uint32_t written_early_data_size = 0; - uint32_t max_early_data_size; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - PSA_INIT(); - - TEST_CALLOC(buf_write, write_size); - - /* - * Allocate a smaller buffer for early data reading to exercise the reading - * of data in one record in multiple calls. - */ - read_size = (write_size / 2) + 1; - TEST_CALLOC(buf_read, read_size); - - /* - * Run first handshake to get a ticket from the server. - */ - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.group_list = group_list; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.group_list = group_list; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.max_early_data_size = max_early_data_size_arg; - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - server_options.srv_log_obj = &server_pattern; - server_pattern.pattern = pattern; - - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - ret = mbedtls_snprintf(pattern, sizeof(pattern), - "EarlyData: deprotect and discard app data records."); - TEST_ASSERT(ret < (int) sizeof(pattern)); - mbedtls_debug_set_threshold(3); - break; - - case TEST_EARLY_DATA_HRR: - /* - * Remove server support for the group negotiated in - * mbedtls_test_get_tls13_ticket() forcing an HelloRetryRequest. - */ - server_options.group_list = group_list + 1; - ret = mbedtls_snprintf( - pattern, sizeof(pattern), - "EarlyData: Ignore application message before 2nd ClientHello"); - TEST_ASSERT(ret < (int) sizeof(pattern)); - mbedtls_debug_set_threshold(3); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - max_early_data_size = saved_session.max_early_data_size; - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Start an handshake based on the ticket up to the point where early data - * can be sent from client side. Then send in a loop as much early data as - * possible without going over the maximum permitted size for the ticket. - * Finally, do a last writting to go past that maximum permitted size and - * check that we detect it. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO), 0); - - TEST_ASSERT(client_ep.ssl.early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - - /* - * Write and if possible read as much as possible chunks of write_size - * bytes data without getting over the max_early_data_size limit. - */ - do { - uint32_t read_early_data_size = 0; - - /* - * The contents of the early data are not very important, write a - * pattern that varies byte-by-byte and is different for every chunk of - * early data. - */ - if ((written_early_data_size + write_size) > max_early_data_size) { - break; - } - - /* - * If the server rejected early data, base the determination of when - * to stop the loop on the expanded size (padding and encryption - * expansion) of early data on server side and the number of early data - * received so far by the server (multiple of the expanded size). - */ - if ((expanded_early_data_chunk_size != 0) && - ((server_ep.ssl.total_early_data_size + - expanded_early_data_chunk_size) > max_early_data_size)) { - break; - } - - for (size_t i = 0; i < write_size; i++) { - buf_write[i] = (unsigned char) (written_early_data_size + i); - } - - ret = write_early_data(&(client_ep.ssl), buf_write, write_size); - TEST_EQUAL(ret, write_size); - written_early_data_size += write_size; - - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - while (read_early_data_size < write_size) { - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - - ret = mbedtls_ssl_read_early_data(&(server_ep.ssl), - buf_read, read_size); - TEST_ASSERT(ret > 0); - - TEST_MEMORY_COMPARE(buf_read, ret, - buf_write + read_early_data_size, ret); - read_early_data_size += ret; - - TEST_EQUAL(server_ep.ssl.total_early_data_size, - written_early_data_size); - } - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - /* - * In this write loop we try to always stay below the - * max_early_data_size limit but if max_early_data_size is very - * small we may exceed the max_early_data_size limit on the - * first write. In TEST_EARLY_DATA_SERVER_REJECTS/ - * TEST_EARLY_DATA_HRR scenario, this is for sure the case if - * max_early_data_size is smaller than the smallest possible - * inner content/protected record. Take into account this - * possibility here but only for max_early_data_size values - * that are close to write_size. Below, '1' is for the inner - * type byte and '16' is to take into account some AEAD - * expansion (tag, ...). - */ - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { - if (scenario == TEST_EARLY_DATA_SERVER_REJECTS) { - TEST_LE_U(max_early_data_size, - write_size + 1 + - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - } else { - TEST_LE_U(max_early_data_size, - write_size + 1 + 16 + - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - } - goto exit; - } - - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ); - - TEST_EQUAL(server_pattern.counter, 1); - server_pattern.counter = 0; - if (expanded_early_data_chunk_size == 0) { - expanded_early_data_chunk_size = server_ep.ssl.total_early_data_size; - } - break; - } - TEST_LE_U(server_ep.ssl.total_early_data_size, max_early_data_size); - } while (1); - - mbedtls_debug_set_threshold(3); - ret = write_early_data(&(client_ep.ssl), buf_write, write_size); - TEST_EQUAL(ret, write_size); - - ret = mbedtls_snprintf(pattern, sizeof(pattern), - "EarlyData: Too much early data received"); - TEST_ASSERT(ret < (int) sizeof(pattern)); - - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - TEST_EQUAL(server_pattern.counter, 1); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - mbedtls_free(buf_write); - mbedtls_free(buf_read); - mbedtls_debug_set_threshold(0); - PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function deleted file mode 100644 index 909e6cfa4..000000000 --- a/tests/suites/test_suite_ssl_decrypt.function +++ /dev/null @@ -1,312 +0,0 @@ -/* BEGIN_HEADER */ -/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative - * testing (using malformed inputs). */ - -#include -#include -#include - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_SSL_TLS_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */ -void ssl_decrypt_null(int hash_id) -{ - mbedtls_ssl_transform transform_in, transform_out; - mbedtls_ssl_transform_init(&transform_in); - mbedtls_ssl_transform_init(&transform_out); - const mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2; - const mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NULL; - mbedtls_record rec_good = { - .ctr = { 0 }, - .type = MBEDTLS_SSL_MSG_APPLICATION_DATA, - .ver = { 0, 0 }, /* Will be set by a function call below */ - .buf = NULL, - .buf_len = 0, - .data_offset = 0, - .data_len = 0, -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - .cid_len = 0, - .cid = { 0 }, -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - }; - mbedtls_ssl_write_version(rec_good.ver, - MBEDTLS_SSL_TRANSPORT_STREAM, - version); - const char sample_plaintext[3] = "ABC"; - mbedtls_ssl_context ssl; - mbedtls_ssl_init(&ssl); - uint8_t *buf = NULL; - - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_ssl_build_transforms(&transform_in, &transform_out, - cipher_type, hash_id, 0, 0, - version, - 0, 0), 0); - - const size_t plaintext_length = sizeof(sample_plaintext); - rec_good.buf_len = plaintext_length + transform_in.maclen; - rec_good.data_len = plaintext_length; - TEST_CALLOC(rec_good.buf, rec_good.buf_len); - memcpy(rec_good.buf, sample_plaintext, plaintext_length); - TEST_EQUAL(mbedtls_test_ssl_prepare_record_mac(&rec_good, - &transform_out), 0); - - /* Good case */ - mbedtls_record rec = rec_good; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), 0); - - /* Change any one byte of the plaintext or MAC. The MAC will be wrong. */ - TEST_CALLOC(buf, rec.buf_len); - for (size_t i = 0; i < rec.buf_len; i++) { - mbedtls_test_set_step(i); - rec = rec_good; - rec.buf = buf; - memcpy(buf, rec_good.buf, rec.buf_len); - buf[i] ^= 1; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INVALID_MAC); - } - mbedtls_free(buf); - buf = NULL; - - /* Shorter input buffer. Either the MAC will be wrong, or there isn't - * enough room for a MAC. */ - for (size_t n = 1; n < rec.buf_len; n++) { - mbedtls_test_set_step(n); - rec = rec_good; - TEST_CALLOC(buf, n); - rec.buf = buf; - rec.buf_len = n; - rec.data_len = n; - memcpy(buf, rec_good.buf, n); - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INVALID_MAC); - mbedtls_free(buf); - buf = NULL; - } - - /* For robustness, check a 0-length buffer (non-null, then null). - * This should not reach mbedtls_ssl_decrypt_buf() as used in the library, - * so the exact error doesn't matter, but we don't want a crash. */ - { - const uint8_t buf1[1] = { 'a' }; - rec = rec_good; - /* We won't write to buf1[0] since it's out of range, so we can cast - * the const away. */ - rec.buf = (uint8_t *) buf1; - rec.buf_len = 0; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INTERNAL_ERROR); - } - rec = rec_good; - rec.buf = NULL; - rec.buf_len = 0; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INTERNAL_ERROR); - -exit: - mbedtls_ssl_transform_free(&transform_in); - mbedtls_ssl_transform_free(&transform_out); - mbedtls_free(rec_good.buf); - mbedtls_ssl_free(&ssl); - mbedtls_free(buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2 */ -void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, - int length_selector) -{ - /* - * Test record decryption for CBC without EtM, focused on the verification - * of padding and MAC. - * - * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since - * the test framework doesn't support alternation in dependency statements, - * just depend on AES. - * - * The length_selector argument is interpreted as follows: - * - if it's -1, the plaintext length is 0 and minimal padding is applied - * - if it's -2, the plaintext length is 0 and maximal padding is applied - * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: - * it's the length of the rest of the padding, that is, excluding the - * byte that encodes the length. The minimal non-zero plaintext length - * that gives this padding_length is automatically selected. - */ - mbedtls_ssl_context ssl; /* ONLY for debugging */ - mbedtls_ssl_transform t0, t1; - mbedtls_record rec, rec_save; - unsigned char *buf = NULL, *buf_save = NULL; - size_t buflen, olen = 0; - size_t plaintext_len, block_size, i; - unsigned char padlen; /* excluding the padding_length byte */ - int exp_ret; - int ret; - const unsigned char pad_max_len = 255; /* Per the standard */ - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - /* Set up transforms with dummy keys */ - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - 0, trunc_hmac, - MBEDTLS_SSL_VERSION_TLS1_2, - 0, 0); - - TEST_ASSERT(ret == 0); - - /* Determine padding/plaintext length */ - TEST_ASSERT(length_selector >= -2 && length_selector <= 255); - block_size = t0.ivlen; - if (length_selector < 0) { - plaintext_len = 0; - - /* Minimal padding - * The +1 is for the padding_length byte, not counted in padlen. */ - padlen = block_size - (t0.maclen + 1) % block_size; - - /* Maximal padding? */ - if (length_selector == -2) { - padlen += block_size * ((pad_max_len - padlen) / block_size); - } - } else { - padlen = length_selector; - - /* Minimal non-zero plaintext_length giving desired padding. - * The +1 is for the padding_length byte, not counted in padlen. */ - plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; - } - - /* Prepare a buffer for record data */ - buflen = block_size - + plaintext_len - + t0.maclen - + padlen + 1; - TEST_CALLOC(buf, buflen); - TEST_CALLOC(buf_save, buflen); - - /* Prepare a dummy record header */ - memset(rec.ctr, 0, sizeof(rec.ctr)); - rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* Prepare dummy record content */ - rec.buf = buf; - rec.buf_len = buflen; - rec.data_offset = block_size; - rec.data_len = plaintext_len; - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Set dummy IV */ - memset(t0.iv_enc, 0x55, t0.ivlen); - memcpy(rec.buf, t0.iv_enc, t0.ivlen); - - /* - * Prepare a pre-encryption record (with MAC and padding), and save it. - */ - TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0)); - - /* Pad */ - memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); - rec.data_len += padlen + 1; - - /* Save correct pre-encryption record */ - rec_save = rec; - rec_save.buf = buf_save; - memcpy(buf_save, buf, buflen); - - /* - * Encrypt and decrypt the correct record, expecting success - */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - - /* - * Modify each byte of the pre-encryption record before encrypting and - * decrypting it, expecting failure every time. - */ - for (i = block_size; i < buflen; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ - rec.buf[i] ^= 0x01; - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure */ - TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, - mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - - /* - * Use larger values of the padding bytes - with small buffers, this tests - * the case where the announced padlen would be larger than the buffer - * (and before that, than the buffer minus the size of the MAC), to make - * sure our padding checking code does not perform any out-of-bounds reads - * in this case. (With larger buffers, ie when the plaintext is long or - * maximal length padding is used, this is less relevant but still doesn't - * hurt to test.) - * - * (Start the loop with correct padding, just to double-check that record - * saving did work, and that we're overwriting the correct bytes.) - */ - for (i = padlen; i <= pad_max_len; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Set padding bytes to new value */ - memset(buf + buflen - padlen - 1, i, padlen + 1); - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure except the first time */ - exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; - TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - mbedtls_free(buf); - mbedtls_free(buf_save); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data deleted file mode 100644 index e7bdba396..000000000 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ /dev/null @@ -1,399 +0,0 @@ -Decrypt null cipher, MD5 -depends_on:PSA_WANT_ALG_MD5 -ssl_decrypt_null:MBEDTLS_MD_MD5 - -Decrypt null cipher, SHA-1 -depends_on:PSA_WANT_ALG_SHA_1 -ssl_decrypt_null:MBEDTLS_MD_SHA1 - -Decrypt null cipher, SHA-256 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_decrypt_null:MBEDTLS_MD_SHA256 - -Decrypt null cipher, SHA-384 -depends_on:PSA_WANT_ALG_SHA_384 -ssl_decrypt_null:MBEDTLS_MD_SHA384 - -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 diff --git a/tests/suites/test_suite_test_helpers.data b/tests/suites/test_suite_test_helpers.data deleted file mode 100644 index 1d221d7bf..000000000 --- a/tests/suites/test_suite_test_helpers.data +++ /dev/null @@ -1,23 +0,0 @@ -Memory poison+unpoison: offset=0 len=42 -memory_poison_unpoison:0:42 - -Memory poison+unpoison: offset=0 len=1 -memory_poison_unpoison:0:1 - -Memory poison+unpoison: offset=0 len=2 -memory_poison_unpoison:0:2 - -Memory poison+unpoison: offset=1 len=1 -memory_poison_unpoison:1:1 - -Memory poison+unpoison: offset=1 len=2 -memory_poison_unpoison:1:2 - -Memory poison+unpoison: offset=7 len=1 -memory_poison_unpoison:7:1 - -Memory poison+unpoison: offset=7 len=2 -memory_poison_unpoison:7:2 - -Memory poison+unpoison: offset=0 len=0 -memory_poison_unpoison:0:0 diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function deleted file mode 100644 index 8c5d5adf6..000000000 --- a/tests/suites/test_suite_test_helpers.function +++ /dev/null @@ -1,40 +0,0 @@ -/* BEGIN_HEADER */ - -/* Test some parts of the test framework. */ - -#include -#include - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES */ - -/* END_DEPENDENCIES */ - -/* BEGIN_CASE depends_on:MBEDTLS_TEST_MEMORY_CAN_POISON */ -/* Test that poison+unpoison leaves the memory accessible. */ -/* We can't test that poisoning makes the memory inaccessible: - * there's no sane way to catch an Asan/Valgrind complaint. - * That negative testing is done in programs/test/metatest.c. */ -void memory_poison_unpoison(int align, int size) -{ - unsigned char *buf = NULL; - const size_t buffer_size = align + size; - TEST_CALLOC(buf, buffer_size); - - for (size_t i = 0; i < buffer_size; i++) { - buf[i] = (unsigned char) (i & 0xff); - } - - const unsigned char *start = buf == NULL ? NULL : buf + align; - mbedtls_test_memory_poison(start, (size_t) size); - mbedtls_test_memory_unpoison(start, (size_t) size); - - for (size_t i = 0; i < buffer_size; i++) { - TEST_EQUAL(buf[i], (unsigned char) (i & 0xff)); - } - -exit: - mbedtls_free(buf); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data deleted file mode 100644 index de89239e7..000000000 --- a/tests/suites/test_suite_timing.data +++ /dev/null @@ -1,8 +0,0 @@ -Timing: get timer -timing_get_timer: - -Timing: delay 0ms -timing_delay:0: - -Timing: delay 100ms -timing_delay:100: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function deleted file mode 100644 index 4143a1c51..000000000 --- a/tests/suites/test_suite_timing.function +++ /dev/null @@ -1,57 +0,0 @@ -/* BEGIN_HEADER */ - -/* This test module exercises the timing module. Since, depending on the - * underlying operating system, the timing routines are not always reliable, - * this suite only performs very basic sanity checks of the timing API. - */ - -#include - -#include "mbedtls/timing.h" - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_TIMING_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void timing_get_timer() -{ - struct mbedtls_timing_hr_time time; - - memset(&time, 0, sizeof(time)); - - (void) mbedtls_timing_get_timer(&time, 1); - - /* Check that a non-zero time was written back */ - int all_zero = 1; - for (size_t i = 0; i < sizeof(time); i++) { - all_zero &= ((unsigned char *) &time)[i] == 0; - } - TEST_ASSERT(!all_zero); - - (void) mbedtls_timing_get_timer(&time, 0); - - /* This goto is added to avoid warnings from the generated code. */ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE */ -void timing_delay(int fin_ms) -{ - mbedtls_timing_delay_context ctx; - int result; - if (fin_ms == 0) { - mbedtls_timing_set_delay(&ctx, 0, 0); - result = mbedtls_timing_get_delay(&ctx); - TEST_ASSERT(result == -1); - } else { - mbedtls_timing_set_delay(&ctx, fin_ms / 2, fin_ms); - result = mbedtls_timing_get_delay(&ctx); - TEST_ASSERT(result >= 0 && result <= 2); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data deleted file mode 100644 index 3c818583f..000000000 --- a/tests/suites/test_suite_version.data +++ /dev/null @@ -1,15 +0,0 @@ -Check compile time library version -check_compiletime_version:"4.0.0" - -Check runtime library version -check_runtime_version:"4.0.0" - -Check for MBEDTLS_VERSION_C -check_feature:"MBEDTLS_VERSION_C":0 - -Check for MBEDTLS_TIMING_C when already present -depends_on:MBEDTLS_TIMING_C -check_feature:"MBEDTLS_TIMING_C":0 - -Check for unknown define -check_feature:"MBEDTLS_UNKNOWN":-1 diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function deleted file mode 100644 index eeae51262..000000000 --- a/tests/suites/test_suite_version.function +++ /dev/null @@ -1,73 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/version.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_VERSION_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void check_compiletime_version(char *version_str) -{ - char build_str[100]; - char build_str_full[100]; - unsigned int build_int; - - memset(build_str, 0, 100); - memset(build_str_full, 0, 100); - - mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH); - - mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH); - - build_int = MBEDTLS_VERSION_MAJOR << 24 | - MBEDTLS_VERSION_MINOR << 16 | - MBEDTLS_VERSION_PATCH << 8; - - TEST_ASSERT(build_int == MBEDTLS_VERSION_NUMBER); - TEST_ASSERT(strcmp(build_str, MBEDTLS_VERSION_STRING) == 0); - TEST_ASSERT(strcmp(build_str_full, MBEDTLS_VERSION_STRING_FULL) == 0); - TEST_ASSERT(strcmp(version_str, MBEDTLS_VERSION_STRING) == 0); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void check_runtime_version(char *version_str) -{ - char build_str[100]; - char get_str[100]; - char build_str_full[100]; - char get_str_full[100]; - unsigned int get_int; - - memset(build_str, 0, 100); - memset(get_str, 0, 100); - memset(build_str_full, 0, 100); - memset(get_str_full, 0, 100); - - get_int = mbedtls_version_get_number(); - mbedtls_version_get_string(get_str); - mbedtls_version_get_string_full(get_str_full); - - mbedtls_snprintf(build_str, 100, "%u.%u.%u", - (get_int >> 24) & 0xFF, - (get_int >> 16) & 0xFF, - (get_int >> 8) & 0xFF); - mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str); - - TEST_ASSERT(strcmp(build_str, version_str) == 0); - TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0); - TEST_ASSERT(strcmp(version_str, get_str) == 0); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_VERSION_FEATURES */ -void check_feature(char *feature, int result) -{ - int check = mbedtls_version_check_feature(feature); - TEST_ASSERT(check == result); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data deleted file mode 100644 index d962f34b6..000000000 --- a/tests/suites/test_suite_x509parse.data +++ /dev/null @@ -1,3486 +0,0 @@ -X509 CRT information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #1 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #2 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" - -X509 CRT information #3 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" - -X509 CRT information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_MD5 -x509_cert_info:"../framework/data_files/parse_input/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA256 Digest, hardware module name SAN -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-othername.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2023-06-20 09\:04\:43\nexpires on \: 2033-06-17 09\:04\:43\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n" - -X509 CRT information EC, SHA256 Digest, binary hardware module name SAN -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-nonprintable_othername.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2023-06-20 09\:49\:20\nexpires on \: 2033-06-17 09\:49\:20\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n" - -X509 CRT information EC, SHA256 Digest, directoryName SAN -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-directoryname.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-10 16\:59\:29\nexpires on \: 2033-01-07 16\:59\:29\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n" - -X509 CRT information EC, SHA256 Digest, two directoryName SANs -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-two-directorynames.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-12 10\:34\:11\nexpires on \: 2033-01-09 10\:34\:11\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n directoryName \: O=MALFORM_ME\n" - -X509 CRT information EC, SHA256 Digest, Wisun Fan device -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-fan.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2023-06-20 09\:49\:35\nexpires on \: 2033-06-17 09\:49\:35\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n" - -X509 CRT information, NS Cert Type -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" - -X509 CRT information, Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, Key Usage with decipherOnly -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n" - -X509 CRT information, Subject Alt Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" - -X509 CRT information, Multiple different Subject Alt Name -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n" - -X509 CRT information, Subject Alt Name + Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n iPAddress \: 192.168.1.1\n iPAddress \: 192.168.69.144\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, Subject Alt Name with uniformResourceIdentifier -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, RSA Certificate Policy any -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, ECDSA Certificate Policy any -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, RSA Certificate Policy any with qualifier -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, ECDSA Certificate Policy any with qualifier -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, RSA Certificate multiple Policies -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" - -X509 CRT information, ECDSA Certificate multiple Policies -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" - -X509 CRT information, RSA Certificate unsupported policy -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" - -X509 CRT information, ECDSA Certificate unsupported policy -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" - -X509 CRT information, Key Usage + Extended Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" - -X509 CRT information RSA signed by EC -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA -x509_cert_info:"../framework/data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC signed by RSA -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_cert_info:"../framework/data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" - -X509 CRT information Bitstring in subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=#030B0037313031303132323535\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" - -X509 CRT information Non-ASCII string in issuer name and subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nsubject name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" - -X509 CRT information Parsing IPv4 and IPv6 IP names -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_cert_info:"../framework/data_files/server5-tricky-ip-san.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2023-06-05 11\:30\:36\nexpires on \: 2033-06-02 11\:30\:36\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n" - -X509 SAN parsing otherName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-othername.crt.der":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0 - -X509 SAN parsing binary otherName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-nonprintable_othername.crt.der":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n":0 - -X509 SAN parsing directoryName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-directoryname.crt.der":"type \: 4\ndirectoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n":0 - -X509 SAN parsing directoryName, seq malformed -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-directoryname-seq-malformed.crt.der":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -X509 SAN parsing two directoryNames, second DN OID malformed -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 SAN parsing dNSName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0 - -X509 SAN parsing Multiple different types -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0 - -X509 SAN parsing, no subject alt name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA -x509_parse_san:"../framework/data_files/parse_input/server4.crt":"":0 - -X509 SAN parsing, unsupported otherName name -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-unsupported_othername.crt.der":"":0 - -X509 SAN parsing rfc822Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0 - -X509 CRT information Parsing IP (invalid data) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_parse_san:"../framework/data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" - -X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" - -X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" - -X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" - -X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" - -X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" - -X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" - -X509 CRL information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" - -X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" - -X509 CRL information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" - -X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" - -X509 CRL information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" - -X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" - -X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" - -X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" - -X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" - -X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" - -X509 CRL Malformed Input (trailing spaces at end of file) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_ECDSA_VERIFY -mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT - -X509 CRL Unsupported critical extension (issuingDistributionPoint) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idp.pem":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL Unsupported non-critical extension (issuingDistributionPoint) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idpnc.pem":0 - -X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA256, containing commas -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" - -X509 CSR Information EC with SHA1 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA224 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA256 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA384 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA512 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA with SHA256 - Microsoft header -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" - -X509 CSR Information v3 extensions #1 (all) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" - -X509 CSR Information v3 extensions #2 (nsCertType only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" - -X509 CSR Information v3 extensions #3 (subjectAltName only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" - -X509 CSR Information v3 extensions #4 (keyUsage only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" - -X509 Verify Information: empty -x509_verify_info:0:"":"" - -X509 Verify Information: one issue -x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n" - -X509 Verify Information: two issues -x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" - -X509 Verify Information: two issues, one unknown -x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x80000000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" - -X509 Verify Information: empty, with prefix -x509_verify_info:0:" ! ":"" - -X509 Verify Information: one issue, with prefix -x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n" - -X509 Verify Information: two issues, with prefix -x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" - -X509 Get Distinguished Name #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -X509 Get Distinguished Name #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" - -X509 Get Distinguished Name #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost" - -X509 Get Distinguished Name #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" - -X509 Get Distinguished Name #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1" - -X509 Get Distinguished Name #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.hashsymbol.crt":"subject":"C=NL, O=\\#PolarSSL, CN=PolarSSL Server 1" - -X509 Get Distinguished Name #7 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1" - -X509 Get Distinguished Name #8 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.asciichars.crt":"subject":"C=NL, O=\\E6\\9E\\81\\E5\\9C\\B0SSL, CN=PolarSSL Server 1" - -X509 Get Modified DN #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0 - -X509 Get Modified DN #2 Name exactly 255 bytes -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, CN=PolarSSL Server 1":0 - -X509 Get Modified DN #3 Name exceeds 255 bytes -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL - -X509 Get Modified DN #4 Name exactly 255 bytes, with comma requiring escaping -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"1234567890,1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL - -X509 Get Modified DN #5 Name exactly 255 bytes, ending with comma requiring escaping -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234,":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL - -X509 Get Next DN #1 No Multivalue RDNs -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, CN=PolarSSL Server 1":0:"C O CN":3:"C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -X509 Get Next DN #2 Initial Multivalue RDN -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, CN=PolarSSL Server 1":0x01:"C CN":2:"C=NL + O=PolarSSL, CN=PolarSSL Server 1" - -X509 Get Next DN #3 Single Multivalue RDN -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, CN=PolarSSL Server 1":0x03:"C":1:"C=NL + O=PolarSSL + CN=PolarSSL Server 1" - -X509 Get Next DN #4 Consecutive Multivalue RDNs -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, title=Example, CN=PolarSSL Server 1":0x05:"C title":2:"C=NL + O=PolarSSL, title=Example + CN=PolarSSL Server 1" - -# Parse the following valid DN: -# -# 31 0B <- Set of -# 30 09 <- Sequence of -# 06 03 55 04 06 <- OID 2.5.4.6 countryName (C) -# 13 02 4E 4C <- PrintableString "NL" -# 31 11 <- Set of -# 30 0F <- Sequence of -# 06 03 55 04 0A <- OID 2.5.4.10 organizationName (O) -# 0C 08 50 6F 6C 61 72 53 53 4C <- UTF8String "PolarSSL" -# 31 19 <- Set of -# 30 17 <- Sequence of -# 06 03 55 04 03 <- OID 2.5.4.3 commonName (CN) -# 0C 10 50 6F 6C 61 72 53 53 4C 20 54 65 73 74 20 43 41 <- UTF8String "PolarSSL Test CA" -# -X509 Get Name Valid DN -mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3119301706035504030C10506F6C617253534C2054657374204341":0 - -# Parse the following corrupted DN: -# -# 31 0B <- Set of -# 30 09 <- Sequence of -# 06 03 55 04 06 <- OID 2.5.4.6 countryName (C) -# 13 02 4E 4C <- PrintableString "NL" -# 31 11 <- Set of -# 30 0F <- Sequence of -# 06 03 55 04 0A <- OID 2.5.4.10 organizationName (O) -# 0C 08 50 6F 6C 61 72 53 53 4C <- UTF8String "PolarSSL" -# 30 19 <- Sequence of (corrupted) -# 30 17 <- Sequence of -# 06 03 55 04 03 <- OID 2.5.4.3 commonName (CN) -# 0C 10 50 6F 6C 61 72 53 53 4C 20 54 65 73 74 20 43 41 <- UTF8String "PolarSSL Test CA" -# -# The third 'Set of' is corrupted to instead be a 'Sequence of', causing an -# error and forcing mbedtls_x509_get_name() to clean up the names it has -# already allocated. -# -X509 Get Name Corrupted DN Mem Leak -mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3019301706035504030C10506F6C617253534C2054657374204341":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 Time Expired #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server1.crt":"valid_from":1 - -X509 Time Expired #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server1.crt":"valid_to":0 - -X509 Time Expired #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server2.crt":"valid_from":1 - -X509 Time Expired #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server2.crt":"valid_to":0 - -X509 Time Expired #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/test-ca.crt":"valid_from":1 - -X509 Time Expired #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/test-ca.crt":"valid_to":0 - -X509 Time Future #1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5.crt":"valid_from":0 - -X509 Time Future #2 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5.crt":"valid_to":1 - -X509 Time Future #3 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5-future.crt":"valid_from":1 - -X509 Time Future #4 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5-future.crt":"valid_to":1 - -X509 Time Future #5 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_from":0 - -X509 Time Future #6 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_to":1 - -X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" - -X509 CRT verification #1a (Revoked Cert, Future CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #2 (Revoked Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" - -X509 CRT verification #2a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #3a (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #4 (Valid Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" - -X509 CRT verification #4a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #5 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #5' (Revoked Cert, differing DN string formats #1) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_utf8.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #5'' (Revoked Cert, differing DN string formats #2) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_printable.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #5''' (Revoked Cert, differing upper and lower case) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_uppercase.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #6 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #7 (Revoked Cert, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #8 (Valid Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #8a (Expired Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" - -X509 CRT verification #8b (Future Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" - -X509 CRT verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" - -X509 CRT verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server7-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" - -X509 CRT verification #9 (Not trusted Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #10 (Not trusted Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_md5.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" - -X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_md5.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"all":"NULL" - -X509 CRT verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #14 (Valid Cert SHA1 Digest forbidden in default profile) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" - -X509 CRT verification #15 (Valid Cert SHA224 Digest) -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #16 (Valid Cert SHA256 Digest) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #17 (Valid Cert SHA384 Digest) -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha384.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #18 (Valid Cert SHA512 Digest) -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #19 (Valid Cert, denying callback) -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" - -X509 CRT verification #19 (Not trusted Cert, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" - -X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL" - -X509 CRT verification #22 (domain not matching wildcard certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #23 (domain not matching wildcard certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #24 (domain matching CN of multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #25 (domain matching multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.net":0:0:"compat":"NULL" - -X509 CRT verification #26 (domain not matching multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #27.1 (domain not matching multi certificate: suffix) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #27.2 (domain not matching multi certificate: head junk) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #28 (domain not matching wildcard in multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #29 (domain matching wildcard in multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL" - -X509 CRT verification #30 (domain matching multi certificate without CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #31 (domain not matching multi certificate without CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #32 (Valid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #33 (Valid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #34 (Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #35 (Revoked, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #36 (Valid, EC CA, SHA1 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5-sha1.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_224 -x509_verify:"../framework/data_files/server5-sha224.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5-sha384.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #39 (Valid, EC CA, SHA512 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_512:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5-sha512.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #40 (Valid, depth 0, RSA, CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/test-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #41 (Valid, depth 0, EC, CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/test-ca2.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #42 (Depth 0, not CA, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #43 (Depth 0, not CA, EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/server5.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #44 (Corrupted signature, EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #45 (Corrupted signature, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #45b (Corrupted signature, intermediate CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server8_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #50 (Valid, multiple CAs) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #51 (Valid, multiple CAs, reverse order) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat21.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #52 (CA keyUsage valid) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt_crl.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #53 (CA keyUsage missing cRLSign) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #55 (CA keyUsage missing keyCertSign) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crl.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #56 (CA keyUsage plain wrong) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-ds.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha384.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #62 (Revoked, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #64 (Valid, RSASSA-PSS, SHA-1, not top) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server9-with-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #65 (RSASSA-PSS, SHA1, bad cert signature) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO -x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-bad-mgfhash.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #70 (v1 trusted CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server1-v1.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #71 (v1 trusted CA, other) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2-v1.crt":"../framework/data_files/server1-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #72 (v1 chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2-v1-chain.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #73 (selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #74 (signed by selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server6-ss-child.crt":"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #75 (encoding mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #76 (multiple CRLs, not revoked) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #81 (multiple CRLs, none relevant) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-future-present.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-present-future.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-present-past.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-present.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #86 (Not yet valid CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-future-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" - -X509 CRT verification #87 (Expired CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" - -X509 CRT verification #88 (Spurious cert in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server7_spurious_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #89 (Spurious cert later in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server10_int3_spurious_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #90 (EE with same name as trusted root) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5-ss-forgeca.crt":"../framework/data_files/test-int-ca3.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL" - -X509 CRT verification #91 (same CA with good then bad key) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-good-alt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #91 (same CA with bad then good key) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-alt-good.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #92 (bad name, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" - -X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" - -X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" - -X509 CRT verification #95 (Suite B Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" - -X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/cert_sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" - -X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/cert_sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" - -X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification: domain identical to IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: domain identical to IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: matching IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL" - -X509 CRT verification: mismatching IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: IPv4 with trailing data in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: matching IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL" - -X509 CRT verification: mismatching IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: matching URI in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL" - -X509 CRT verification: URI with trailing data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: URI with preceding data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: URI with bad data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT parse CN: IPv4 valid address -x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4 - -X509 CRT parse CN: IPv4 leading zeroes #1 -x509_crt_parse_cn_inet_pton:"010.10.10.10":"":0 - -X509 CRT parse CN: IPv4 leading zeroes #2 -x509_crt_parse_cn_inet_pton:"10.10.10.001":"":0 - -X509 CRT parse CN: IPv4 excess 0s -x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0 - -X509 CRT parse CN: IPv4 short address -x509_crt_parse_cn_inet_pton:"10.10.10":"":0 - -X509 CRT parse CN: IPv4 invalid ? char -x509_crt_parse_cn_inet_pton:"10.10?10.10":"":0 - -X509 CRT parse CN: IPv4 invalid - char -x509_crt_parse_cn_inet_pton:"10.-10.10.10":"":0 - -X509 CRT parse CN: IPv4 invalid + char -x509_crt_parse_cn_inet_pton:"10.+10.10.10":"":0 - -X509 CRT parse CN: IPv4 begin dot -x509_crt_parse_cn_inet_pton:".10.10.10.10":"":0 - -X509 CRT parse CN: IPv4 end dot -x509_crt_parse_cn_inet_pton:"10.10.10.10.":"":0 - -X509 CRT parse CN: IPv4 consecutive dots -x509_crt_parse_cn_inet_pton:"10.10..10.10.":"":0 - -X509 CRT parse CN: IPv4 overlarge octet 256 -x509_crt_parse_cn_inet_pton:"10.256.10.10":"":0 - -X509 CRT parse CN: IPv4 overlarge octet 999 -x509_crt_parse_cn_inet_pton:"10.10.10.999":"":0 - -X509 CRT parse CN: IPv4 overlarge octet 1000 -x509_crt_parse_cn_inet_pton:"10.1000.10.10":"":0 - -X509 CRT parse CN: IPv4 additional octet -x509_crt_parse_cn_inet_pton:"10.10.10.10.10":"":0 - -X509 CRT parse CN: IPv6 valid address -x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8":"00010002000300040005000600070008":16 - -X509 CRT parse CN: IPv6 valid address shorthand -x509_crt_parse_cn_inet_pton:"6263\:\:1":"62630000000000000000000000000001":16 - -X509 CRT parse CN: IPv6 valid address shorthand start -x509_crt_parse_cn_inet_pton:"\:\:1":"00000000000000000000000000000001":16 - -X509 CRT parse CN: IPv6 valid address extra 0s -x509_crt_parse_cn_inet_pton:"0001\:\:0001\:0001":"00010000000000000000000000010001":16 - -X509 CRT parse CN: IPv6 invalid address excess 0s -x509_crt_parse_cn_inet_pton:"1\:00000\:1\:0":"":0 - -X509 CRT parse CN: IPv6 invalid address - start single colon -x509_crt_parse_cn_inet_pton:"\:6263\:\:1":"":0 - -X509 CRT parse CN: IPv6 invalid address - end single colon -x509_crt_parse_cn_inet_pton:"6263\:\:1\:":"":0 - -X509 CRT parse CN: IPv6 short address -x509_crt_parse_cn_inet_pton:"1\:1\:1":"":0 - -X509 CRT parse CN: IPv6 wildcard address -x509_crt_parse_cn_inet_pton:"\:\:":"00000000000000000000000000000000":16 - -X509 CRT parse CN: IPv6 address too long -x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8\:9":"":0 - -X509 CRT parse CN: IPv6 long hextet -x509_crt_parse_cn_inet_pton:"12345\:\:1":"":0 - -X509 CRT parse CN: IPv6 invalid char -x509_crt_parse_cn_inet_pton:"\:\:\:1":"":0 - -X509 CRT parse CN: IPv6 invalid - char -x509_crt_parse_cn_inet_pton:"\:\:-1\:1":"":0 - -X509 CRT parse CN: IPv6 invalid + char -x509_crt_parse_cn_inet_pton:"\:\:+1\:1":"":0 - -X509 CRT parse CN: IPv6 valid address IPv4-mapped -x509_crt_parse_cn_inet_pton:"\:\:ffff\:1.2.3.4":"00000000000000000000ffff01020304":16 - -X509 CRT parse CN: IPv6 invalid address IPv4-mapped #1 -x509_crt_parse_cn_inet_pton:"\:\:ffff\:999.2.3.4":"":0 - -X509 CRT parse CN: IPv6 invalid address IPv4-mapped #2 -x509_crt_parse_cn_inet_pton:"\:\:ffff\:1111.2.3.4":"":0 - -X509 CRT parse CN: IPv6 invalid address IPv4-mapped #3 -x509_crt_parse_cn_inet_pton:"\:\:1.2.3.4\:ffff":"":0 - -X509 CRT verification with ca callback: failure -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -x509_verify_ca_cb_failure:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR - -X509 CRT verification callback: bad name -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" - -X509 CRT verification callback: trusted EE cert -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 -x509_verify_callback:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n" - -X509 CRT verification callback: trusted EE cert, expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server5-ss-expired.crt":"../framework/data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" - -X509 CRT verification callback: simple -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: simple, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server5-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" - -X509 CRT verification callback: simple, root expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two trusted roots -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: two trusted roots, reversed order -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server1_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca, root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" - -X509 CRT verification callback: intermediate ca, int expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server7_int-ca-exp.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca, root expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates, root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates, top int trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates, low int trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: no intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_callback:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" - -X509 CRT verification callback: one intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" - -X509 CRT ASN1 (Empty Certificate) -x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, bad tag) -x509parse_crt:"0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, no length) -x509parse_crt:"30":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, bad length encoding) -x509parse_crt:"3085":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, length data incomplete) -x509parse_crt:"308200":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, length out of bounds) -x509parse_crt:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv TBS, invalid tag) -x509parse_crt:"30020500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (inv TBS, length missing) -x509parse_crt:"300130":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv TBS, invalid length encoding) -x509parse_crt:"30023085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (inv TBS, length data incomplete) -x509parse_crt:"300430839999":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv TBS, length out of bounds) -x509parse_crt:"30023003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30153000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, invalid version tag, serial missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301730020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, valid outer version tag, no outer length) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30163001a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv inner version tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30193004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, valid inner version tag, no inner length) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30183003a00102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid inner version tag, inv inner length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, valid inner version tag, inner length too large for int) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -# tbsCertificate.version = 0x01000000000000000000000000000000 rejected by mbedtls_asn1_get_int -x509parse_crt:"30293014a012021001000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, valid inner version tag, inner vs. outer length mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301b3006a00402010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid version tag, length exceeds TBS) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRT ASN1 (TBS, valid version tag + length, version number overflow) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRT ASN1 (TBS, serial missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301a3005a003020102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv serial, tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301c3007a0030201020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv serial, length missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301b3006a00302010282300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv serial, inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301c3007a0030201028285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv serial, length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301c3007a0030201028201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, AlgID missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3020300ba0030201028204deadbeef300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv AlgID, OID missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, OID empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND) - -X509 CRT ASN1 (TBS, inv AlgID, OID unknown) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND) - -X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, param length mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv AlgID, params present but empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG - -X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, Issuer missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"302f301aa0030201008204deadbeef300d06092a864886f70d01010b0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3030301ba0030201008204deadbeef300d06092a864886f70d01010b050030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDN empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, Validity missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303d3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Validity, length field missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303e3029a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Validity, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Validity, notBefore no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, notBefore invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, notAfter missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Validity, notAfter length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notAfter empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, notAfter invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter') -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, Subject missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353900300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDN inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDN empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds ) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, SubPubKeyInfo missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30693054a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306a3055a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv algorithm tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306c3057a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010100050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307a3065a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743010300d06092A864886F70D010101050003300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, no bitstring data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv bitstring start) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301e300d06092A864886F70D0101010500030b0030080202ffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed, expanded length notation) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -# We expect an extension parsing error here because the IssuerID is optional. -# Hence, if we find an ASN.1 tag doesn't match the IssuerID, we assume the -# IssuerID is skipped and that the tag should hence belong to the next field, -# namely the v3 extensions. However, the tag the test exercises is a NULL tag, -# and hence we obtain an INVALID_TAG error during extension parsing. -X509 CRT ASN1 (TBS, inv IssuerID, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv IssuerID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, inner length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, no extnValue) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length 2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH):0 - -X509 CRT ASN1 (pathlen is INT_MAX-1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max-1.crt":0:1 - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS - -X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS - -X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT (TBS, valid v3Ext in v3 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 - -X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (SignatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv SignatureAlgorithm, bad tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (inv SignatureAlgorithm, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH - -X509 CRT ASN1 (Signature missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv Signature, bad tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (inv Signature, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv Signature, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (inv Signature, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv Signature, inv data #1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string with invalid encoding (missing number of unused bits) -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (inv Signature, inv data #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string with invalid encoding (number of unused bits too large) -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (empty Signature) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = empty bit string in DER encoding -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 - -X509 CRT ASN1 (dummy 24-bit Signature) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string "011001100110111101101111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 - -# The ASN.1 module rejects non-octet-aligned bit strings. -X509 CRT ASN1 (inv Signature: not octet-aligned) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string "01100110011011110110111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (inv Signature, length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (well-formed) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 CN) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 C) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 L) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 ST) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 O) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 OU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with unknown X520 part) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with composite RDN) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, 1.3.6.1.4.1.311.60.2.1.3=#13025553, 1.3.6.1.4.1.311.60.2.1.2=#130844656C6177617265, O=Authorize.Net LLC, 2.5.4.15=#131450726976617465204F7267616E697A6174696F6E, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 - -X509 CRT ASN1 (Name with PKCS9 email) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with unknown PKCS9 part) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (ECDSA signature, RSA key) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA -x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 - -X509 CRT ASN1 (ECDSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1 -x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 - -X509 CRT ASN1 (RSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 - -X509 CRT ASN1 (Unsupported critical extension) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (Unsupported critical extension recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 - -X509 CRT ASN1 (Unsupported critical extension not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (Unsupported non critical extension recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 - -X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 - -X509 CRT ASN1 (Unsupported critical policy recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 - -X509 CRT ASN1 (Unsupported critical policy not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE - -X509 CRT ASN1 (Unsupported non critical policy recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 - -X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 - -X509 CRL ASN1 (Incorrect first tag) -x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRL ASN1 (Correct first tag, data length does not match) -x509parse_crl:"300000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRL ASN1 (TBSCertList, tag missing) -x509parse_crl:"3000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, version tag len missing) -x509parse_crl:"3003300102":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, version correct, alg missing) -x509parse_crl:"30053003020100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, alg correct, incorrect version) -x509parse_crl:"300b3009020102300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRL ASN1 (TBSCertList, correct version, sig_oid1 unknown) -x509parse_crl:"300b3009020100300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG - -X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown) -x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG - -X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, issuer set missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA - -X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH - -X509 CRL ASN1 (TBSCertList, sig present, len mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -# 305c -# 3047 tbsCertList TBSCertList -# 020100 version INTEGER OPTIONAL -# 300d signatureAlgorithm AlgorithmIdentifi -# 06092a864886f70d01010e -# 0500 -# 300f issuer Name -# 310d300b0603550403130441424344 -# 170c303930313031303030303030 thisUpdate Time -# 3014 revokedCertificates -# 3012 entry 1 -# 8202abcd userCertificate CertificateSerialNum -# 170c303831323331323335393539 revocationDate Time -# 300d signatureAlgorithm AlgorithmIdentifi -# 06092a864886f70d01010e -# 0500 -# 03020001 signatureValue BIT STRING -# The subsequent TBSCertList negative tests remove or modify some elements. -X509 CRL ASN1 (TBSCertList, sig present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 - -X509 CRL ASN1 (TBSCertList, signatureValue missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, single empty entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, good entry then empty entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, missing time in entry) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, missing time in entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, invalid tag for time in entry) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, invalid tag for serial) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, no entries) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 - -X509 CRL ASN1 (invalid version 2) -x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRL ASN1 (invalid version overflow) -x509parse_crl:"3049303102047fffffff300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 - -X509 CRT parse file dir3/Readme -mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/Readme":MBEDTLS_ERR_X509_INVALID_FORMAT:0 - -X509 CRT parse file dir3/test-ca.crt -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca.crt":0:1 - -X509 CRT parse file dir3/test-ca2.crt -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca2.crt":0:1 - -# The parse_path tests are known to fail when compiled for a 32-bit architecture -# and run via qemu-user on Linux on a 64-bit host. This is due to a known -# bug in Qemu: https://gitlab.com/qemu-project/qemu/-/issues/263 -X509 CRT parse path #1 (one cert) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_path:"../framework/data_files/dir1":0:1 - -X509 CRT parse path #2 (two certs) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_parse_path:"../framework/data_files/dir2":0:2 - -X509 CRT parse path #3 (two certs, one non-cert) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_parse_path:"../framework/data_files/dir3":1:2 - -X509 CRT verify long chain (max intermediate CA, trusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_max:"../framework/data_files/dir-maxpath/00.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0 - -X509 CRT verify long chain (max intermediate CA, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_max:"../framework/data_files/test-ca2.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED - -X509 CRT verify long chain (max intermediate CA + 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_max:"../framework/data_files/dir-maxpath/00.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1 - -X509 CRT verify chain #1 (zero pathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert14.crt ../framework/data_files/dir4/cert13.crt ../framework/data_files/dir4/cert12.crt":"../framework/data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #2 (zero pathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert23.crt ../framework/data_files/dir4/cert22.crt":"../framework/data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #3 (nonzero pathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert34.crt ../framework/data_files/dir4/cert33.crt ../framework/data_files/dir4/cert32.crt":"../framework/data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #4 (nonzero pathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert45.crt ../framework/data_files/dir4/cert44.crt ../framework/data_files/dir4/cert43.crt ../framework/data_files/dir4/cert42.crt":"../framework/data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #5 (nonzero maxpathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert54.crt ../framework/data_files/dir4/cert53.crt ../framework/data_files/dir4/cert52.crt":"../framework/data_files/dir4/cert51.crt":0:0:"":0 - -X509 CRT verify chain #6 (nonzero maxpathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert63.crt ../framework/data_files/dir4/cert62.crt":"../framework/data_files/dir4/cert61.crt":0:0:"":0 - -X509 CRT verify chain #7 (maxpathlen root, self signed in path) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert74.crt ../framework/data_files/dir4/cert73.crt ../framework/data_files/dir4/cert72.crt":"../framework/data_files/dir4/cert71.crt":0:0:"":0 - -X509 CRT verify chain #8 (self signed maxpathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert61.crt ../framework/data_files/dir4/cert63.crt ../framework/data_files/dir4/cert62.crt":"../framework/data_files/dir4/cert61.crt":0:0:"":0 - -X509 CRT verify chain #9 (zero pathlen first intermediate, valid) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert83.crt ../framework/data_files/dir4/cert82.crt":"../framework/data_files/dir4/cert81.crt":0:0:"":0 - -X509 CRT verify chain #10 (zero pathlen root, valid) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":0:0:"":0 - -X509 CRT verify chain #11 (valid chain, missing profile) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 - -X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 - -X509 CRT verify chain #13 (RSA only profile, EC root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #13 (RSA only profile, EC trusted EE) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #14 (RSA-3072 profile, root key too small) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #15 (suiteb profile, rsa intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 - -X509 CRT verify chain #16 (RSA-only profile, EC intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server8.crt ../framework/data_files/test-int-ca2.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #17 (SHA-512 profile) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 - -X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-2:"":2 - -X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-1:"":1 - -X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 - -X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-4:"":8 - -X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-3:"":4 - -X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-2:"":2 - -X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 - -X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca2.crt":-1:-4:"":8 - -X509 OID description #1 -x509_oid_desc:"2b06010505070301":"TLS Web Server Authentication" - -X509 OID description #2 -x509_oid_desc:"2b0601050507030f":"notfound" - -X509 OID description #3 -x509_oid_desc:"2b0601050507030100":"notfound" - -X509 OID numstring #1 (wide buffer) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":20:17 - -X509 OID numstring #2 (buffer just fits) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":18:17 - -X509 OID numstring #3 (buffer too small) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL - -X509 OID numstring #4 (larger number) -x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14 - -X509 OID numstring #5 (arithmetic overflow) -x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_ASN1_INVALID_DATA - -X509 CRT keyUsage #1 (no extension, expected KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 - -X509 CRT keyUsage #2 (no extension, surprising KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0 - -X509 CRT keyUsage #3 (extension present, no KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":0:0 - -X509 CRT keyUsage #4 (extension present, single KU present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0 - -X509 CRT keyUsage #5 (extension present, single KU absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #6 (extension present, combined KU present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 - -X509 CRT keyUsage #7 (extension present, combined KU both absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #8 (extension present, combined KU one absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #9 (extension present, decOnly allowed absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 - -X509 CRT keyUsage #10 (extension present, decOnly non-allowed present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #11 (extension present, decOnly allowed present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 - -X509 CRT extendedKeyUsage #1 (no extension, serverAuth) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.crt":"2b06010505070301":0 - -X509 CRT extendedKeyUsage #2 (single value, present) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv.crt":"2b06010505070301":0 - -X509 CRT extendedKeyUsage #3 (single value, absent) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-cli.crt":"2b06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT extendedKeyUsage #4 (two values, first) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv_cli.crt":"2b06010505070301":0 - -X509 CRT extendedKeyUsage #5 (two values, second) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv_cli.crt":"2b06010505070302":0 - -X509 CRT extendedKeyUsage #6 (two values, other) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv_cli.crt":"2b06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT extendedKeyUsage #7 (any, random) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-cs_any.crt":"2b060105050703ff":0 - -X509 RSASSA-PSS parameters ASN1 (good, all defaults) -x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (wrong initial tag) -x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence) -x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a00d300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_parse_rsassa_pss_params:"a009300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1) -x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) -x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) -x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND) - -X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 - -X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_parse_rsassa_pss_params:"a116301406092a864886f70d010108300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1) -x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) -x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_OID_NOT_FOUND) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a) -x509_parse_rsassa_pss_params:"a10f300d06092a864886f70d0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b) -x509_parse_rsassa_pss_params:"a11b301906092a864886f70d010108300c0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c) -x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94) -x509_parse_rsassa_pss_params:"a20302015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0 - -X509 RSASSA-PSS parameters ASN1 (good, explicit saltLen = default) -x509_parse_rsassa_pss_params:"a203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1) -x509_parse_rsassa_pss_params:"a20402015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2) -x509_parse_rsassa_pss_params:"a20402015e00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (saltLen not an int) -x509_parse_rsassa_pss_params:"a2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default) -x509_parse_rsassa_pss_params:"a303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1) -x509_parse_rsassa_pss_params:"a304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2) -x509_parse_rsassa_pss_params:"a30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (trailerField not an int) -x509_parse_rsassa_pss_params:"a3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (trailerField not 1) -x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG - -X509 CSR ASN.1 (OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n":0 - -X509 CSR ASN.1 (Unsupported critical extension, critical=true) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (Unsupported non-critical extension, critical=false) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201243081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004b5e718a7df6b21912733e77c42f266b8283e6cae7adf8afd56b990c1c6232ea0a2a46097c218353bc948444aea3d00423e84802e28c48099641fe9977cdfb505a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101000403010101300a06082a8648ce3d0403020348003045022100f0ba9a0846ad0a7cefd0a61d5fc92194dc06037a44158de2d0c569912c058d430220421f27a9f249c1687e2fa34db3f543c8512fd925dfe5ae00867f13963ffd4f8d":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 - -X509 CSR ASN.1 (Unsupported non-critical extension, critical undefined) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201223081c802010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d030107034200045f94b28d133418833bf10c442d91306459d3925e7cea06ebb9220932e7de116fb671c5d2d6c0a3784a12897217aef8432e7228fcea0ab016bdb67b67ced4c612a025302306092a864886f70d01090e311630143012060b2b0601040183890c8622020403010101300a06082a8648ce3d04030203490030460221009b1e8b25775c18525e96753e1ed55875f8d62f026c5b7f70eb5037ad27dc92de022100ba1dfe14de6af6a603f763563fd046b1cd3714b54d6daf5d8a72076497f11014":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 - -X509 CSR ASN.1 (Unsupported critical extension accepted by callback, critical=true) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0:1 - -X509 CSR ASN.1 (Unsupported critical extension rejected by callback, critical=true) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):0 - -X509 CSR ASN.1 (bad first tag) -mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CSR ASN.1 (bad sequence: overlong) -mbedtls_x509_csr_parse:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CSR ASN.1 (total length mistmatch) -mbedtls_x509_csr_parse:"30010000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (bad CRI: not a sequence) -mbedtls_x509_csr_parse:"30023100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad CRI: overlong) -mbedtls_x509_csr_parse:"30023001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad CRI.Version: overlong) -mbedtls_x509_csr_parse:"30053002020100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad CRI.Version: not v1) -mbedtls_x509_csr_parse:"30053003020101":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CSR ASN.1 (bad CRI.Name: not a sequence) -mbedtls_x509_csr_parse:"300730050201003100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad CRI.Name: overlong) -mbedtls_x509_csr_parse:"30083005020100300100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad CRI.Name payload: not a set) -mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad CRI.Name payload: overlong) -mbedtls_x509_csr_parse:"300a30080201003002310100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing) -mbedtls_x509_csr_parse:"30143012020100300d310b3009060355040613024e4c":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence) -mbedtls_x509_csr_parse:"30163014020100300d310b3009060355040613024e4c3100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong) -mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad attributes: missing) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad attributes: bad tag) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad attributes: overlong) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sigAlg: missing) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sigAlg: not a sequence) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad sigAlg: overlong) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sigAlg: unknown) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG - -X509 CSR ASN.1 (bad sig: missing) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sig: not a bit string) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad sig: overlong) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (extra data after signature) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (invalid version overflow) -mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -# Used test_csr_v3_all.csr.der as a base for malforming CSR extenstions/attributes -# Please see makefile for ../framework/data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files) -X509 CSR ASN.1 (attributes: invalid sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: invalid attribute id) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: not extension request) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 - -X509 CSR ASN.1 (attributes: invalid extenstion request set tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: invalid len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (attributes: invalid len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (attributes: extension request invalid len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (attributes: extension request invalid len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (extensions: invalid sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension id tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension data tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension data len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (extensions: invalid extension data len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: duplicated extension) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CSR ASN.1 (extensions: invalid extension type data) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 - -X509 File parse (no issues) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_int-ca.crt":0:2 - -X509 File parse (extra space in one certificate) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_pem_space.crt":1:1 - -X509 File parse (all certificates fail) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_all_space.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, MBEDTLS_ERR_BASE64_INVALID_CHARACTER):0 - -X509 File parse (trailing spaces, OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_trailing_space.crt":0:2 - -X509 File parse (Algorithm Params Tag mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0 - -X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509parse_crt_file:"../framework/data_files/parse_input/server5-non-compliant.crt":0 - -X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field must be absent for ECDSA) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509parse_crt_file:"../framework/data_files/parse_input/server5.crt":0 - -X509 File parse & read the ca_istrue field (Not Set) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_get_ca_istrue:"../framework/data_files/parse_input/server1.crt":0 - -X509 File parse & read the ca_istrue field (Set) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_get_ca_istrue:"../framework/data_files/test-ca.crt":1 - -X509 File parse & read the ca_istrue field (Legacy Certificate) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -mbedtls_x509_get_ca_istrue:"../framework/data_files/server1-v1.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS - -X509 Get time (UTC no issues) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 - -X509 Get time (Generalized Time no issues) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59 - -X509 Get time (UTC year without leap day) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"490229121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC year with leap day) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12 - -X509 Get time (UTC invalid day of month #1) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000132121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid day of month #2) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001131121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid hour) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130241212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid min) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid sec) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC without time zone) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212":0:2000:2:29:12:12:12 - -X509 Get time (UTC with invalid time zone #1) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC with invalid time zone #2) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Date with invalid tag) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):0:0:0:0:0:0 - -X509 Get time (UTC, truncated) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Generalized Time, truncated) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC without seconds) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212":MBEDTLS_ERR_X509_INVALID_DATE:2000:2:29:12:12:0 - -X509 Get time (UTC without seconds and with invalid time zone #1) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC without second and with invalid time zone #2) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in month) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001%30231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in day) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011`0231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in hour) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302h1212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in min) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"00113023u012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in sec) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 - -X509 Get time (Generalized Time, year multiple of 400 is a leap year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 - -X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 CRT verify restart: trusted EE, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 -x509_verify_restart:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":0:0:0:0:0 - -X509 CRT verify restart: trusted EE, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 -x509_verify_restart:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":0:0:1:0:0 - -X509 CRT verify restart: no intermediate, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:0:0:0 - -X509 CRT verify restart: no intermediate, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:1:100:10000 - -X509 CRT verify restart: no intermediate, max_ops=40000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:40000:0:0 - -X509 CRT verify restart: no intermediate, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:500:20:80 - -X509 CRT verify restart: no intermediate, badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 - -X509 CRT verify restart: no intermediate, badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 - -X509 CRT verify restart: no intermediate, badsign, max_ops=40000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0 - -X509 CRT verify restart: no intermediate, badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 - -X509 CRT verify restart: one int, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:0:0:0 - -X509 CRT verify restart: one int, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:1:100:10000 - -X509 CRT verify restart: one int, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:30000:0:0 - -X509 CRT verify restart: one int, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:500:25:100 - -X509 CRT verify restart: one int, EE badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 - -X509 CRT verify restart: one int, EE badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 - -X509 CRT verify restart: one int, EE badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 - -X509 CRT verify restart: one int, EE badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 - -X509 CRT verify restart: one int, int badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 - -X509 CRT verify restart: one int, int badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 - -X509 CRT verify restart: one int, int badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 - -X509 CRT verify restart: one int, int badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 - -X509 ext types accessor: ext type present -depends_on:MBEDTLS_X509_CRT_PARSE_C -x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_KEY_USAGE - -X509 ext types accessor: ext type not present -depends_on:MBEDTLS_X509_CRT_PARSE_C -x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME - -X509 CRT parse Subject Key Id - Correct Subject Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":0 - -X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Subject Key Id - Wrong OCTET_STRING length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT parse Authority Key Id - Correct Authority Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"C=NL, OU=PolarSSL, CN=PolarSSL Test CA":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 - -X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_keyid.crt.der":"":"C=NL, OU=PolarSSL, CN=PolarSSL Test CA":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 - -X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_issuer.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"":"":0 - -X509 CRT parse Authority Key Id - no Authority Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_authorityKeyId.crt.der":"":"":"":0 - -X509 CRT parse Authority Key Id - Wrong Length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT parse Authority Key Id - Wrong Sequence tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong KeyId Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong KeyId Tag Length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT parse Authority Key Id - Wrong Issuer Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong DirectoryName tag in issuer field -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong Serial Number Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong Serial Number Tag length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer (see issue #7576) -X509 CRT parse Authority Key Id - Wrong Issuer sequence -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -OID get numeric string - hardware module name -oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4" - -OID get numeric string - multi-byte subidentifier -oid_get_numeric_string:"29903C":0:"1.1.2108" - -OID get numeric string - second component greater than 39 -oid_get_numeric_string:"81010000863A00":0:"2.49.0.0.826.0" - -OID get numeric string - multi-byte first subidentifier -oid_get_numeric_string:"8837":0:"2.999" - -OID get numeric string - second subidentifier not terminated -oid_get_numeric_string:"0081":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" - -OID get numeric string - empty oid buffer -oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" - -OID get numeric string - no final / all bytes have top bit set -oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" - -OID get numeric string - 0.39 -oid_get_numeric_string:"27":0:"0.39" - -OID get numeric string - 1.0 -oid_get_numeric_string:"28":0:"1.0" - -OID get numeric string - 1.39 -oid_get_numeric_string:"4f":0:"1.39" - -OID get numeric string - 2.0 -oid_get_numeric_string:"50":0:"2.0" - -OID get numeric string - 1 byte first subidentifier beyond 2.39 -oid_get_numeric_string:"7f":0:"2.47" - -# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits -OID get numeric string - 32-bit overflow -oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID get numeric string - 32-bit overflow, second subidentifier -oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID get numeric string - overlong encoding -oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID get numeric string - overlong encoding, second subidentifier -oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function deleted file mode 100644 index fae36571b..000000000 --- a/tests/suites/test_suite_x509parse.function +++ /dev/null @@ -1,1775 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/bignum.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_csr.h" -#include "x509_internal.h" -#include "mbedtls/pem.h" -#include "mbedtls/oid.h" -#include "mbedtls/base64.h" -#include "mbedtls/error.h" -#include "mbedtls/pk.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "string.h" - -#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 -#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ - than the current threshold 19. To test larger values, please \ - adapt the script framework/data_files/dir-max/long.sh." -#endif - -/* Test-only profile allowing all digests, PK algorithms, and curves. */ -const mbedtls_x509_crt_profile profile_all = -{ - 0xFFFFFFFF, /* Any MD */ - 0xFFFFFFFF, /* Any PK alg */ - 0xFFFFFFFF, /* Any curve */ - 1024, -}; - -/* Profile for backward compatibility. Allows SHA-1, unlike the default - profile. */ -const mbedtls_x509_crt_profile compat_profile = -{ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFFF, /* Any PK alg */ - 0xFFFFFFFF, /* Any curve */ - 1024, -}; - -const mbedtls_x509_crt_profile profile_rsa3072 = -{ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA), - 0, - 3072, -}; - -const mbedtls_x509_crt_profile profile_sha512 = -{ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFFF, /* Any PK alg */ - 0xFFFFFFFF, /* Any curve */ - 1024, -}; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#if defined(MBEDTLS_FS_IO) -static int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - ((void) data); - ((void) crt); - ((void) certificate_depth); - *flags |= MBEDTLS_X509_BADCERT_OTHER; - - return 0; -} - -static int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - ((void) data); - ((void) crt); - ((void) certificate_depth); - *flags = 0; - - return 0; -} - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && \ - defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) -{ - ((void) data); - ((void) child); - ((void) candidates); - - return -1; -} - -static int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) -{ - int ret = 0; - mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - mbedtls_x509_crt *first; - - /* This is a test-only implementation of the CA callback - * which always returns the entire list of trusted certificates. - * Production implementations managing a large number of CAs - * should use an efficient presentation and lookup for the - * set of trusted certificates (such as a hashtable) and only - * return those trusted certificates which satisfy basic - * parental checks, such as the matching of child `Issuer` - * and parent `Subject` field. */ - ((void) child); - - first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (first == NULL) { - ret = -1; - goto exit; - } - mbedtls_x509_crt_init(first); - - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - - while (ca->next != NULL) { - ca = ca->next; - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - } - -exit: - - if (ret != 0) { - mbedtls_x509_crt_free(first); - mbedtls_free(first); - first = NULL; - } - - *candidates = first; - return ret; -} -#endif /* MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -static int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - int *levels = (int *) data; - - ((void) crt); - ((void) certificate_depth); - - /* Simulate a fatal error in the callback */ - if (*levels & (1 << certificate_depth)) { - *flags |= (1 << certificate_depth); - return -1 - certificate_depth; - } - - return 0; -} - -/* strsep() not available on Windows */ -static char *mystrsep(char **stringp, const char *delim) -{ - const char *p; - char *ret = *stringp; - - if (*stringp == NULL) { - return NULL; - } - - for (;; (*stringp)++) { - if (**stringp == '\0') { - *stringp = NULL; - goto done; - } - - for (p = delim; *p != '\0'; p++) { - if (**stringp == *p) { - **stringp = '\0'; - (*stringp)++; - goto done; - } - } - } - -done: - return ret; -} - -typedef struct { - char buf[512]; - char *p; -} verify_print_context; - -static void verify_print_init(verify_print_context *ctx) -{ - memset(ctx, 0, sizeof(verify_print_context)); - ctx->p = ctx->buf; -} - -static int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - int ret; - verify_print_context *ctx = (verify_print_context *) data; - char *p = ctx->p; - size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p; - ((void) flags); - - ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_serial_gets(p, n, &crt->serial); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, " - subject "); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_dn_gets(p, n, &crt->subject); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags); - MBEDTLS_X509_SAFE_SNPRINTF; - - ctx->p = p; - - return 0; -} - -static int verify_parse_san(mbedtls_x509_subject_alternative_name *san, - char **buf, size_t *size) -{ - int ret; - size_t i; - char *p = *buf; - size_t n = *size; - - ret = mbedtls_snprintf(p, n, "type : %d", san->type); - MBEDTLS_X509_SAFE_SNPRINTF; - - switch (san->type) { - case (MBEDTLS_X509_SAN_OTHER_NAME): - ret = mbedtls_snprintf(p, n, "\notherName :"); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &san->san.other_name.type_id) == 0) { - ret = mbedtls_snprintf(p, n, " hardware module name :"); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf(p, n, " hardware type : "); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_oid_get_numeric_string(p, - n, - &san->san.other_name.value.hardware_module_name - .oid); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, ", hardware serial number : "); - MBEDTLS_X509_SAFE_SNPRINTF; - - for (i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++) { - ret = mbedtls_snprintf(p, - n, - "%02X", - san->san.other_name.value.hardware_module_name.val.p[i]); - MBEDTLS_X509_SAFE_SNPRINTF; - } - } - break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - case (MBEDTLS_X509_SAN_DNS_NAME): - ret = mbedtls_snprintf(p, n, "\ndNSName : "); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san->san.unstructured_name.len >= n) { - *p = '\0'; - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - n -= san->san.unstructured_name.len; - for (i = 0; i < san->san.unstructured_name.len; i++) { - *p++ = san->san.unstructured_name.p[i]; - } - break;/* MBEDTLS_X509_SAN_DNS_NAME */ - case (MBEDTLS_X509_SAN_RFC822_NAME): - ret = mbedtls_snprintf(p, n, "\nrfc822Name : "); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san->san.unstructured_name.len >= n) { - *p = '\0'; - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - n -= san->san.unstructured_name.len; - for (i = 0; i < san->san.unstructured_name.len; i++) { - *p++ = san->san.unstructured_name.p[i]; - } - break;/* MBEDTLS_X509_SAN_RFC822_NAME */ - case (MBEDTLS_X509_SAN_DIRECTORY_NAME): - ret = mbedtls_snprintf(p, n, "\ndirectoryName : "); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &san->san.directory_name); - if (ret < 0) { - return ret; - } - - p += ret; - n -= ret; - break;/* MBEDTLS_X509_SAN_DIRECTORY_NAME */ - default: - /* - * Should not happen. - */ - return -1; - } - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - *size = n; - *buf = p; - - return 0; -} -#endif /* MBEDTLS_FS_IO */ - -static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) -{ - (void) crt; - (void) critical; - mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *) p_ctx; - if (oid->tag == MBEDTLS_ASN1_OID && - MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) { - /* Handle unknown certificate policy */ - int ret, parse_ret = 0; - size_t len; - unsigned char **p = (unsigned char **) &cp; - - /* Get main sequence tag */ - ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Cannot be an empty sequence. - */ - if (len == 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - while (*p < end) { - const unsigned char *policy_end; - - /* - * Get the policy sequence - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - policy_end = *p + len; - - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* - * Recognize exclusively the policy with OID 1 - */ - if (len != 1 || *p[0] != 1) { - parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - *p += len; - - /* - * If there is an optional qualifier, then *p < policy_end - * Check the Qualifier len to verify it doesn't exceed policy_end. - */ - if (*p < policy_end) { - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - /* - * Skip the optional policy qualifiers. - */ - *p += len; - } - - if (*p != policy_end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return parse_ret; - } else if (new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && - memcmp(new_oid->p, oid->p, oid->len) == 0) { - return 0; - } else { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && \ - !defined(MBEDTLS_X509_REMOVE_INFO) -static int parse_csr_ext_accept_cb(void *p_ctx, - mbedtls_x509_csr const *csr, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *cp, - const unsigned char *end) -{ - (void) p_ctx; - (void) csr; - (void) oid; - (void) critical; - (void) cp; - (void) end; - - return 0; -} - -static int parse_csr_ext_reject_cb(void *p_ctx, - mbedtls_x509_csr const *csr, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *cp, - const unsigned char *end) -{ - (void) p_ctx; - (void) csr; - (void) oid; - (void) critical; - (void) cp; - (void) end; - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); -} -#endif /* MBEDTLS_X509_CSR_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ -/* END_HEADER */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509_accessor_ext_types(int ext_type, int has_ext_type) -{ - mbedtls_x509_crt crt; - int expected_result = ext_type & has_ext_type; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - crt.ext_types = ext_type; - - TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_TEST_HOOKS */ -void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret) -{ - uint32_t addr[4]; - size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr); - TEST_EQUAL(addrlen, (size_t) ref_ret); - - if (addrlen) { - TEST_MEMORY_COMPARE(exp->x, exp->len, addr, addrlen); - } -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_parse_san(char *crt_file, char *result_str, int parse_result) -{ - int ret; - mbedtls_x509_crt crt; - mbedtls_x509_subject_alternative_name san; - mbedtls_x509_sequence *cur = NULL; - char buf[2000]; - char *p = buf; - size_t n = sizeof(buf); - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), parse_result); - - if (parse_result != 0) { - goto exit; - } - if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - cur = &crt.subject_alt_names; - while (cur != NULL) { - ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); - /* - * If san type not supported, ignore. - */ - if (ret == 0) { - ret = verify_parse_san(&san, &p, &n); - mbedtls_x509_free_subject_alt_name(&san); - TEST_EQUAL(ret, 0); - } - cur = cur->next; - } - } - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_cert_info(char *crt_file, char *result_str) -{ - mbedtls_x509_crt crt; - char buf[2000]; - int res; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - res = mbedtls_x509_crt_info(buf, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_crl_info(char *crl_file, char *result_str) -{ - mbedtls_x509_crl crl; - char buf[2000]; - int res; - - mbedtls_x509_crl_init(&crl); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); - res = mbedtls_x509_crl_info(buf, 2000, "", &crl); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crl_free(&crl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ -void mbedtls_x509_crl_parse(char *crl_file, int result) -{ - mbedtls_x509_crl crl; - char buf[2000]; - - mbedtls_x509_crl_init(&crl); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result); - -exit: - mbedtls_x509_crl_free(&crl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_info(char *csr_file, char *result_str) -{ - mbedtls_x509_csr csr; - char buf[2000]; - int res; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0); - res = mbedtls_x509_csr_info(buf, 2000, "", &csr); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void x509_verify_info(int flags, char *prefix, char *result_str) -{ - char buf[2000]; - int res; - - USE_PSA_INIT(); - memset(buf, 0, sizeof(buf)); - - res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags); - - TEST_ASSERT(res >= 0); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ -void x509_verify_restart(char *crt_file, char *ca_file, - int result, int flags_result, - int max_ops, int min_restart, int max_restart) -{ - int ret, cnt_restart; - mbedtls_x509_crt_restart_ctx rs_ctx; - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - uint32_t flags = 0; - - /* - * See comments on ecp_test_vect_restart() for op count precision. - * - * For reference, with Mbed TLS 2.6 and default settings: - * - ecdsa_verify() for P-256: ~ 6700 - * - ecdsa_verify() for P-384: ~ 18800 - * - x509_verify() for server5 -> test-ca2: ~ 18800 - * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 - */ - mbedtls_x509_crt_restart_init(&rs_ctx); - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - - mbedtls_ecp_set_max_ops(max_ops); - - cnt_restart = 0; - do { - ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, - &mbedtls_x509_crt_profile_default, NULL, &flags, - NULL, NULL, &rs_ctx); - } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); - - TEST_EQUAL(ret, result); - TEST_EQUAL(flags, (uint32_t) flags_result); - - TEST_ASSERT(cnt_restart >= min_restart); - TEST_ASSERT(cnt_restart <= max_restart); - - /* Do we leak memory when aborting? */ - ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, - &mbedtls_x509_crt_profile_default, NULL, &flags, - NULL, NULL, &rs_ctx); - TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS); - -exit: - mbedtls_x509_crt_restart_free(&rs_ctx); - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ -void x509_verify(char *crt_file, char *ca_file, char *crl_file, - char *cn_name_str, int result, int flags_result, - char *profile_str, - char *verify_callback) -{ - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - mbedtls_x509_crl crl; - uint32_t flags = 0; - int res; - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; - char *cn_name = NULL; - const mbedtls_x509_crt_profile *profile; - - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - mbedtls_x509_crl_init(&crl); - MD_OR_USE_PSA_INIT(); - - if (strcmp(cn_name_str, "NULL") != 0) { - cn_name = cn_name_str; - } - - if (strcmp(profile_str, "") == 0) { - profile = &mbedtls_x509_crt_profile_default; - } else if (strcmp(profile_str, "next") == 0) { - profile = &mbedtls_x509_crt_profile_next; - } else if (strcmp(profile_str, "suite_b") == 0) { - profile = &mbedtls_x509_crt_profile_suiteb; - } else if (strcmp(profile_str, "compat") == 0) { - profile = &compat_profile; - } else if (strcmp(profile_str, "all") == 0) { - profile = &profile_all; - } else { - TEST_FAIL("Unknown algorithm profile"); - } - - if (strcmp(verify_callback, "NULL") == 0) { - f_vrfy = NULL; - } else if (strcmp(verify_callback, "verify_none") == 0) { - f_vrfy = verify_none; - } else if (strcmp(verify_callback, "verify_all") == 0) { - f_vrfy = verify_all; - } else { - TEST_FAIL("No known verify callback selected"); - } - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); - - res = mbedtls_x509_crt_verify_with_profile(&crt, - &ca, - &crl, - profile, - cn_name, - &flags, - f_vrfy, - NULL); - - TEST_EQUAL(res, result); - TEST_EQUAL(flags, (uint32_t) flags_result); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* CRLs aren't supported with CA callbacks, so skip the CA callback - * version of the test if CRLs are in use. */ - if (strcmp(crl_file, "") == 0) { - flags = 0; - - res = mbedtls_x509_crt_verify_with_ca_cb(&crt, - ca_callback, - &ca, - profile, - cn_name, - &flags, - f_vrfy, - NULL); - - TEST_EQUAL(res, result); - TEST_EQUAL(flags, (uint32_t) (flags_result)); - } -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - mbedtls_x509_crl_free(&crl); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name, - int exp_ret) -{ - int ret; - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - uint32_t flags = 0; - - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - - if (strcmp(name, "NULL") == 0) { - name = NULL; - } - - ret = mbedtls_x509_crt_verify_with_ca_cb(&crt, ca_callback_fail, &ca, - &compat_profile, name, &flags, - NULL, NULL); - - TEST_EQUAL(ret, exp_ret); - TEST_EQUAL(flags, (uint32_t) (-1)); -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_verify_callback(char *crt_file, char *ca_file, char *name, - int exp_ret, char *exp_vrfy_out) -{ - int ret; - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - uint32_t flags = 0; - verify_print_context vrfy_ctx; - - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - MD_OR_USE_PSA_INIT(); - - verify_print_init(&vrfy_ctx); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - - if (strcmp(name, "NULL") == 0) { - name = NULL; - } - - ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL, - &compat_profile, - name, &flags, - verify_print, &vrfy_ctx); - - TEST_EQUAL(ret, exp_ret); - TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0); - -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_dn_gets_subject_replace(char *crt_file, - char *new_subject_ou, - char *result_str, - int ret) -{ - mbedtls_x509_crt crt; - char buf[2000]; - int res = 0; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - crt.subject.next->val.p = (unsigned char *) new_subject_ou; - crt.subject.next->val.len = strlen(new_subject_ou); - - res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); - - if (ret != 0) { - TEST_EQUAL(res, ret); - } else { - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - TEST_EQUAL(strcmp(buf, result_str), 0); - } -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) -{ - mbedtls_x509_crt crt; - char buf[2000]; - int res = 0; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - if (strcmp(entity, "subject") == 0) { - res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); - } else if (strcmp(entity, "issuer") == 0) { - res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer); - } else { - TEST_FAIL("Unknown entity"); - } - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret) -{ - unsigned char *name = NULL; - unsigned char *p; - size_t name_len; - mbedtls_x509_name head; - int ret; - - USE_PSA_INIT(); - memset(&head, 0, sizeof(head)); - - name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len); - p = name; - - ret = mbedtls_x509_get_name(&p, (name + name_len), &head); - if (ret == 0) { - mbedtls_asn1_free_named_data_list_shallow(head.next); - } - - TEST_EQUAL(ret, exp_ret); - -exit: - mbedtls_free(name); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_dn_get_next(char *name_str, - int next_merged, - char *expected_oids, - int exp_count, - char *exp_dn_gets) -{ - int ret = 0, i; - size_t len = 0, out_size; - mbedtls_asn1_named_data *names = NULL; - mbedtls_x509_name parsed; - memset(&parsed, 0, sizeof(parsed)); - mbedtls_x509_name *parsed_cur; - // Size of buf is maximum required for test cases - unsigned char buf[80] = { 0 }; - unsigned char *out = NULL; - unsigned char *c = buf + sizeof(buf); - const char *short_name; - - USE_PSA_INIT(); - - // Additional size required for trailing space - out_size = strlen(expected_oids) + 2; - TEST_CALLOC(out, out_size); - - TEST_EQUAL(mbedtls_x509_string_to_names(&names, name_str), 0); - - ret = mbedtls_x509_write_names(&c, buf, names); - TEST_LE_S(0, ret); - - TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0); - TEST_EQUAL(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed), 0); - - // Iterate over names and set next_merged nodes - parsed_cur = &parsed; - for (; next_merged != 0 && parsed_cur != NULL; next_merged = next_merged >> 1) { - parsed_cur->next_merged = next_merged & 0x01; - parsed_cur = parsed_cur->next; - } - - // Iterate over RDN nodes and print OID of first element to buffer - parsed_cur = &parsed; - len = 0; - for (i = 0; parsed_cur != NULL; i++) { - TEST_EQUAL(mbedtls_oid_get_attr_short_name(&parsed_cur->oid, - &short_name), 0); - len += mbedtls_snprintf((char *) out + len, out_size - len, "%s ", short_name); - parsed_cur = mbedtls_x509_dn_get_next(parsed_cur); - } - out[len-1] = 0; - - TEST_EQUAL(exp_count, i); - TEST_EQUAL(strcmp((char *) out, expected_oids), 0); - mbedtls_free(out); - out = NULL; - - out_size = strlen(exp_dn_gets) + 1; - TEST_CALLOC(out, out_size); - - TEST_LE_S(0, mbedtls_x509_dn_gets((char *) out, out_size, &parsed)); - TEST_EQUAL(strcmp((char *) out, exp_dn_gets), 0); -exit: - mbedtls_free(out); - mbedtls_asn1_free_named_data_list(&names); - mbedtls_asn1_free_named_data_list_shallow(parsed.next); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - if (strcmp(entity, "valid_from") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result); - } else if (strcmp(entity, "valid_to") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result); - } else { - TEST_FAIL("Unknown entity"); - } - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - if (strcmp(entity, "valid_from") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result); - } else if (strcmp(entity, "valid_to") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result); - } else { - TEST_FAIL("Unknown entity"); - } - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509parse_crt_file(char *crt_file, int result) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void mbedtls_x509_get_ca_istrue(char *crt_file, int result) -{ - mbedtls_x509_crt crt; - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_get_ca_istrue(&crt), result); -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509parse_crt(data_t *buf, char *result_str, int result) -{ - mbedtls_x509_crt crt; -#if !defined(MBEDTLS_X509_REMOVE_INFO) - unsigned char output[2000] = { 0 }; - int res; -#else - ((void) result_str); -#endif - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - memset(output, 0, 2000); - - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL), - result); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL), - result); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509parse_crt_cb(data_t *buf, char *result_str, int result) -{ - mbedtls_x509_crt crt; - mbedtls_x509_buf oid; - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - unsigned char output[2000] = { 0 }; - int res; -#else - ((void) result_str); -#endif - - oid.tag = MBEDTLS_ASN1_OID; - oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); - oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F"; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, - &oid), result); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, - &oid), (result)); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void x509parse_crl(data_t *buf, char *result_str, int result) -{ - mbedtls_x509_crl crl; - unsigned char output[2000]; - int res; - - mbedtls_x509_crl_init(&crl); - USE_PSA_INIT(); - - memset(output, 0, 2000); - - - TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result)); - if ((result) == 0) { - res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - -exit: - mbedtls_x509_crl_free(&crl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret) -{ - mbedtls_x509_csr csr; - char my_out[1000]; - int my_ret; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - - memset(my_out, 0, sizeof(my_out)); - - my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len); - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_EQUAL(my_out_len, strlen(ref_out)); - TEST_EQUAL(strcmp(my_out, ref_out), 0); - } - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_parse_with_ext_cb(data_t *csr_der, char *ref_out, int ref_ret, int accept) -{ - mbedtls_x509_csr csr; - char my_out[1000]; - int my_ret; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - - memset(my_out, 0, sizeof(my_out)); - - my_ret = mbedtls_x509_csr_parse_der_with_ext_cb(&csr, csr_der->x, csr_der->len, - accept ? parse_csr_ext_accept_cb : - parse_csr_ext_reject_cb, - NULL); - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_EQUAL(my_out_len, strlen(ref_out)); - TEST_EQUAL(strcmp(my_out, ref_out), 0); - } - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret) -{ - mbedtls_x509_csr csr; - char my_out[1000]; - int my_ret; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - - memset(my_out, 0, sizeof(my_out)); - - my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file); - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_EQUAL(my_out_len, strlen(ref_out)); - TEST_EQUAL(strcmp(my_out, ref_out), 0); - } - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt) -{ - mbedtls_x509_crt chain, *cur; - int i; - - mbedtls_x509_crt_init(&chain); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret); - - /* Check how many certs we got */ - for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { - if (cur->raw.p != NULL) { - i++; - } - } - - TEST_EQUAL(i, nb_crt); - -exit: - mbedtls_x509_crt_free(&chain); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) -{ - mbedtls_x509_crt chain, *cur; - int i; - - mbedtls_x509_crt_init(&chain); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret); - - /* Check how many certs we got */ - for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { - if (cur->raw.p != NULL) { - i++; - } - } - - TEST_EQUAL(i, nb_crt); - -exit: - mbedtls_x509_crt_free(&chain); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int, - int ret_chk, int flags_chk) -{ - char file_buf[128]; - int ret; - uint32_t flags; - mbedtls_x509_crt trusted, chain; - - /* - * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. - * with NN.crt signed by NN-1.crt - */ - mbedtls_x509_crt_init(&trusted); - mbedtls_x509_crt_init(&chain); - MD_OR_USE_PSA_INIT(); - - /* Load trusted root */ - TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0); - - /* Load a chain with nb_int intermediates (from 01 to nb_int), - * plus one "end-entity" cert (nb_int + 1) */ - ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir, - nb_int + 1); - TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf)); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0); - - /* Try to verify that chain */ - ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, - NULL, NULL); - TEST_EQUAL(ret, ret_chk); - TEST_EQUAL(flags, (uint32_t) flags_chk); - -exit: - mbedtls_x509_crt_free(&chain); - mbedtls_x509_crt_free(&trusted); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca, - int flags_result, int result, - char *profile_name, int vrfy_fatal_lvls) -{ - char *act; - uint32_t flags; - int res; - mbedtls_x509_crt trusted, chain; - const mbedtls_x509_crt_profile *profile = NULL; - - mbedtls_x509_crt_init(&chain); - mbedtls_x509_crt_init(&trusted); - MD_OR_USE_PSA_INIT(); - - while ((act = mystrsep(&chain_paths, " ")) != NULL) { - TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0); - } - TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0); - - if (strcmp(profile_name, "") == 0) { - profile = &mbedtls_x509_crt_profile_default; - } else if (strcmp(profile_name, "next") == 0) { - profile = &mbedtls_x509_crt_profile_next; - } else if (strcmp(profile_name, "suiteb") == 0) { - profile = &mbedtls_x509_crt_profile_suiteb; - } else if (strcmp(profile_name, "rsa3072") == 0) { - profile = &profile_rsa3072; - } else if (strcmp(profile_name, "sha512") == 0) { - profile = &profile_sha512; - } - - res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile, - NULL, &flags, verify_fatal, &vrfy_fatal_lvls); - - TEST_EQUAL(res, (result)); - TEST_EQUAL(flags, (uint32_t) (flags_result)); - -exit: - mbedtls_x509_crt_free(&trusted); - mbedtls_x509_crt_free(&chain); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ -void x509_oid_desc(data_t *buf, char *ref_desc) -{ - mbedtls_x509_buf oid; - const char *desc = NULL; - int ret; - - USE_PSA_INIT(); - - oid.tag = MBEDTLS_ASN1_OID; - oid.p = buf->x; - oid.len = buf->len; - - ret = mbedtls_oid_get_extended_key_usage(&oid, &desc); - - if (strcmp(ref_desc, "notfound") == 0) { - TEST_ASSERT(ret != 0); - TEST_ASSERT(desc == NULL); - } else { - TEST_EQUAL(ret, 0); - TEST_ASSERT(desc != NULL); - TEST_EQUAL(strcmp(desc, ref_desc), 0); - } - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret) -{ - mbedtls_x509_buf oid; - char num_buf[100]; - - USE_PSA_INIT(); - - memset(num_buf, 0x2a, sizeof(num_buf)); - - oid.tag = MBEDTLS_ASN1_OID; - oid.p = oid_buf->x; - oid.len = oid_buf->len; - - TEST_ASSERT((size_t) blen <= sizeof(num_buf)); - - TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret); - - if (ret >= 0) { - TEST_EQUAL(num_buf[ret], 0); - TEST_EQUAL(strcmp(num_buf, numstr), 0); - } - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_check_key_usage(char *crt_file, int usage, int ret) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret - ) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len), - ret); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void x509_get_time(int tag, char *time_str, int ret, int year, int mon, - int day, int hour, int min, int sec) -{ - mbedtls_x509_time time; - unsigned char buf[21]; - unsigned char *start = buf; - unsigned char *end = buf; - - USE_PSA_INIT(); - memset(&time, 0x00, sizeof(time)); - *end = (unsigned char) tag; end++; - *end = strlen(time_str); - TEST_ASSERT(*end < 20); - end++; - memcpy(end, time_str, (size_t) *(end - 1)); - end += *(end - 1); - - TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret); - if (ret == 0) { - TEST_EQUAL(year, time.year); - TEST_EQUAL(mon, time.mon); - TEST_EQUAL(day, time.day); - TEST_EQUAL(hour, time.hour); - TEST_EQUAL(min, time.min); - TEST_EQUAL(sec, time.sec); - } -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -void x509_parse_rsassa_pss_params(data_t *params, int params_tag, - int ref_msg_md, int ref_mgf_md, - int ref_salt_len, int ref_ret) -{ - int my_ret; - mbedtls_x509_buf buf; - mbedtls_md_type_t my_msg_md, my_mgf_md; - int my_salt_len; - - USE_PSA_INIT(); - - buf.p = params->x; - buf.len = params->len; - buf.tag = params_tag; - - my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md, - &my_salt_len); - - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md); - TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md); - TEST_EQUAL(my_salt_len, ref_salt_len); - } - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); - - if (ref_ret == 0) { - TEST_EQUAL(crt.subject_key_id.tag, MBEDTLS_ASN1_OCTET_STRING); - TEST_EQUAL(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len), 0); - TEST_EQUAL(crt.subject_key_id.len, subjectKeyId->len); - } else { - TEST_EQUAL(crt.subject_key_id.tag, 0); - TEST_EQUAL(crt.subject_key_id.len, 0); - } - -exit: - mbedtls_x509_crt_free(&crt); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509_crt_parse_authoritykeyid(char *file, - data_t *keyId, - char *authorityKeyId_issuer, - data_t *serial, - int ref_ret) -{ - mbedtls_x509_crt crt; - mbedtls_x509_subject_alternative_name san; - char name_buf[128]; - - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); - - if (ref_ret == 0) { - /* KeyId test */ - if (keyId->len > 0) { - TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING); - TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0); - TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len); - } else { - TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); - TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); - } - - - /* Issuer test */ - if (strlen(authorityKeyId_issuer) > 0) { - mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; - - TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0); - - TEST_ASSERT(mbedtls_x509_dn_gets(name_buf, sizeof(name_buf), - &san.san.directory_name) - > 0); - TEST_EQUAL(strcmp(name_buf, authorityKeyId_issuer), 0); - - mbedtls_x509_free_subject_alt_name(&san); - } - - /* Serial test */ - if (serial->len > 0) { - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, - MBEDTLS_ASN1_INTEGER); - TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, - serial->x, serial->len), 0); - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len); - } else { - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); - } - - } else { - TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); - TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); - - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); - } - -exit: - mbedtls_x509_crt_free(&crt); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str) -{ - char buf[256]; - mbedtls_asn1_buf input_oid = { 0, 0, NULL }; - int ret; - - input_oid.tag = MBEDTLS_ASN1_OID; - /* Test that an empty OID is not dereferenced */ - input_oid.p = oid->len ? oid->x : (void *) 1; - input_oid.len = oid->len; - - ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid); - - if (error_ret == 0) { - TEST_EQUAL(ret, strlen(result_str)); - TEST_ASSERT(ret >= 3); - TEST_EQUAL(strcmp(buf, result_str), 0); - } else { - TEST_EQUAL(ret, error_ret); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data deleted file mode 100644 index e4e08dafc..000000000 --- a/tests/suites/test_suite_x509write.data +++ /dev/null @@ -1,319 +0,0 @@ -Certificate Request check Server1 SHA1 -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0 - -Certificate Request check Server1 SHA224 -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0 - -Certificate Request check Server1 SHA256 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0 - -Certificate Request check Server1 SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0 - -Certificate Request check Server1 SHA512 -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0:0 - -Certificate Request check Server1 MD5 -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0:0 - -Certificate Request check Server1 key_usage -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0 - -Certificate Request check opaque Server1 key_usage -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check_opaque:"../framework/data_files/server1.key":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 - -Certificate Request check Server1 key_usage empty -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0:0 - -Certificate Request check Server1 ns_cert_type -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 - -Certificate Request check Server1 ns_cert_type empty -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1:0 - -Certificate Request check Server1 key_usage + ns_cert_type -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 - -Certificate Request check Server5 ECDSA, key_usage -depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_256 -x509_csr_check:"../framework/data_files/server5.key":"../framework/data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0 - -Certificate Request check Server1, set_extension -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1 - -Certificate Request check opaque Server5 ECDSA, key_usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256 -x509_csr_check_opaque:"../framework/data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 - -Certificate write check Server1 SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not before 1970 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not before 1970, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not before 2050, not after 2059 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, one ext_key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"../framework/data_files/server1.key_ext_usage.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, two ext_key_usages -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"../framework/data_files/server1.key_ext_usages.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":0:1:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"../framework/data_files/server1.key_usage_noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"../framework/data_files/server1.cert_type_noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Serial starting with 0x80 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.80serial.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, All 0xFF full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server5 ECDSA -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 -x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 - -Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 - -Certificate write check Server1 SHA1, SubjectAltNames -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.allSubjectAltNames.crt":0:0:"../framework/data_files/test-ca.crt":1 - -X509 String to Names #1 -mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0:0 - -X509 String to Names #2 -mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #3 (Name precisely 255 bytes) -mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0:0 - -X509 String to Names #4 (Name larger than 255 bytes) -mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #5 (Escape non-allowed characters) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #6 (Escape at end) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #7 (Invalid, no '=' or ',') -mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #8 (Escaped valid characters) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0:0 - -X509 String to Names #9 (Escaped ascii hexpairs uppercase encoded) -mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names #10 (Escaped ascii hexpairs lowercase encoded) -mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names #11 (Invalid hexpair escape at end of string) -mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #12 (Reject escaped null hexpair) -mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #13 (Invalid hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #14 (Accept numercoid/hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -# TODO: Should the trailing garbage be ignored? -X509 String to Names (hexstring: trailing garbage after DER is ignored) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726Baa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names: long hexstring (payload=256 bytes) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C82010041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141, OU=PolarSSL":"C=NL, O=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, OU=PolarSSL":0:MAY_FAIL_DN_GETS - -X509 String to Names: long hexstring (payload=257 bytes) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C820101aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #15 (Odd length DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (empty DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (empty DER hexstring at end) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (1-byte DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (1-byte DER hexstring at end) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #16 (hexstring: DER length exceeds available data) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #17 (hexstring: Invalid OID) -mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #18 (short name and hexstring) -mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names (null byte in hexstring with string type) -mbedtls_x509_string_to_names:"C=NL, O=#0C0100, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (null byte in hexstring with non-string type) -mbedtls_x509_string_to_names:"C=NL, O=#040100, OU=PolarSSL":"C=NL, O=\\x00, OU=PolarSSL":0:MAY_FAIL_GET_NAME - -X509 String to Names #19 (Accept non-ascii hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0:0 - -X509 String to Names #20 (Reject empty AttributeValue) -mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 Round trip test (Escaped characters) -mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 - -X509 Round trip test (hexstring output for non string input) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0:0 - -X509 Round trip test (numercoid hexstring output for unknown OID) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0:0 - -Check max serial length -x509_set_serial_check: - -Check max extension length -x509_set_extension_length_check: - -OID from numeric string - hardware module name -oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804" - -OID from numeric string - multi-byte subidentifier -oid_from_numeric_string:"1.1.2108":0:"29903C" - -OID from numeric string - second component greater than 39 -oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00" - -OID from numeric string - multi-byte first subidentifier -oid_from_numeric_string:"2.999":0:"8837" - -OID from numeric string - empty string input -oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - first component not a number -oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - second component not a number -oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - first component too large -oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - first component < 2, second > 39 -oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - third component not a number -oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - non-'.' separator between first and second -oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - non-'.' separator between second and third -oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - non-'.' separator between third and fourth -oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - OID greater than max length (129 components) -oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - OID with maximum subidentifier -oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" - -OID from numeric string - OID with overflowing subidentifier -oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function deleted file mode 100644 index d0fdd8aee..000000000 --- a/tests/suites/test_suite_x509write.function +++ /dev/null @@ -1,793 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/bignum.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" -#include "x509_internal.h" -#include "mbedtls/pem.h" -#include "mbedtls/oid.h" -#include "mbedtls/rsa.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/pk.h" -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_PEM_WRITE_C) && \ - defined(MBEDTLS_X509_CRT_WRITE_C) && \ - defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(PSA_WANT_ALG_SHA_1) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len) -{ - return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, - olen, input, output, output_max_len); -} -static int mbedtls_rsa_sign_func(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig) -{ - return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, - md_alg, hashlen, hash, sig); -} -static size_t mbedtls_rsa_key_len_func(void *ctx) -{ - return ((const mbedtls_rsa_context *) ctx)->len; -} -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) -static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) -{ - unsigned char hash[PSA_HASH_MAX_SIZE]; - mbedtls_x509_csr csr; - int ret = 0; - - mbedtls_x509_csr_init(&csr); - - if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - - psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md); - size_t hash_size = 0; - psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len, - hash, PSA_HASH_MAX_SIZE, &hash_size); - - if (status != PSA_SUCCESS) { - /* Note: this can't happen except after an internal error */ - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - - if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, - csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), - csr.sig.p, csr.sig.len) != 0) { - ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; - goto cleanup; - } - -cleanup: - - mbedtls_x509_csr_free(&csr); - return ret; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) - -/* - * The size of this temporary buffer is given by the sequence of functions - * called hereinafter: - * - mbedtls_asn1_write_oid() - * - 8 bytes for MBEDTLS_OID_EXTENDED_KEY_USAGE raw value - * - 1 byte for MBEDTLS_OID_EXTENDED_KEY_USAGE length - * - 1 byte for MBEDTLS_ASN1_OID tag - * - mbedtls_asn1_write_len() - * - 1 byte since we're dealing with sizes which are less than 0x80 - * - mbedtls_asn1_write_tag() - * - 1 byte - * - * This length is fine as long as this function is called using the - * MBEDTLS_OID_SERVER_AUTH OID. If this is changed in the future, then this - * buffer's length should be adjusted accordingly. - * Unfortunately there's no predefined max size for OIDs which can be used - * to set an overall upper boundary which is always guaranteed. - */ -#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH 12 - -static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len) -{ - unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; - unsigned char *p = buf + sizeof(buf); - int ret; - size_t len = 0; - - /* - * Following functions fail anyway if the temporary buffer is not large, - * but we set an extra check here to emphasize a possible source of errors - */ - if (oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(&p, buf, oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, ret)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - ret = mbedtls_x509write_csr_set_extension(ctx, - MBEDTLS_OID_EXTENDED_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), - 0, - p, - len); - - return ret; -} -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - -/* Due to inconsistencies in the input size limits applied by different - * library functions, some write-parse tests may fail. */ -#define MAY_FAIL_GET_NAME 0x0001 -#define MAY_FAIL_DN_GETS 0x0002 - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ -void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, - int key_usage, int set_key_usage, int cert_type, - int set_cert_type, int set_extension) -{ - mbedtls_pk_context key; - mbedtls_x509write_csr req; - unsigned char buf[4096]; - int ret; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char check_buf[4000]; - FILE *f; - size_t olen = 0; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - size_t pem_len = 0, buf_index; - int der_len = -1; - const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - mbedtls_test_rnd_pseudo_info rnd_info; - mbedtls_x509_san_list san_ip; - mbedtls_x509_san_list san_dns; - mbedtls_x509_san_list san_uri; - mbedtls_x509_san_list san_mail; - mbedtls_x509_san_list san_dn; - mbedtls_x509_san_list *san_list = NULL; - mbedtls_asn1_named_data *ext_san_dirname = NULL; - - const char san_ip_name[] = { 0x7f, 0x00, 0x00, 0x01 }; // 127.0.0.1 - const char *san_dns_name = "example.com"; - const char *san_dn_name = "C=UK,O=Mbed TLS,CN=Mbed TLS directoryName SAN"; - const char *san_mail_name = "mail@example.com"; - const char *san_uri_name = "http://pki.example.com"; - - san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; - san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; - san_mail.node.san.unstructured_name.len = strlen(san_mail_name); - san_mail.next = NULL; - - san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; - san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; - san_dns.node.san.unstructured_name.len = strlen(san_dns_name); - san_dns.next = &san_mail; - - san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, - san_dn_name) == 0); - san_dn.node.san.directory_name = *ext_san_dirname; - san_dn.next = &san_dns; - - san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; - san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); - san_ip.next = &san_dn; - - san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; - san_uri.node.san.unstructured_name.len = strlen(san_uri_name); - san_uri.next = &san_ip; - - san_list = &san_uri; - - memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); - - mbedtls_x509write_csr_set_md_alg(&req, md_type); - mbedtls_x509write_csr_set_key(&req, &key); - TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0); - if (set_key_usage != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0); - } - if (set_cert_type != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); - } - if (set_extension != 0) { - TEST_ASSERT(csr_set_extended_key_usage(&req, MBEDTLS_OID_SERVER_AUTH, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) == 0); - - TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0); - } - - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used - (void) cert_req_check_file; - buf[pem_len] = '\0'; - TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); -#else - f = fopen(cert_req_check_file, "r"); - TEST_ASSERT(f != NULL); - olen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); - TEST_ASSERT(der_len >= 0); - - if (der_len == 0) { - goto exit; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - // When using PSA crypto, RNG isn't controllable, result length isn't - // deterministic over multiple runs, removing a single byte isn't enough to - // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case - der_len /= 2; -#else - der_len -= 1; -#endif - ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); - TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - -exit: - mbedtls_asn1_free_named_data_list(&ext_san_dirname); - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */ -void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, - int cert_type) -{ - mbedtls_pk_context key; - mbedtls_pk_init(&key); - - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - mbedtls_x509write_csr req; - mbedtls_x509write_csr_init(&req); - - unsigned char buf[4096]; - int ret; - size_t pem_len = 0; - const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - mbedtls_test_rnd_pseudo_info rnd_info; - - MD_OR_USE_PSA_INIT(); - - memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); - - /* Turn the PK context into an opaque one. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0); - mbedtls_pk_free(&key); - mbedtls_pk_init(&key); - TEST_EQUAL(mbedtls_pk_setup_opaque(&key, key_id), 0); - - mbedtls_x509write_csr_set_md_alg(&req, md_type); - mbedtls_x509write_csr_set_key(&req, &key); - TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0); - if (key_usage != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0); - } - if (cert_type != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); - } - - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1, - mbedtls_test_rnd_pseudo_rand, &rnd_info); - - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - buf[pem_len] = '\0'; - TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); - - -exit: - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - psa_destroy_key(key_id); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_X509_CRT_PARSE_C:PSA_WANT_ALG_SHA_1 */ -void x509_crt_check(char *subject_key_file, char *subject_pwd, - char *subject_name, char *issuer_key_file, - char *issuer_pwd, char *issuer_name, - data_t *serial_arg, char *not_before, char *not_after, - int md_type, int key_usage, int set_key_usage, - char *ext_key_usage, - int cert_type, int set_cert_type, int auth_ident, - int ver, char *cert_check_file, int pk_wrap, int is_ca, - char *cert_verify_file, int set_subjectAltNames) -{ - mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; - mbedtls_pk_context *key = &issuer_key; - - mbedtls_x509write_cert crt; - unsigned char buf[4096]; - unsigned char check_buf[5000]; - unsigned char *p, *end; - unsigned char tag, sz; -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; -#endif - int ret, before_tag, after_tag; - size_t olen = 0, pem_len = 0, buf_index = 0; - int der_len = -1; - FILE *f; - mbedtls_test_rnd_pseudo_info rnd_info; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; -#endif - mbedtls_pk_type_t issuer_key_type; - mbedtls_x509_san_list san_ip; - mbedtls_x509_san_list san_dns; - mbedtls_x509_san_list san_uri; - mbedtls_x509_san_list san_mail; - mbedtls_x509_san_list san_dn; - mbedtls_asn1_named_data *ext_san_dirname = NULL; - const char san_ip_name[] = { 0x01, 0x02, 0x03, 0x04 }; - const char *san_dns_name = "example.com"; - const char *san_dn_name = "C=UK,O=Mbed TLS,CN=SubjectAltName test"; - const char *san_mail_name = "mail@example.com"; - const char *san_uri_name = "http://pki.example.com"; - mbedtls_x509_san_list *san_list = NULL; - - if (set_subjectAltNames) { - san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; - san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; - san_mail.node.san.unstructured_name.len = strlen(san_mail_name); - san_mail.next = NULL; - - san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; - san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; - san_dns.node.san.unstructured_name.len = strlen(san_dns_name); - san_dns.next = &san_mail; - - san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, - san_dn_name) == 0); - san_dn.node.san.directory_name = *ext_san_dirname; - san_dn.next = &san_dns; - - san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; - san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); - san_ip.next = &san_dn; - - san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; - san_uri.node.san.unstructured_name.len = strlen(san_uri_name); - san_uri.next = &san_ip; - - san_list = &san_uri; - } - - memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_init(&serial_mpi); -#endif - - mbedtls_pk_init(&subject_key); - mbedtls_pk_init(&issuer_key); - mbedtls_pk_init(&issuer_key_alt); - mbedtls_x509write_crt_init(&crt); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file, - subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file, - issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); - - issuer_key_type = mbedtls_pk_get_type(&issuer_key); - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) - /* For RSA PK contexts, create a copy as an alternative RSA context. */ - if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) { - TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt, - mbedtls_pk_rsa(issuer_key), - mbedtls_rsa_decrypt_func, - mbedtls_rsa_sign_func, - mbedtls_rsa_key_len_func) == 0); - - key = &issuer_key_alt; - } -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Turn the issuer PK context into an opaque one. */ - if (pk_wrap == 2) { - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH, - &key_attr), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0); - mbedtls_pk_free(&issuer_key); - mbedtls_pk_init(&issuer_key); - TEST_EQUAL(mbedtls_pk_setup_opaque(&issuer_key, key_id), 0); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (pk_wrap == 2) { - TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE); - } - - if (ver != -1) { - mbedtls_x509write_crt_set_version(&crt, ver); - } - -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x, - serial_arg->len) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0); -#else - TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x, - serial_arg->len) == 0); -#endif - TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before, - not_after) == 0); - mbedtls_x509write_crt_set_md_alg(&crt, md_type); - TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) == 0); - mbedtls_x509write_crt_set_subject_key(&crt, &subject_key); - - mbedtls_x509write_crt_set_issuer_key(&crt, key); - - if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) { - /* For the CA case, a path length of -1 means unlimited. */ - TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca, - (is_ca ? -1 : 0)) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) == 0); - if (auth_ident) { - TEST_ASSERT(mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0); - } - if (set_key_usage != 0) { - TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) == 0); - } - if (set_cert_type != 0) { - TEST_ASSERT(mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0); - } - if (strcmp(ext_key_usage, "NULL") != 0) { - mbedtls_asn1_sequence exts[2]; - memset(exts, 0, sizeof(exts)); - -#define SET_OID(x, oid) \ - do { \ - x.len = MBEDTLS_OID_SIZE(oid); \ - x.p = (unsigned char *) oid; \ - x.tag = MBEDTLS_ASN1_OID; \ - } \ - while (0) - - if (strcmp(ext_key_usage, "serverAuth") == 0) { - SET_OID(exts[0].buf, MBEDTLS_OID_SERVER_AUTH); - } else if (strcmp(ext_key_usage, "codeSigning,timeStamping") == 0) { - SET_OID(exts[0].buf, MBEDTLS_OID_CODE_SIGNING); - exts[0].next = &exts[1]; - SET_OID(exts[1].buf, MBEDTLS_OID_TIME_STAMPING); - } - TEST_ASSERT(mbedtls_x509write_crt_set_ext_key_usage(&crt, exts) == 0); - } - } - - if (set_subjectAltNames) { - TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); - } - ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - // check that the rest of the buffer remains clear - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); - } - - if (issuer_key_type != MBEDTLS_PK_RSA) { - mbedtls_x509_crt crt_parse, trusted; - uint32_t flags; - - mbedtls_x509_crt_init(&crt_parse); - mbedtls_x509_crt_init(&trusted); - - TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, - cert_verify_file) == 0); - TEST_ASSERT(mbedtls_x509_crt_parse(&crt_parse, - buf, sizeof(buf)) == 0); - - ret = mbedtls_x509_crt_verify(&crt_parse, &trusted, NULL, NULL, &flags, - NULL, NULL); - - mbedtls_x509_crt_free(&crt_parse); - mbedtls_x509_crt_free(&trusted); - - TEST_EQUAL(flags, 0); - TEST_EQUAL(ret, 0); - } else if (*cert_check_file != '\0') { - f = fopen(cert_check_file, "r"); - TEST_ASSERT(f != NULL); - olen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - TEST_ASSERT(olen < sizeof(check_buf)); - - TEST_EQUAL(olen, pem_len); - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); - } - - der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); - TEST_ASSERT(der_len >= 0); - - if (der_len == 0) { - goto exit; - } - - // Not testing against file, check date format - if (*cert_check_file == '\0') { - // UTC tag if before 2050, 2 digits less for year - if (not_before[0] == '2' && (not_before[1] > '0' || not_before[2] > '4')) { - before_tag = MBEDTLS_ASN1_GENERALIZED_TIME; - } else { - before_tag = MBEDTLS_ASN1_UTC_TIME; - not_before += 2; - } - if (not_after[0] == '2' && (not_after[1] > '0' || not_after[2] > '4')) { - after_tag = MBEDTLS_ASN1_GENERALIZED_TIME; - } else { - after_tag = MBEDTLS_ASN1_UTC_TIME; - not_after += 2; - } - end = buf + sizeof(buf); - for (p = end - der_len; p < end;) { - tag = *p++; - sz = *p++; - if (tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME) { - // Check correct tag and time written - TEST_ASSERT(before_tag == tag); - TEST_ASSERT(memcmp(p, not_before, sz - 1) == 0); - p += sz; - tag = *p++; - sz = *p++; - TEST_ASSERT(after_tag == tag); - TEST_ASSERT(memcmp(p, not_after, sz - 1) == 0); - break; - } - // Increment if long form ASN1 length - if (sz & 0x80) { - p += sz & 0x0F; - } - if (tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - p += sz; - } - } - TEST_ASSERT(p < end); - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - // When using PSA crypto, RNG isn't controllable, result length isn't - // deterministic over multiple runs, removing a single byte isn't enough to - // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case - if (issuer_key_type != MBEDTLS_PK_RSA) { - der_len /= 2; - } else -#endif - der_len -= 1; - - ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); - TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - -exit: - mbedtls_asn1_free_named_data_list(&ext_san_dirname); - mbedtls_x509write_crt_free(&crt); - mbedtls_pk_free(&issuer_key_alt); - mbedtls_pk_free(&subject_key); - mbedtls_pk_free(&issuer_key); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_free(&serial_mpi); -#endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key(key_id); -#endif - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_WRITE_C */ -void x509_set_serial_check() -{ - mbedtls_x509write_cert ctx; - uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1]; - -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; - mbedtls_mpi_init(&serial_mpi); -#endif - - USE_PSA_INIT(); - memset(invalid_serial, 0x01, sizeof(invalid_serial)); - -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial, - sizeof(invalid_serial)), 0); - TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi), - MBEDTLS_ERR_X509_BAD_INPUT_DATA); -#endif - - TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial, - sizeof(invalid_serial)), - MBEDTLS_ERR_X509_BAD_INPUT_DATA); - -exit: -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_free(&serial_mpi); -#else - ; -#endif - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */ -void mbedtls_x509_string_to_names(char *name, char *parsed_name, - int result, int may_fail) -{ - int ret; - size_t len = 0; - mbedtls_asn1_named_data *names = NULL; - mbedtls_x509_name parsed; - memset(&parsed, 0, sizeof(parsed)); - mbedtls_x509_name *parsed_cur = NULL; - mbedtls_x509_name *parsed_prv = NULL; - unsigned char buf[1024] = { 0 }; - unsigned char out[1024] = { 0 }; - unsigned char *c = buf + sizeof(buf); - - USE_PSA_INIT(); - - ret = mbedtls_x509_string_to_names(&names, name); - TEST_EQUAL(ret, result); - - if (ret != 0) { - goto exit; - } - - ret = mbedtls_x509_write_names(&c, buf, names); - TEST_LE_S(1, ret); - - TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0); - ret = mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed); - if ((may_fail & MAY_FAIL_GET_NAME) && ret < 0) { - /* Validation inconsistency between mbedtls_x509_string_to_names() and - * mbedtls_x509_get_name(). Accept it for now. */ - goto exit; - } - TEST_EQUAL(ret, 0); - - ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed); - if ((may_fail & MAY_FAIL_DN_GETS) && ret < 0) { - /* Validation inconsistency between mbedtls_x509_string_to_names() and - * mbedtls_x509_dn_gets(). Accept it for now. */ - goto exit; - } - TEST_LE_S(1, ret); - TEST_ASSERT(strcmp((char *) out, parsed_name) == 0); - -exit: - mbedtls_asn1_free_named_data_list(&names); - - parsed_cur = parsed.next; - while (parsed_cur != 0) { - parsed_prv = parsed_cur; - parsed_cur = parsed_cur->next; - mbedtls_free(parsed_prv); - } - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_WRITE_C */ -void x509_set_extension_length_check() -{ - int ret = 0; - - mbedtls_x509write_csr ctx; - mbedtls_x509write_csr_init(&ctx); - - unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; - unsigned char *p = buf + sizeof(buf); - - ret = mbedtls_x509_set_extension(&(ctx.MBEDTLS_PRIVATE(extensions)), - MBEDTLS_OID_EXTENDED_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), - 0, - p, - SIZE_MAX); - TEST_ASSERT(MBEDTLS_ERR_X509_BAD_INPUT_DATA == ret); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void oid_from_numeric_string(char *oid_str, int error_ret, - data_t *exp_oid_buf) -{ - mbedtls_asn1_buf oid = { 0, 0, NULL }; - mbedtls_asn1_buf exp_oid = { 0, 0, NULL }; - int ret; - - exp_oid.tag = MBEDTLS_ASN1_OID; - exp_oid.p = exp_oid_buf->x; - exp_oid.len = exp_oid_buf->len; - - ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str)); - - if (error_ret == 0) { - TEST_EQUAL(oid.len, exp_oid.len); - TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0); - mbedtls_free(oid.p); - oid.p = NULL; - oid.len = 0; - } else { - TEST_EQUAL(ret, error_ret); - } -} -/* END_CASE */ diff --git a/tf-psa-crypto b/tf-psa-crypto deleted file mode 160000 index e95def83c..000000000 --- a/tf-psa-crypto +++ /dev/null @@ -1 +0,0 @@ -Subproject commit e95def83c262522fd0c78b89837b218ac839138a diff --git a/visualc/VS2017/.gitignore b/visualc/VS2017/.gitignore deleted file mode 100644 index a9ded4aab..000000000 --- a/visualc/VS2017/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -# Files that may be left over from check-generated-files.sh -/*.bak - -# Visual Studio artifacts -/.localhistory/ -/.vs/ -/Debug/ -/Release/ -/*.vcxproj.filters -/*.vcxproj.user - -###START_GENERATED_FILES### -# Files automatically generated by generate_visualc_files.pl -/mbedTLS.sln -/*.vcxproj -###END_GENERATED_FILES### From 1b2dd2d069dba9d75a77d9b1c986af95cf6d702c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Dec 2024 16:46:56 +0100 Subject: [PATCH 30/31] scripts: fix paths in files moved from Mbed TLS Signed-off-by: Valerio Setti --- scripts/doxygen.sh | 2 +- scripts/recursion.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/doxygen.sh b/scripts/doxygen.sh index b6a1d4594..07c08f673 100755 --- a/scripts/doxygen.sh +++ b/scripts/doxygen.sh @@ -13,7 +13,7 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi -if scripts/apidoc_full.sh > doc.out 2>doc.err; then :; else +if ./framework/scripts/apidoc_full.sh > doc.out 2>doc.err; then :; else cat doc.err echo "FAIL" >&2 exit 1; diff --git a/scripts/recursion.pl b/scripts/recursion.pl index 3cdeff7f4..379710ff8 100755 --- a/scripts/recursion.pl +++ b/scripts/recursion.pl @@ -6,7 +6,7 @@ # When the recursion depth might depend on data controlled by the attacker in # an unbounded way, those functions should use iteration instead. # -# Typical usage: scripts/recursion.pl library/*.c +# Typical usage: framework/scripts/recursion.pl library/*.c # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later From ee3cbf56a1c5cb4812f4fbaef14e58cb9b7d5ef3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Jan 2025 06:25:34 +0100 Subject: [PATCH 31/31] doxygen.sh: use relative script's path to call apidoc_full.sh Signed-off-by: Valerio Setti --- scripts/doxygen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/doxygen.sh b/scripts/doxygen.sh index 07c08f673..8c37b20de 100755 --- a/scripts/doxygen.sh +++ b/scripts/doxygen.sh @@ -13,7 +13,7 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi -if ./framework/scripts/apidoc_full.sh > doc.out 2>doc.err; then :; else +if $(dirname "$0")/apidoc_full.sh > doc.out 2>doc.err; then :; else cat doc.err echo "FAIL" >&2 exit 1;